Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

The first version always gets thrown away.


computers / comp.security.ssh / Ubuntu 18.04 -> Ubuntu 20.04 broke libssh2 client

SubjectAuthor
o Ubuntu 18.04 -> Ubuntu 20.04 broke libssh2 clientMatthew Fleming

1
Subject: Ubuntu 18.04 -> Ubuntu 20.04 broke libssh2 client
From: Matthew Fleming
Newsgroups: comp.security.ssh
Date: Fri, 25 Feb 2022 13:52 UTC
X-Received: by 2002:ac8:5c8a:0:b0:2dd:fe54:3d0c with SMTP id r10-20020ac85c8a000000b002ddfe543d0cmr6873550qta.307.1645797138155;
Fri, 25 Feb 2022 05:52:18 -0800 (PST)
X-Received: by 2002:a05:6870:414e:b0:d2:ac1a:e3ed with SMTP id
r14-20020a056870414e00b000d2ac1ae3edmr1246564oad.77.1645797137842; Fri, 25
Feb 2022 05:52:17 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Fri, 25 Feb 2022 05:52:17 -0800 (PST)
Injection-Info: google-groups.googlegroups.com; posting-host=67.52.208.138; posting-account=2ul86woAAACNpzzvDon9nLh3WSnxo7ud
NNTP-Posting-Host: 67.52.208.138
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <9c8b5d29-f79c-444b-bab0-bf35147ebe0dn@googlegroups.com>
Subject: Ubuntu 18.04 -> Ubuntu 20.04 broke libssh2 client
From: mgf...@gmail.com (Matthew Fleming)
Injection-Date: Fri, 25 Feb 2022 13:52:18 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 57
View all headers
I've also posted to the libssh2-devel group about this, but no answer so far.

I have a Windows-based client application using libssh2 that was working fine until I moved to a new server running Ubuntu 20.04 LTS, from one running Ubuntu 18.04 LTS. Now libssh2_session_handshake() on the client fails with result code LIBSSH2_ERROR_KEX_FAILURE and libssh2_session_last_error() reports "Unable to exchange keys".  Auth.log on the server reports:

sshd[21850]: Unable to negotiate with 104.48.39.9 port 57156: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]

This seems odd for a few reasons. I rebuilt the client app with the latest version of libssh2, and this is supposed to also support diffie-hellman-group-exchange-sha256, but that wasn't offered. Also the version of openssh on the Ubuntu server supposedly supports the key exchange methods that were offered but apparently rejected.

ssh -Q kex on the server reports this:
ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
sntrup4591761x25519-sha512@tinyssh.org

I tried adding
KexAlgorithms +diffie-hellman-group1-sha
to /etc/ssh_config (and then restarting ssh and sshd) but it made no difference.

I can ssh and sftp to the server using various clients without any problem. The issue is only with trying to sftp using libssh2.

I rebuilt my Windows client app against the latest version of libssh2, but no difference. (I built libssh2 using vckpkg install libssh2.) I also tried building a different way, to link against the WinCNG, as in https://jpassing.com/2021/02/29/2021-03-29-building-libssh2-on-windows-lessons-learnt/ but no different.

I've spent many hours on this and would really appreciate some help. At this point it seems like my only option is to rebuild the app using another library (libssh perhaps), and I'd really like to avoid that.

Thanks very much in advance.

Matthew Fleming, MD
Fleming Dermatopathology
Milwaukee, WI


1
rocksolid light 0.7.2
clearneti2ptor