[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key exchange fails in ssh_connect using libssh 0.10.4


On Monday, 9 January 2023 21:08:08 CET Jijo Thomas wrote:
> Thank you Norbert Pócs.
> I could add the missing default algorithms in kex.c and proceed.

Why not just add it with ssh_options_set()?

ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "+diffie-hellman-group-
exchange-sha1,+diffie-hellman-group14-sha1");

> Regards,
> Jijo
> 
> On Mon, Jan 9, 2023 at 8:27 PM Norbert Pocs <npocs@xxxxxxxxxx> wrote:
> > Hi Thomas,
> > 
> > I see the server -
> > 
> >  no match for method kex algos: server
> >  [diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]> 
> > has only sha1 kex methods enabled, which are disabled by default in
> > version 0.10 of libssh. Try to enable
> > the needed kex methods in the configuration file or try to avoid using
> > sha1 if possible.
> > 
> > Hope this helps!
> > 
> > Regards
> > Norbert Pócs
> > 
> > On Mon, Jan 9, 2023 at 3:03 PM Jijo Thomas <jijo7thomas@xxxxxxxxx> wrote:
> >> Hey folks,
> >> 
> >> I'm trying to use a ssh_connect using a recently compiled libssh 0.10.4
> >> (using openssl 1.1.1k)
> >> But we ran into a key exchange error. Following is the log.
> >> 
> >> [2023/01/09 16:37:44.874356, 2] ssh_connect:  libssh 0.10.4 (c) 2003-2022
> >> Aris Adamantiadis, Andreas Schneider and libssh contributors.
> >> Distributed under the LGPL, please refer to COPYING file for information
> >> about your rights, using threading threads_winlock [2023/01/09
> >> 16:37:44.881334, 3] getai:  host x.x.x.x matches an IP address
> >> [2023/01/09 16:37:44.885324, 2] ssh_socket_connect:  Nonblocking
> >> connection socket: 512 [2023/01/09 16:37:44.887321, 2] ssh_connect: 
> >> Socket connecting, now waiting for the callbacks to work [2023/01/09
> >> 16:37:44.887903, 3] ssh_connect:  Actual timeout : 10000 [2023/01/09
> >> 16:37:45.139544, 3] ssh_socket_pollcallback:  Received POLLOUT in
> >> connecting state [2023/01/09 16:37:45.140542, 1]
> >> socket_callback_connected:  Socket connection callback: 1 (0)
> >> [2023/01/09 16:37:45.140542, 3] ssh_socket_unbuffered_write:  Enabling
> >> POLLOUT for socket [2023/01/09 16:37:45.376008, 3]
> >> callback_receive_banner:  Received banner: SSH-2.0-Cisco-1.25
> >> [2023/01/09 16:37:45.377005, 2] ssh_client_connection_callback:  SSH
> >> server banner: SSH-2.0-Cisco-1.25 [2023/01/09 16:37:45.377005, 2]
> >> ssh_analyze_banner:  Analyzing banner: SSH-2.0-Cisco-1.25 [2023/01/09
> >> 16:37:45.390968, 3] ssh_client_select_hostkeys:  Order of wanted host
> >> keys:
> >> "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
> >> ,rsa-sha2-512,rsa-sha2-256" [2023/01/09 16:37:45.391964, 1]
> >> ssh_known_hosts_read_entries:  Failed to open the known_hosts file
> >> 'C:\Users\xxxxx/.ssh/known_hosts': No such file or directory [2023/01/09
> >> 16:37:45.391964, 1] ssh_known_hosts_read_entries:  Failed to open the
> >> known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory
> >> [2023/01/09 16:37:45.391964, 3] ssh_client_select_hostkeys:  No key
> >> found in known_hosts; changing host key method to
> >> "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
> >> ,rsa-sha2-512,rsa-sha2-256" [2023/01/09 16:37:45.391964, 3]
> >> ssh_socket_unbuffered_write:  Enabling POLLOUT for socket [2023/01/09
> >> 16:37:45.391964, 3] packet_send2:  packet: wrote [type=20, len=852,
> >> padding_size=7, comp=844, payload=844] [2023/01/09 16:37:45.392965, 3]
> >> ssh_send_kex:  SSH_MSG_KEXINIT sent [2023/01/09 16:37:45.626340, 3]
> >> ssh_packet_socket_callback:  packet: read type 20
> >> [len=308,padding=4,comp=303,payload=303] [2023/01/09 16:37:45.627339, 3]
> >> ssh_packet_process:  Dispatching handler for packet type 20 [2023/01/09
> >> 16:37:45.627339, 1] ssh_kex_select_methods:  kex error : no match for
> >> method kex algos: server
> >> [diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1], client
> >> [curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-
> >> sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hel
> >> lman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-g
> >> roup14-sha256] [2023/01/09 16:37:45.627339, 3] ssh_connect:  current
> >> state : 9
> >> 
> >> 
> >> It is still working fine using libssh 0.9.4 dll
> >> 
> >> It could be something I missed while compiling the new library. I had
> >> created the solution using cmake, and compiled the ssh.dll using Visual
> >> Studio 2017. Any leads to solve the problem is appreciated.
> >> 
> >> 
> >> Regards,
> >> 
> >> Jijo


-- 
Andreas Schneider                 asn@xxxxxxxxxxxxxx
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D



Follow-Ups:
Re: key exchange fails in ssh_connect using libssh 0.10.4Norbert Pocs <npocs@xxxxxxxxxx>
References:
key exchange fails in ssh_connect using libssh 0.10.4Jijo Thomas <jijo7thomas@xxxxxxxxx>
Re: key exchange fails in ssh_connect using libssh 0.10.4Norbert Pocs <npocs@xxxxxxxxxx>
Re: key exchange fails in ssh_connect using libssh 0.10.4Jijo Thomas <jijo7thomas@xxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org