Topic "curve25519-sha256 vs curve25519-sha256@libssh.org"

Author Message
none

Guest


Dear Martin Prikryl,

WinSCP version 5.10.1 beta (Build 7579) refuses to accept curve25519-sha256 as the newer name for curve25519-sha256@libssh.org (see https://github.com/openssh/openssh-portable/blob/6116bd4ed354a71a733c8fd0f0467ce612f12911/kex.h#L63). Seems like putty handles this correctly so would be nice if you could fix this :-).

Kind regards
Harald Jenny
Advertisements
martin◆
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26911
Location: Prague, Czechia
I do not think PuTTY understands "curve25519-sha256" kex. What makes you believe so?

https://git.tartarus.org/?p=simon/putty.git;a=blob;f=sshecc.c;h=e1166827f1143a3f9d692c17d6f8913879a4b05d;hb=HEAD#l2869
Guest




martin wrote:
I do not think PuTTY understands "curve25519-sha256" kex. What makes you believe so?

https://git.tartarus.org/?p=simon/putty.git;a=blob;f=sshecc.c;h=e1166827f1143a3f9d692c17d6f8913879a4b05d;hb=HEAD#l2869


Good point seems putty is doing a diffie-hellman-group-exchange-sha256 which winscp doesn't even try although both are configured to first try DH and then use ECDH - why?
martin◆
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26911
Location: Prague, Czechia
Please post comparable WinSCP session log file and PuTTY event log.
none

Guest


Dear Martin Prikryl,

first sorry for not debugging this matter before but I lacked the time, I hope the logs and config snippets help a bit - seems like:

1. WinSCP in contrast to PuTTY (https://git.tartarus.org/?p=simon/putty.git;a=blob;f=sshdh.c;h=f254bc1de7c3a255f03c53ced7bc9fb5acb31b0c;hb=HEAD#l98) doesn't do Diffie-Hellman key exchange with hash SHA-256
2. WinSCP doesn't do Diffie-Hellman key exchange with hash SHA-1 even if configured to do so


config from openssh-server:

KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256


config from putty:

Kex -> Diffie-Hellman group xchange, ECDH key exchange


log from putty:

2017-07-09 11:41:27 Connecting to x.x.x.x port 22
2017-07-09 11:41:27 We claim version: SSH-2.0-PuTTY_Release_0.70
2017-07-09 11:41:27 Server version: SSH-2.0-OpenSSH_7.5
2017-07-09 11:41:27 Using SSH protocol version 2
2017-07-09 11:41:27 Doing Diffie-Hellman group exchange
2017-07-09 11:41:30 Doing Diffie-Hellman key exchange with hash SHA-256
2017-07-09 11:41:34 Server also has ssh-ed25519 host key, but we don't know it
2017-07-09 11:41:34 Host key fingerprint is:
2017-07-09 11:41:34 ssh-rsa 2048 4b:68:6a:7e:d2:2d:2a:26:d1:cb:66:c4:67:bf:5d:08
2017-07-09 11:41:34 Initialised ChaCha20 client->server encryption
2017-07-09 11:41:34 Initialised Poly1305 client->server MAC algorithm (in ETM mode) (required by cipher)
2017-07-09 11:41:34 Initialised ChaCha20 server->client encryption
2017-07-09 11:41:34 Initialised Poly1305 server->client MAC algorithm (in ETM mode) (required by cipher)


config from winscp:

Key exchange -> Diffie-Hellman group xchange, ECDH key exchange


log from winscp:

