The truth of a proposition has nothing to do with its credibility. And vice versa.

devel / comp.security.ssh / Re: Ubuntu 18.04 -> Ubuntu 20.04 broke libssh2 client

Ubuntu 18.04 -> Ubuntu 20.04 broke libssh2 client

comp.security.ssh

X-Received: by 2002:ac8:5c8a:0:b0:2dd:fe54:3d0c with SMTP id r10-20020ac85c8a000000b002ddfe543d0cmr6873550qta.307.1645797138155;
Fri, 25 Feb 2022 05:52:18 -0800 (PST)
X-Received: by 2002:a05:6870:414e:b0:d2:ac1a:e3ed with SMTP id
r14-20020a056870414e00b000d2ac1ae3edmr1246564oad.77.1645797137842; Fri, 25
Feb 2022 05:52:17 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Fri, 25 Feb 2022 05:52:17 -0800 (PST)
Injection-Info: google-groups.googlegroups.com; posting-host=67.52.208.138; posting-account=2ul86woAAACNpzzvDon9nLh3WSnxo7ud
NNTP-Posting-Host: 67.52.208.138
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <9c8b5d29-f79c-444b-bab0-bf35147ebe0dn@googlegroups.com>
Subject: Ubuntu 18.04 -> Ubuntu 20.04 broke libssh2 client
From: mgf...@gmail.com (Matthew Fleming)
Injection-Date: Fri, 25 Feb 2022 13:52:18 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 57
Xref: rslight2 comp.security.ssh:279

by: Matthew Fleming - Fri, 25 Feb 2022 13:52 UTC

I've also posted to the libssh2-devel group about this, but no answer so far.

I have a Windows-based client application using libssh2 that was working fine until I moved to a new server running Ubuntu 20.04 LTS, from one running Ubuntu 18.04 LTS. Now libssh2_session_handshake() on the client fails with result code LIBSSH2_ERROR_KEX_FAILURE and libssh2_session_last_error() reports "Unable to exchange keys". Auth.log on the server reports:

sshd[21850]: Unable to negotiate with 104.48.39.9 port 57156: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]

This seems odd for a few reasons. I rebuilt the client app with the latest version of libssh2, and this is supposed to also support diffie-hellman-group-exchange-sha256, but that wasn't offered. Also the version of openssh on the Ubuntu server supposedly supports the key exchange methods that were offered but apparently rejected.

ssh -Q kex on the server reports this:
ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
sntrup4591761x25519-sha512@tinyssh.org

I tried adding
KexAlgorithms +diffie-hellman-group1-sha
to /etc/ssh_config (and then restarting ssh and sshd) but it made no difference.

I can ssh and sftp to the server using various clients without any problem. The issue is only with trying to sftp using libssh2.

I rebuilt my Windows client app against the latest version of libssh2, but no difference. (I built libssh2 using vckpkg install libssh2.) I also tried building a different way, to link against the WinCNG, as in https://jpassing.com/2021/02/29/2021-03-29-building-libssh2-on-windows-lessons-learnt/ but no different.

I've spent many hours on this and would really appreciate some help. At this point it seems like my only option is to rebuild the app using another library (libssh perhaps), and I'd really like to avoid that.

Thanks very much in advance.

Matthew Fleming, MD
Fleming Dermatopathology
Milwaukee, WI

Re: Ubuntu 18.04 -> Ubuntu 20.04 broke libssh2 client

comp.security.ssh

X-Received: by 2002:a05:622a:243:b0:31a:1a19:7b2d with SMTP id c3-20020a05622a024300b0031a1a197b2dmr5374844qtx.564.1657323844715;
Fri, 08 Jul 2022 16:44:04 -0700 (PDT)
X-Received: by 2002:a05:6870:538e:b0:10b:d233:b5b4 with SMTP id
h14-20020a056870538e00b0010bd233b5b4mr1325354oan.227.1657323844354; Fri, 08
Jul 2022 16:44:04 -0700 (PDT)
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!feed1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Fri, 8 Jul 2022 16:44:04 -0700 (PDT)
In-Reply-To: <9c8b5d29-f79c-444b-bab0-bf35147ebe0dn@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=206.116.213.35; posting-account=YAMkZQkAAABUr4c0v_ghr7aVCJK7f858
NNTP-Posting-Host: 206.116.213.35
References: <9c8b5d29-f79c-444b-bab0-bf35147ebe0dn@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <e1444b24-7aac-4064-9743-3ca41f7c6b1fn@googlegroups.com>
Subject: Re: Ubuntu 18.04 -> Ubuntu 20.04 broke libssh2 client
From: jamesx...@gmail.com (James Tan)
Injection-Date: Fri, 08 Jul 2022 23:44:04 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 4079
Xref: rslight2 comp.security.ssh:286

by: James Tan - Fri, 8 Jul 2022 23:44 UTC

On Friday, February 25, 2022 at 5:52:19 AM UTC-8, mgf...@gmail.com wrote:
> I've also posted to the libssh2-devel group about this, but no answer so far.
>
> I have a Windows-based client application using libssh2 that was working fine until I moved to a new server running Ubuntu 20.04 LTS, from one running Ubuntu 18.04 LTS. Now libssh2_session_handshake() on the client fails with result code LIBSSH2_ERROR_KEX_FAILURE and libssh2_session_last_error() reports "Unable to exchange keys". Auth.log on the server reports:
>
> sshd[21850]: Unable to negotiate with 104.48.39.9 port 57156: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
>
> This seems odd for a few reasons. I rebuilt the client app with the latest version of libssh2, and this is supposed to also support diffie-hellman-group-exchange-sha256, but that wasn't offered. Also the version of openssh on the Ubuntu server supposedly supports the key exchange methods that were offered but apparently rejected.
>
> ssh -Q kex on the server reports this:
> ssh -Q kex
> diffie-hellman-group1-sha1
> diffie-hellman-group14-sha1
> diffie-hellman-group14-sha256
> diffie-hellman-group16-sha512
> diffie-hellman-group18-sha512
> diffie-hellman-group-exchange-sha1
> diffie-hellman-group-exchange-sha256
> ecdh-sha2-nistp256
> ecdh-sha2-nistp384
> ecdh-sha2-nistp521
> curve25519-sha256
> curve255...@libssh.org
> sntrup4591761...@tinyssh.org
>
> I tried adding
> KexAlgorithms +diffie-hellman-group1-sha
> to /etc/ssh_config (and then restarting ssh and sshd) but it made no difference.
>
> I can ssh and sftp to the server using various clients without any problem. The issue is only with trying to sftp using libssh2.
>
> I rebuilt my Windows client app against the latest version of libssh2, but no difference. (I built libssh2 using vckpkg install libssh2.) I also tried building a different way, to link against the WinCNG, as in https://jpassing.com/2021/02/29/2021-03-29-building-libssh2-on-windows-lessons-learnt/ but no different.
>
> I've spent many hours on this and would really appreciate some help. At this point it seems like my only option is to rebuild the app using another library (libssh perhaps), and I'd really like to avoid that.
>
> Thanks very much in advance.
>
> Matthew Fleming, MD
> Fleming Dermatopathology
> Milwaukee, WI

You probably have this figured out already, in case not,

Check /var/log/auth.log, if you see "userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]" then take a look at this https://access.redhat.com/discussions/5251241

james

Subject	Author
Ubuntu 18.04 -> Ubuntu 20.04 broke libssh2 client	Matthew Fleming
Re: Ubuntu 18.04 -> Ubuntu 20.04 broke libssh2 client	James Tan