curve25519-sha256 vs curve25519-sha256@libssh.org

Advertisement

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,096
Location:
Prague, Czechia

Re: curve25519-sha256 vs curve25519-sha256@libssh.org

Please post comparable WinSCP session log file and PuTTY event log.

Reply with quote

none
Guest

Dear Martin Prikryl,

first sorry for not debugging this matter before but I lacked the time, I hope the logs and config snippets help a bit - seems like:

1. WinSCP in contrast to PuTTY (https://git.tartarus.org/?p=simon/putty.git;a=blob;f=sshdh.c;h=f254bc1de7c3a255f03c53ced7bc9fb5acb31b0c;hb=HEAD#l98) doesn't do Diffie-Hellman key exchange with hash SHA-256
2. WinSCP doesn't do Diffie-Hellman key exchange with hash SHA-1 even if configured to do so


config from openssh-server:

KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256


config from putty:

Kex -> Diffie-Hellman group xchange, ECDH key exchange


log from putty:

2017-07-09 11:41:27 Connecting to x.x.x.x port 22
2017-07-09 11:41:27 We claim version: SSH-2.0-PuTTY_Release_0.70
2017-07-09 11:41:27 Server version: SSH-2.0-OpenSSH_7.5
2017-07-09 11:41:27 Using SSH protocol version 2
2017-07-09 11:41:27 Doing Diffie-Hellman group exchange
2017-07-09 11:41:30 Doing Diffie-Hellman key exchange with hash SHA-256
2017-07-09 11:41:34 Server also has ssh-ed25519 host key, but we don't know it
2017-07-09 11:41:34 Host key fingerprint is:
2017-07-09 11:41:34 ssh-rsa 2048 4b:68:6a:7e:d2:2d:2a:26:d1:cb:66:c4:67:bf:5d:08
2017-07-09 11:41:34 Initialised ChaCha20 client->server encryption
2017-07-09 11:41:34 Initialised Poly1305 client->server MAC algorithm (in ETM mode) (required by cipher)
2017-07-09 11:41:34 Initialised ChaCha20 server->client encryption
2017-07-09 11:41:34 Initialised Poly1305 server->client MAC algorithm (in ETM mode) (required by cipher)


config from winscp:

Key exchange -> Diffie-Hellman group xchange, ECDH key exchange


log from winscp:

