Cyberduck Mountain Duck CLI

Opened 4 years ago

Closed 3 years ago

#8488 closed enhancement (fixed)

Support for key exchange algorithm diffie-hellman-group-exchange-sha256

Reported by: zepi Owned by: dkocher
Priority: normal Milestone: 4.8
Component: sftp Version: 4.6.1
Severity: normal Keywords: ssh, cipher, kex
Cc: lbort@…, andi@… Architecture: Intel
Platform: Mac OS X 10.10

Description (last modified by zepi)

After latest Snowden leaks it seems that default OpenSSH settings are no longer acceptable for secure communication. See: https://stribika.github.io/2015/01/04/secure-secure-shell.html

Having the following lines in sshd_config in server side prevents Cyberduck connecting with a error message:

Connection Failed 

Unable to reach a settlement: [diffie-hellman-group14-sha1, diffie-hellman-group1-sha1] and [curve25519-sha256@libssh.org, diffie-hellman-group-exchange-sha256]. The connection attempt was rejected. The server may be down, or your network may not be properly configured

I get no entries to log drawer.

Sshd config on server side: 

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

At least by the look of it, diffie-helman-group-exchange-sha256 and curve25519-sha256@… are enabled in these kex settings, so my guess is that the incompatibility is either due lack of appropriate ciphers or a bug in kex implementation.

I'm connecting to OpenSSH_6.6.1p1 Debian-4~bpo70+1, OpenSSL 1.0.1e 13

Change History (15)

comment:1 Changed 4 years ago by dkocher

Can you verify that the connection also fails using the latest snapshot build available.

comment:2 Changed 4 years ago by dkocher

  • Description modified (diff)

comment:3 Changed 4 years ago by zepi

  • Description modified (diff)

I checked with the latest Version 4.7 (16463) and it fails with the same error message.

For example my OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 that is integrated with OSX works without a hitch.

comment:4 Changed 4 years ago by dkocher

  • Milestone set to 4.7
  • Status changed from new to assigned

comment:5 Changed 4 years ago by dkocher

The negotiation fails because we find no matching key exchange algorithm. We currently support diffie-hellman-group14-sha1 and diffie-hellman-group1-sha1.

comment:6 Changed 4 years ago by dkocher

  • Summary changed from Connection failed to hardened SSH-server to No support for key exchange algorithm diffie-hellman-group-exchange-sha256
  • Type changed from defect to enhancement

comment:7 Changed 4 years ago by offenbach

my findings
Cyberduck does not provide HMAC and key-exchange algorithms yet, that are required to access SSH servers that have been configured following the mentioned blog entry.

longer description
My SSH server is hardened the same way. I checked with 4.7 and had no luck connecting. First error was "no matching mac found" 

no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-sha2-256,hmac-sha2-512 server hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com [preauth]

I re-enabled "hmac-sha2-512" in sshd settings /etc/ssh/sshd_config: 

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512

Now sshd complains about not being able to agree upon a key exchange method 

debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-ed25519 [preauth]
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr [preauth]
debug2: kex_parse_kexinit: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512 [preauth]
debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
debug2: kex_parse_kexinit: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256,ssh-rsa,ssh-dss [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,blowfish-cbc [preauth]
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-sha2-256,hmac-sha2-512 [preauth]
debug2: kex_parse_kexinit: zlib@openssh.com,zlib,none [preauth]
debug2: mac_setup: setup hmac-sha2-512 [preauth]
debug2: kex: client->server aes128-ctr hmac-sha2-512 zlib@openssh.com [preauth]
Unable to negotiate a key exchange method [preauth]

Cyberduck does not provide the hardened key exchange methods "curve25519-sha256@…" nor "diffie-hellman-group-exchange-sha256". So if you want to connect to your SSH server, you need to use a less secure key exchange method. Fortunately Cyberduck's error dialog reveals possible algorithms. I choose "diffie-hellman-group14-sha1". So tweak your SSH settings in case you need to access your server with Cyberduck: 

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

comment:8 Changed 4 years ago by dkocher

  • Summary changed from No support for key exchange algorithm diffie-hellman-group-exchange-sha256 to Support for key exchange algorithm diffie-hellman-group-exchange-sha256

comment:9 Changed 4 years ago by dkocher

See also #8528.

comment:10 Changed 4 years ago by lbort

  • Cc lbort@… added

comment:11 Changed 4 years ago by dkocher

  • Milestone 4.7 deleted

comment:12 Changed 3 years ago by andreas hubel

  • Cc andi@… added

Any updates on this issue?

comment:13 Changed 3 years ago by dkocher

Referencing sshj#167.

comment:14 Changed 3 years ago by dkocher

Upstream fix.

comment:15 Changed 3 years ago by dkocher

  • Milestone set to 4.8
  • Resolution set to fixed
  • Status changed from assigned to closed

In r18434.

Note: See TracTickets for help on using tickets.
swiss made software