Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Thanks.
martin

Thanks! Do you have a link to the commit? (I'm not familiar with their repository)
Guest

Hi Martin,

just a quick note concerning the status of OpenSSH: Debian unstable and LEDE have version 7.6p1, for Debian stretch a fix was committed to the distro git repository.

Kind regards
Harald
Guest

Sorry was on holiday. Ok then thanks for your help with this issue :-)
martin

Np, it's good that you brought it up.

No need to close anything here.
Guest

I will close the issue as soon as 7.6 hits the world, is this ok for you?
Guest

Ups sorry for pestering you about this matter then – seems there is already a reply from OpenSSH (and sorry for making your work harder then necessary) (and thanks for the very good program)
martin

@Guest: Sorry, I've missed this message. Will test it in few days.
Guest

Sorry had to do a transfer to a Windows host – reconfiguration done
martin

The server was probably reconfigured meanwhile, as it now offers curve25519-sha256@libssh.org.

So I cannot test the problem anymore.

Few days ago:
. Couldn't agree a key exchange algorithm (available: curve25519-sha256)

Today:
. Asking user:
. The first key-exchange algorithm supported by the server is curve25519-sha256@libssh.org, which is below the configured warning threshold.
.
. Do you want to continue with this connection? ()
. Doing ECDH key exchange with curve Curve25519 and hash SHA-256
Guest

Please try with with the following settings:
Kex: Diffie-Hellman Group Exchange
Host Keys: RSA
Cipher: ChaCha20

Using AES as the Cipher gives me this error too. If this configuration is not covered by the protocol specifications then please tell me but then PuTTY doesn't follow them either...
martin

193.200.160.125 – gives the same issue, although different OS. PuTTY uses DH while WinSCP bails out.

With latest PuTTY 0.70, I get

Couldn't agree a client-to-server MAC (available: hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com)

.
Guest

same problem with a machine with OpenSSH_7.4p1
Guest

Of course, WinSCP does Diffie-Hellman key exchange. Try to connect to our server (winscp.net):

Ok my fault – it says "KEX: dh-gex-sha1", so I thought it's just SHA1

. 2017-07-12 12:43:24.779 Server version: SSH-2.0-OpenSSH_5.3

Server version is very different, I think this is the cause...

Can you provide me an IP address of your server (even privately)? Or any test server with the same configuration.

193.200.160.125 – gives the same issue, although different OS. PuTTY uses DH while WinSCP bails out.

Can you do Wireshark capture of both PuTTY and WinSCP connections?

Well this may take a little bit currently I'm little bit busy
martin

Seems like:

  1. WinSCP in contrast to PuTTY (https://git.tartarus.org/?p=simon/putty.git;a=blob;f=sshdh.c;h=f254bc1de7c3a255f03c53ced7bc9fb5acb31b0c;hb=HEAD#l98) doesn't do Diffie-Hellman key exchange with hash SHA-256
  2. WinSCP doesn't do Diffie-Hellman key exchange with hash SHA-1 even if configured to do so


Of course, WinSCP does Diffie-Hellman key exchange. Try to connect to our server (winscp.net):
. 2017-07-12 12:43:24.662 Looking up host "winscp.net" for SSH connection

. 2017-07-12 12:43:24.664 Connecting to 87.106.181.237 port 22
. 2017-07-12 12:43:24.689 We claim version: SSH-2.0-WinSCP_release_5.10.2
. 2017-07-12 12:43:24.779 Server version: SSH-2.0-OpenSSH_5.3
. 2017-07-12 12:43:24.780 Using SSH protocol version 2
. 2017-07-12 12:43:24.780 Have a known host key of type rsa2
. 2017-07-12 12:43:24.812 Doing Diffie-Hellman group exchange
. 2017-07-12 12:43:24.843 Doing Diffie-Hellman key exchange with hash SHA-256

Can you provide me an IP address of your server (even privately)? Or any test server with the same configuration.

