Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for key exchange algorithm diffie-hellman-group-exchange-sha256 #8488

Closed
cyberduck opened this issue Jan 14, 2015 · 9 comments
Closed
Assignees
Labels
enhancement fixed sftp SFTP Protocol Implementation
Milestone

Comments

@cyberduck
Copy link
Collaborator

cb22c3e created the issue

After latest Snowden leaks it seems that default OpenSSH settings are no longer acceptable for secure communication. See:
https://stribika.github.io/2015/01/04/secure-secure-shell.html

Having the following lines in sshd_config in server side prevents Cyberduck connecting with a error message:

Connection Failed

Unable to reach a settlement: [diffie-hellman-group14-sha1, diffie-hellman-group1-sha1] and [curve25519-sha256@libssh.org, diffie-hellman-group-exchange-sha256]. The connection attempt was rejected. The server may be down, or your network may not be properly configured

I get no entries to log drawer.

Sshd config on server side:

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

At least by the look of it, diffie-helman-group-exchange-sha256 and curve25519-sha256@libssh.org are enabled in these kex settings, so my guess is that the incompatibility is either due lack of appropriate ciphers or a bug in kex implementation.

I'm connecting to OpenSSH_6.6.1p1 Debian-4~bpo70+1, OpenSSL 1.0.1e 13

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Can you verify that the connection also fails using the latest snapshot build available.

@cyberduck
Copy link
Collaborator Author

cb22c3e commented

I checked with the latest Version 4.7 (16463) and it fails with the same error message.

For example my OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 that is integrated with OSX works without a hitch.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

The negotiation fails because we find no matching key exchange algorithm. We currently support diffie-hellman-group14-sha1 and diffie-hellman-group1-sha1.

@cyberduck
Copy link
Collaborator Author

a803c5d commented

my findings

Cyberduck does not provide HMAC and key-exchange algorithms yet, that are required to access SSH servers that have been configured following the mentioned blog entry.


-longer description*

My SSH server is hardened the same way. I checked with 4.7 and had no luck connecting.
First error was "no matching mac found"

no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-sha2-256,hmac-sha2-512 server hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com [preauth]

I re-enabled "hmac-sha2-512" in sshd settings /etc/ssh/sshd_config:

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512

Now sshd complains about not being able to agree upon a key exchange method

debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-ed25519 [preauth]
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr [preauth]
debug2: kex_parse_kexinit: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512 [preauth]
debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
debug2: kex_parse_kexinit: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256,ssh-rsa,ssh-dss [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,blowfish-cbc [preauth]
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-sha2-256,hmac-sha2-512 [preauth]
debug2: kex_parse_kexinit: zlib@openssh.com,zlib,none [preauth]
debug2: mac_setup: setup hmac-sha2-512 [preauth]
debug2: kex: client->server aes128-ctr hmac-sha2-512 zlib@openssh.com [preauth]
Unable to negotiate a key exchange method [preauth]

Cyberduck does not provide the hardened key exchange methods "curve25519-sha256@libssh.org" nor "diffie-hellman-group-exchange-sha256".
So if you want to connect to your SSH server, you need to use a less secure key exchange method. Fortunately Cyberduck's error dialog reveals possible algorithms. I choose "diffie-hellman-group14-sha1". So tweak your SSH settings in case you need to access your server with Cyberduck:

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

@cyberduck
Copy link
Collaborator Author

@dkocher commented

See also #8528.

@cyberduck
Copy link
Collaborator Author

2ca569e commented

Any updates on this issue?

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Referencing sshj12083.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Upstream fix.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

In 18434.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement fixed sftp SFTP Protocol Implementation
Projects
None yet
Development

No branches or pull requests

2 participants