. 2017-07-09 11:46:22.815 --------------------------------------------------------------------------
. 2017-07-09 11:46:22.816 WinSCP Version 5.10.2 beta (Build 7621) (OS x.x.x - Windows x x)
. 2017-07-09 11:46:22.816 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2017-07-09 11:46:22.816 Log level: Debug 2
. 2017-07-09 11:46:22.816 Local account: x\x
. 2017-07-09 11:46:22.816 Working directory: C:\Program Files (x86)\WinSCP
. 2017-07-09 11:46:22.816 Process ID: 7576
. 2017-07-09 11:46:22.817 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe"
. 2017-07-09 11:46:22.817 Time zone: Current: GMT+2, Standard: GMT+1 (Mitteleuropäische Zeit), DST: GMT+2 (Mitteleuropäische Sommerzeit), DST Start: 26.03.2017, DST End: 29.10.2017
. 2017-07-09 11:46:22.818 Login time: Sonntag, 9. Juli 2017 11:46:22
. 2017-07-09 11:46:22.818 --------------------------------------------------------------------------
. 2017-07-09 11:46:22.818 Session name: root@x.x.x.x (Ad-Hoc site)
. 2017-07-09 11:46:22.818 Host name: x.x.x.x (Port: 22)
. 2017-07-09 11:46:22.818 User name: root (Password: Yes, Key file: No, Passphrase: No)
. 2017-07-09 11:46:22.818 Tunnel: No
. 2017-07-09 11:46:22.818 Transfer Protocol: SCP
. 2017-07-09 11:46:22.818 Ping type: Dummy, Ping interval: 30 sec; Timeout: 15 sec
. 2017-07-09 11:46:22.818 Disable Nagle: No
. 2017-07-09 11:46:22.818 Proxy: None
. 2017-07-09 11:46:22.818 Send buffer: 262144
. 2017-07-09 11:46:22.818 SSH protocol version: 2; Compression: No
. 2017-07-09 11:46:22.818 Bypass authentication: No
. 2017-07-09 11:46:22.818 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: Yes
. 2017-07-09 11:46:22.818 GSSAPI: Forwarding: No
. 2017-07-09 11:46:22.818 Ciphers: chacha20,aes,WARN,3des,blowfish,arcfour,des; Ssh2DES: No
. 2017-07-09 11:46:22.819 KEX: dh-gex-sha1,ecdh,WARN,dh-group1-sha1,dh-group14-sha1,rsa
. 2017-07-09 11:46:22.819 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
. 2017-07-09 11:46:22.819 Simple channel: Yes
. 2017-07-09 11:46:22.819 Return code variable: Autodetect; Lookup user groups: Auto
. 2017-07-09 11:46:22.819 Shell: default
. 2017-07-09 11:46:22.819 EOL: LF, UTF: Auto
. 2017-07-09 11:46:22.819 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes; Follow directory symlinks: Yes
. 2017-07-09 11:46:22.819 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2017-07-09 11:46:22.819 Local directory: default, Remote directory: home, Update: Yes, Cache: No
. 2017-07-09 11:46:22.819 Cache directory changes: No, Permanent: No
. 2017-07-09 11:46:22.819 Recycle bin: Delete to: No, Overwritten to: No, Bin path:
. 2017-07-09 11:46:22.819 DST mode: Unix;Timezone offset: 0h 0m
. 2017-07-09 11:46:22.819 --------------------------------------------------------------------------
. 2017-07-09 11:46:22.875 Looking up host "x.x.x.x" for SSH connection
. 2017-07-09 11:46:22.875 Connecting to x.x.x.x port 22
. 2017-07-09 11:46:22.877 Selecting events 63 for socket 7516
. 2017-07-09 11:46:22.877 We claim version: SSH-2.0-WinSCP_release_5.10.2
. 2017-07-09 11:46:22.898 Waiting for the server to continue with the initialization
. 2017-07-09 11:46:22.898 Looking for incoming data
. 2017-07-09 11:46:22.898 Looking for network events
. 2017-07-09 11:46:22.898 Detected network event
. 2017-07-09 11:46:22.898 Enumerating network events for socket 7516
. 2017-07-09 11:46:22.898 Enumerated 18 network events making 18 cumulative events for socket 7516
. 2017-07-09 11:46:22.898 Handling network write event on socket 7516 with error 0
. 2017-07-09 11:46:22.898 Handling network connect event on socket 7516 with error 0
. 2017-07-09 11:46:22.898 Looking for network events
. 2017-07-09 11:46:22.906 Detected network event
. 2017-07-09 11:46:22.906 Enumerating network events for socket 7516
. 2017-07-09 11:46:22.906 Enumerated 1 network events making 1 cumulative events for socket 7516
. 2017-07-09 11:46:22.906 Handling network read event on socket 7516 with error 0
. 2017-07-09 11:46:22.906 Server version: SSH-2.0-OpenSSH_7.5
. 2017-07-09 11:46:22.906 We believe remote version has SSH-2 channel request bug
. 2017-07-09 11:46:22.906 Using SSH protocol version 2
. 2017-07-09 11:46:22.907 Have a known host key of type rsa2
. 2017-07-09 11:46:22.907 Waiting for the server to continue with the initialization
. 2017-07-09 11:46:22.907 Looking for incoming data
. 2017-07-09 11:46:22.907 Looking for network events
. 2017-07-09 11:46:22.909 Detected network event
. 2017-07-09 11:46:22.909 Enumerating network events for socket 7516
. 2017-07-09 11:46:22.909 Enumerated 1 network events making 1 cumulative events for socket 7516
. 2017-07-09 11:46:22.909 Handling network read event on socket 7516 with error 0
. 2017-07-09 11:46:22.909 Selecting events 0 for socket 7516
. 2017-07-09 11:46:22.909 Couldn't agree a key exchange algorithm (available: curve25519-sha256)
* 2017-07-09 11:46:22.951 (EFatal) Couldn't agree a key exchange algorithm (available: curve25519-sha256)