Can you do Wireshark capture of both PuTTY and WinSCP connections?
none

Dear Martin Prikryl,

first sorry for not debugging this matter before but I lacked the time, I hope the logs and config snippets help a bit – seems like:

  1. WinSCP in contrast to PuTTY (https://git.tartarus.org/?p=simon/putty.git;a=blob;f=sshdh.c;h=f254bc1de7c3a255f03c53ced7bc9fb5acb31b0c;hb=HEAD#l98) doesn't do Diffie-Hellman key exchange with hash SHA-256
  2. WinSCP doesn't do Diffie-Hellman key exchange with hash SHA-1 even if configured to do so

Config from openssh-server:
KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256

Config from PuTTY:
Kex -> Diffie-Hellman group xchange, ECDH key exchange

Log from PuTTY:
2017-07-09 11:41:27   Connecting to x.x.x.x port 22

2017-07-09 11:41:27   We claim version: SSH-2.0-PuTTY_Release_0.70
2017-07-09 11:41:27   Server version: SSH-2.0-OpenSSH_7.5
2017-07-09 11:41:27   Using SSH protocol version 2
2017-07-09 11:41:27   Doing Diffie-Hellman group exchange
2017-07-09 11:41:30   Doing Diffie-Hellman key exchange with hash SHA-256
2017-07-09 11:41:34   Server also has ssh-ed25519 host key, but we don't know it
2017-07-09 11:41:34   Host key fingerprint is:
2017-07-09 11:41:34   ssh-rsa 2048 4b:68:6a:7e:d2:2d:2a:26:d1:cb:66:c4:67:bf:5d:08
2017-07-09 11:41:34   Initialised ChaCha20 client->server encryption
2017-07-09 11:41:34   Initialised Poly1305 client->server MAC algorithm (in ETM mode) (required by cipher)
2017-07-09 11:41:34   Initialised ChaCha20 server->client encryption
2017-07-09 11:41:34   Initialised Poly1305 server->client MAC algorithm (in ETM mode) (required by cipher)

Config from WinSCP:
Key exchange -> Diffie-Hellman group xchange, ECDH key exchange