. 2017-07-09 11:46:22.815 --------------------------------------------------------------------------
. 2017-07-09 11:46:22.816 WinSCP Version 5.10.2 beta (Build 7621) (OS x.x.x - Windows x x)
. 2017-07-09 11:46:22.816 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2017-07-09 11:46:22.816 Log level: Debug 2
. 2017-07-09 11:46:22.816 Local account: x\x
. 2017-07-09 11:46:22.816 Working directory: C:\Program Files (x86)\WinSCP
. 2017-07-09 11:46:22.816 Process ID: 7576
. 2017-07-09 11:46:22.817 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe"
. 2017-07-09 11:46:22.817 Time zone: Current: GMT+2, Standard: GMT+1 (Mitteleuropäische Zeit), DST: GMT+2 (Mitteleuropäische Sommerzeit), DST Start: 26.03.2017, DST End: 29.10.2017
. 2017-07-09 11:46:22.818 Login time: Sonntag, 9. Juli 2017 11:46:22
. 2017-07-09 11:46:22.818 --------------------------------------------------------------------------
. 2017-07-09 11:46:22.818 Session name: root@x.x.x.x (Ad-Hoc site)
. 2017-07-09 11:46:22.818 Host name: x.x.x.x (Port: 22)
. 2017-07-09 11:46:22.818 User name: root (Password: Yes, Key file: No, Passphrase: No)
. 2017-07-09 11:46:22.818 Tunnel: No
. 2017-07-09 11:46:22.818 Transfer Protocol: SCP
. 2017-07-09 11:46:22.818 Ping type: Dummy, Ping interval: 30 sec; Timeout: 15 sec
. 2017-07-09 11:46:22.818 Disable Nagle: No
. 2017-07-09 11:46:22.818 Proxy: None
. 2017-07-09 11:46:22.818 Send buffer: 262144
. 2017-07-09 11:46:22.818 SSH protocol version: 2; Compression: No
. 2017-07-09 11:46:22.818 Bypass authentication: No
. 2017-07-09 11:46:22.818 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: Yes
. 2017-07-09 11:46:22.818 GSSAPI: Forwarding: No
. 2017-07-09 11:46:22.818 Ciphers: chacha20,aes,WARN,3des,blowfish,arcfour,des; Ssh2DES: No
. 2017-07-09 11:46:22.819 KEX: dh-gex-sha1,ecdh,WARN,dh-group1-sha1,dh-group14-sha1,rsa
. 2017-07-09 11:46:22.819 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
. 2017-07-09 11:46:22.819 Simple channel: Yes
. 2017-07-09 11:46:22.819 Return code variable: Autodetect; Lookup user groups: Auto
. 2017-07-09 11:46:22.819 Shell: default
. 2017-07-09 11:46:22.819 EOL: LF, UTF: Auto
. 2017-07-09 11:46:22.819 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes; Follow directory symlinks: Yes
. 2017-07-09 11:46:22.819 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2017-07-09 11:46:22.819 Local directory: default, Remote directory: home, Update: Yes, Cache: No
. 2017-07-09 11:46:22.819 Cache directory changes: No, Permanent: No
. 2017-07-09 11:46:22.819 Recycle bin: Delete to: No, Overwritten to: No, Bin path:
. 2017-07-09 11:46:22.819 DST mode: Unix;Timezone offset: 0h 0m
. 2017-07-09 11:46:22.819 --------------------------------------------------------------------------
. 2017-07-09 11:46:22.875 Looking up host "x.x.x.x" for SSH connection
. 2017-07-09 11:46:22.875 Connecting to x.x.x.x port 22
. 2017-07-09 11:46:22.877 Selecting events 63 for socket 7516
. 2017-07-09 11:46:22.877 We claim version: SSH-2.0-WinSCP_release_5.10.2
. 2017-07-09 11:46:22.898 Waiting for the server to continue with the initialization
. 2017-07-09 11:46:22.898 Looking for incoming data
. 2017-07-09 11:46:22.898 Looking for network events
. 2017-07-09 11:46:22.898 Detected network event
. 2017-07-09 11:46:22.898 Enumerating network events for socket 7516
. 2017-07-09 11:46:22.898 Enumerated 18 network events making 18 cumulative events for socket 7516
. 2017-07-09 11:46:22.898 Handling network write event on socket 7516 with error 0
. 2017-07-09 11:46:22.898 Handling network connect event on socket 7516 with error 0
. 2017-07-09 11:46:22.898 Looking for network events
. 2017-07-09 11:46:22.906 Detected network event
. 2017-07-09 11:46:22.906 Enumerating network events for socket 7516
. 2017-07-09 11:46:22.906 Enumerated 1 network events making 1 cumulative events for socket 7516
. 2017-07-09 11:46:22.906 Handling network read event on socket 7516 with error 0
. 2017-07-09 11:46:22.906 Server version: SSH-2.0-OpenSSH_7.5
. 2017-07-09 11:46:22.906 We believe remote version has SSH-2 channel request bug
. 2017-07-09 11:46:22.906 Using SSH protocol version 2
. 2017-07-09 11:46:22.907 Have a known host key of type rsa2
. 2017-07-09 11:46:22.907 Waiting for the server to continue with the initialization
. 2017-07-09 11:46:22.907 Looking for incoming data
. 2017-07-09 11:46:22.907 Looking for network events
. 2017-07-09 11:46:22.909 Detected network event
. 2017-07-09 11:46:22.909 Enumerating network events for socket 7516
. 2017-07-09 11:46:22.909 Enumerated 1 network events making 1 cumulative events for socket 7516
. 2017-07-09 11:46:22.909 Handling network read event on socket 7516 with error 0
. 2017-07-09 11:46:22.909 Selecting events 0 for socket 7516
. 2017-07-09 11:46:22.909 Couldn't agree a key exchange algorithm (available: curve25519-sha256)
* 2017-07-09 11:46:22.951 (EFatal) Couldn't agree a key exchange algorithm (available: curve25519-sha256)


Tried to remove private information from the log - btw. PuTTY version 0.70 is out.
Hope I could help you to debug this issue - if you need more information please contact me.