Tried to remove private information from the log - btw. PuTTY version 0.70 is out.
Hope I could help you to debug this issue - if you need more information please contact me.

Kind regards
Harald Jenny
martin◆
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26911
Location: Prague, Czechia
none wrote:
seems like:

1. WinSCP in contrast to PuTTY (https://git.tartarus.org/?p=simon/putty.git;a=blob;f=sshdh.c;h=f254bc1de7c3a255f03c53ced7bc9fb5acb31b0c;hb=HEAD#l98) doesn't do Diffie-Hellman key exchange with hash SHA-256
2. WinSCP doesn't do Diffie-Hellman key exchange with hash SHA-1 even if configured to do so


Of course, WinSCP does Diffie-Hellman key exchange. Try to connect to our server (winscp.net):

Quote:
. 2017-07-12 12:43:24.662 Looking up host "winscp.net" for SSH connection
. 2017-07-12 12:43:24.664 Connecting to 87.106.181.237 port 22
. 2017-07-12 12:43:24.689 We claim version: SSH-2.0-WinSCP_release_5.10.2
. 2017-07-12 12:43:24.779 Server version: SSH-2.0-OpenSSH_5.3
. 2017-07-12 12:43:24.780 Using SSH protocol version 2
. 2017-07-12 12:43:24.780 Have a known host key of type rsa2
. 2017-07-12 12:43:24.812 Doing Diffie-Hellman group exchange
. 2017-07-12 12:43:24.843 Doing Diffie-Hellman key exchange with hash SHA-256


Can you provide me an IP address of your server (even privately)? Or any test server with the same configuration.

Can you do Wireshark capture of both PuTTY and WinSCP connections?
Guest




> Of course, WinSCP does Diffie-Hellman key exchange. Try to connect to our server (winscp.net):

Ok my fault - it says:

KEX: dh-gex-sha1 so I thought it's just SHA1

> . 2017-07-12 12:43:24.779 Server version: SSH-2.0-OpenSSH_5.3

Server version is very different, I think this is the cause...

> Can you provide me an IP address of your server (even privately)? Or any test server with the same configuration.

193.200.160.125 - gives the same issue, although different OS. PuTTY uses DH while WinSCP bails out.