Log from WinSCP:
. 2017-07-09 11:46:22.815 --------------------------------------------------------------------------
. 2017-07-09 11:46:22.816 WinSCP Version 5.10.2 beta (Build 7621) (OS x.x.x - Windows x x)
. 2017-07-09 11:46:22.816 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2017-07-09 11:46:22.816 Log level: Debug 2
. 2017-07-09 11:46:22.816 Local account: x\x
. 2017-07-09 11:46:22.816 Working directory: C:\Program Files (x86)\WinSCP
. 2017-07-09 11:46:22.816 Process ID: 7576
. 2017-07-09 11:46:22.817 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe"
. 2017-07-09 11:46:22.817 Time zone: Current: GMT+2, Standard: GMT+1 (Mitteleuropäische Zeit), DST: GMT+2 (Mitteleuropäische Sommerzeit), DST Start: 26.03.2017, DST End: 29.10.2017
. 2017-07-09 11:46:22.818 Login time: Sonntag, 9. Juli 2017 11:46:22
. 2017-07-09 11:46:22.818 --------------------------------------------------------------------------
. 2017-07-09 11:46:22.818 Session name: root@x.x.x.x (Ad-Hoc site)
. 2017-07-09 11:46:22.818 Host name: x.x.x.x (Port: 22)
. 2017-07-09 11:46:22.818 User name: root (Password: Yes, Key file: No, Passphrase: No)
. 2017-07-09 11:46:22.818 Tunnel: No
. 2017-07-09 11:46:22.818 Transfer Protocol: SCP
. 2017-07-09 11:46:22.818 Ping type: Dummy, Ping interval: 30 sec; Timeout: 15 sec
. 2017-07-09 11:46:22.818 Disable Nagle: No
. 2017-07-09 11:46:22.818 Proxy: None
. 2017-07-09 11:46:22.818 Send buffer: 262144
. 2017-07-09 11:46:22.818 SSH protocol version: 2; Compression: No
. 2017-07-09 11:46:22.818 Bypass authentication: No
. 2017-07-09 11:46:22.818 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: Yes
. 2017-07-09 11:46:22.818 GSSAPI: Forwarding: No
. 2017-07-09 11:46:22.818 Ciphers: chacha20,aes,WARN,3des,blowfish,arcfour,des; Ssh2DES: No
. 2017-07-09 11:46:22.819 KEX: dh-gex-sha1,ecdh,WARN,dh-group1-sha1,dh-group14-sha1,rsa
. 2017-07-09 11:46:22.819 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
. 2017-07-09 11:46:22.819 Simple channel: Yes
. 2017-07-09 11:46:22.819 Return code variable: Autodetect; Lookup user groups: Auto
. 2017-07-09 11:46:22.819 Shell: default
. 2017-07-09 11:46:22.819 EOL: LF, UTF: Auto
. 2017-07-09 11:46:22.819 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes; Follow directory symlinks: Yes
. 2017-07-09 11:46:22.819 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2017-07-09 11:46:22.819 Local directory: default, Remote directory: home, Update: Yes, Cache: No
. 2017-07-09 11:46:22.819 Cache directory changes: No, Permanent: No
. 2017-07-09 11:46:22.819 Recycle bin: Delete to: No, Overwritten to: No, Bin path:
. 2017-07-09 11:46:22.819 DST mode: Unix;Timezone offset: 0h 0m
. 2017-07-09 11:46:22.819 --------------------------------------------------------------------------
. 2017-07-09 11:46:22.875 Looking up host "x.x.x.x" for SSH connection
. 2017-07-09 11:46:22.875 Connecting to x.x.x.x port 22
. 2017-07-09 11:46:22.877 Selecting events 63 for socket 7516
. 2017-07-09 11:46:22.877 We claim version: SSH-2.0-WinSCP_release_5.10.2
. 2017-07-09 11:46:22.898 Waiting for the server to continue with the initialization
. 2017-07-09 11:46:22.898 Looking for incoming data
. 2017-07-09 11:46:22.898 Looking for network events
. 2017-07-09 11:46:22.898 Detected network event
. 2017-07-09 11:46:22.898 Enumerating network events for socket 7516
. 2017-07-09 11:46:22.898 Enumerated 18 network events making 18 cumulative events for socket 7516
. 2017-07-09 11:46:22.898 Handling network write event on socket 7516 with error 0
. 2017-07-09 11:46:22.898 Handling network connect event on socket 7516 with error 0
. 2017-07-09 11:46:22.898 Looking for network events
. 2017-07-09 11:46:22.906 Detected network event
. 2017-07-09 11:46:22.906 Enumerating network events for socket 7516
. 2017-07-09 11:46:22.906 Enumerated 1 network events making 1 cumulative events for socket 7516
. 2017-07-09 11:46:22.906 Handling network read event on socket 7516 with error 0
. 2017-07-09 11:46:22.906 Server version: SSH-2.0-OpenSSH_7.5
. 2017-07-09 11:46:22.906 We believe remote version has SSH-2 channel request bug
. 2017-07-09 11:46:22.906 Using SSH protocol version 2
. 2017-07-09 11:46:22.907 Have a known host key of type rsa2
. 2017-07-09 11:46:22.907 Waiting for the server to continue with the initialization
. 2017-07-09 11:46:22.907 Looking for incoming data
. 2017-07-09 11:46:22.907 Looking for network events
. 2017-07-09 11:46:22.909 Detected network event
. 2017-07-09 11:46:22.909 Enumerating network events for socket 7516
. 2017-07-09 11:46:22.909 Enumerated 1 network events making 1 cumulative events for socket 7516
. 2017-07-09 11:46:22.909 Handling network read event on socket 7516 with error 0
. 2017-07-09 11:46:22.909 Selecting events 0 for socket 7516
. 2017-07-09 11:46:22.909 Couldn't agree a key exchange algorithm (available: curve25519-sha256)
* 2017-07-09 11:46:22.951 (EFatal) Couldn't agree a key exchange algorithm (available: curve25519-sha256)

Tried to remove private information from the log - btw. PuTTY version 0.70 is out.
Hope I could help you to debug this issue - if you need more information please contact me.

Kind regards
Harald Jenny
martin

Re: curve25519-sha256 vs curve25519-sha256@libssh.org

Please post comparable WinSCP session log file and PuTTY event log.
Guest

Re: curve25519-sha256 vs curve25519-sha256@libssh.org

@martin: Good point seems PuTTY is doing a diffie-hellman-group-exchange-sha256 which WinSCP doesn't even try although both are configured to first try DH and then use ECDH – why?