Kind regards
Harald Jenny

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,096
Location:
Prague, Czechia

none wrote:

seems like:

1. WinSCP in contrast to PuTTY (https://git.tartarus.org/?p=simon/putty.git;a=blob;f=sshdh.c;h=f254bc1de7c3a255f03c53ced7bc9fb5acb31b0c;hb=HEAD#l98) doesn't do Diffie-Hellman key exchange with hash SHA-256
2. WinSCP doesn't do Diffie-Hellman key exchange with hash SHA-1 even if configured to do so

Of course, WinSCP does Diffie-Hellman key exchange. Try to connect to our server (winscp.net):

. 2017-07-12 12:43:24.662 Looking up host "winscp.net" for SSH connection
. 2017-07-12 12:43:24.664 Connecting to 87.106.181.237 port 22
. 2017-07-12 12:43:24.689 We claim version: SSH-2.0-WinSCP_release_5.10.2
. 2017-07-12 12:43:24.779 Server version: SSH-2.0-OpenSSH_5.3
. 2017-07-12 12:43:24.780 Using SSH protocol version 2
. 2017-07-12 12:43:24.780 Have a known host key of type rsa2
. 2017-07-12 12:43:24.812 Doing Diffie-Hellman group exchange
. 2017-07-12 12:43:24.843 Doing Diffie-Hellman key exchange with hash SHA-256

Can you provide me an IP address of your server (even privately)? Or any test server with the same configuration.

Can you do Wireshark capture of both PuTTY and WinSCP connections?

Reply with quote

Guest

> Of course, WinSCP does Diffie-Hellman key exchange. Try to connect to our server (winscp.net):

Ok my fault - it says:

KEX: dh-gex-sha1 so I thought it's just SHA1

> . 2017-07-12 12:43:24.779 Server version: SSH-2.0-OpenSSH_5.3

Server version is very different, I think this is the cause...

> Can you provide me an IP address of your server (even privately)? Or any test server with the same configuration.

193.200.160.125 - gives the same issue, although different OS. PuTTY uses DH while WinSCP bails out.

> Can you do Wireshark capture of both PuTTY and WinSCP connections?

Well this may take a little bit currently I'm little bit busy

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,096
Location:
Prague, Czechia

193.200.160.125 - gives the same issue, although different OS. PuTTY uses DH while WinSCP bails out.
With latest PuTTY 0.70, I get

Couldn't agree a client-to-server MAC (available: hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com)
.

Reply with quote

Advertisement

Guest

martin wrote:

193.200.160.125 - gives the same issue, although different OS. PuTTY uses DH while WinSCP bails out.
With latest PuTTY 0.70, I get

Couldn't agree a client-to-server MAC (available: hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com)
.

Please try with with the following settings:

Kex: Diffie-Hellman Group Exchange
Host Keys: RSA
Cipher: ChaCha20

Using AES as the Cipher gives me this error too. If this configuration is not convered by the protocol specifications then please tell me but then PuTTY doesn't follow them either...

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,096
Location:
Prague, Czechia

Anonymous wrote:

Please try with with the following settings:

Kex: Diffie-Hellman Group Exchange
Host Keys: RSA
Cipher: ChaCha20

Using AES as the Cipher gives me this error too. If this configuration is not convered by the protocol specifications then please tell me but then PuTTY doesn't follow them either...
Ok. I'll get back to this in about a week.
_________________
Martin Prikryl

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,096
Location:
Prague, Czechia

The server was probably reconfigured meanwhile, as it now offers curve25519-sha256@libssh.org.

So I cannot test the problem anymore.

Few days ago:

. Couldn't agree a key exchange algorithm (available: curve25519-sha256)

Today:

. Asking user:
. The first key-exchange algorithm supported by the server is curve25519-sha256@libssh.org, which is below the configured warning threshold.
.
. Do you want to continue with this connection? ()
. Doing ECDH key exchange with curve Curve25519 and hash SHA-256

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,096
Location:
Prague, Czechia

Anonymous wrote:

Sorry had to do a transfer to a Windows host - reconfiguration done
Sorry, I've missed this message. Will test it in few days.

Reply with quote

Guest

Ups sorry for pestering you about this matter then - seems there is already a reply from openssh (and sorry for making your work harder then necessary) (and thanks for the very good program)

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,096
Location:
Prague, Czechia

Np, it's good that you brought it up.

No need to close anything here.

Reply with quote

Guest

Hi Martin,

just a quick note concerning the status of openssh: Debian unstable and LEDE have version 7.6p1, for Debian stretch a fix was commited to the distro git repository.

Kind regards
Harald

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,096
Location:
Prague, Czechia

Thanks! Do you have a link to the commit? (I'm not familiar with their repository)

Reply with quote

Advertisement

You can post new topics in this forum