> Can you do Wireshark capture of both PuTTY and WinSCP connections?

Well this may take a little bit currently I'm little bit busy
Guest




same problem with a machine with OpenSSH_7.4p1
martin◆
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26911
Location: Prague, Czechia
Quote:
193.200.160.125 - gives the same issue, although different OS. PuTTY uses DH while WinSCP bails out.

With latest PuTTY 0.70, I get

Quote:
Couldn't agree a client-to-server MAC (available: hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com)

.
Guest




martin wrote:
Quote:
193.200.160.125 - gives the same issue, although different OS. PuTTY uses DH while WinSCP bails out.

With latest PuTTY 0.70, I get

Quote:
Couldn't agree a client-to-server MAC (available: hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com)

.


Please try with with the following settings:

Kex: Diffie-Hellman Group Exchange
Host Keys: RSA
Cipher: ChaCha20

Using AES as the Cipher gives me this error too. If this configuration is not convered by the protocol specifications then please tell me but then PuTTY doesn't follow them either...
martin◆
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26911
Location: Prague, Czechia
Anonymous wrote:
Please try with with the following settings:

Kex: Diffie-Hellman Group Exchange
Host Keys: RSA
Cipher: ChaCha20

Using AES as the Cipher gives me this error too. If this configuration is not convered by the protocol specifications then please tell me but then PuTTY doesn't follow them either...

Ok. I'll get back to this in about a week.
_________________
Martin Prikryl
Guest




No stress, it's not really urgent nor very important, just a little bit surprising when you use PuTTY :-)
martin◆
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26911
Location: Prague, Czechia
The server was probably reconfigured meanwhile, as it now offers curve25519-sha256@libssh.org.

So I cannot test the problem anymore.

Few days ago:

Quote:
. Couldn't agree a key exchange algorithm (available: curve25519-sha256)


Today:

Quote:
. Asking user:
. The first key-exchange algorithm supported by the server is curve25519-sha256@libssh.org, which is below the configured warning threshold.
.
. Do you want to continue with this connection? ()
. Doing ECDH key exchange with curve Curve25519 and hash SHA-256
Guest




Sorry had to do a transfer to a Windows host - reconfiguration done
martin◆
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26911
Location: Prague, Czechia
Anonymous wrote:
Sorry had to do a transfer to a Windows host - reconfiguration done

Sorry, I've missed this message. Will test it in few days.
martin◆
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26911
Location: Prague, Czechia
OK, it turned to be a glitch in OpenSSH.

I've reported it:
https://bugzilla.mindrot.org/show_bug.cgi?id=2748
Guest




Ups sorry for pestering you about this matter then - seems there is already a reply from openssh (and sorry for making your work harder then necessary) (and thanks for the very good program)
Guest




I will close the issue as soon as 7.6 hits the world, is this ok for you?
martin◆
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26911
Location: Prague, Czechia
Np, it's good that you brought it up.

No need to close anything here.
Guest




sorry was on holiday ok then thanks for your help with this issue :-)
Guest




Hi Martin,

just a quick note concerning the status of openssh: Debian unstable and LEDE have version 7.6p1, for Debian stretch a fix was commited to the distro git repository.

Kind regards
Harald
martin◆
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26911
Location: Prague, Czechia
Thanks! Do you have a link to the commit? (I'm not familiar with their repository)
protput
[View user's profile]

Joined: 2016-08-10
Posts: 7
These are the links for the commits to the Stretch branch:
https://anonscm.debian.org/cgit/pkg-ssh/openssh.git/commit/?h=stretch&id=2e0fa28e7b3a0fb1fdd28ecc636ba608e7ae9ebe
https://anonscm.debian.org/cgit/pkg-ssh/openssh.git/commit/?h=stretch&id=7c1fa7e5e61b5d4e9a7a0bb70018426ae3560267
martin◆
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26911
Location: Prague, Czechia
Thanks.
Advertisements

You can post new topics in this forum

Search

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License