info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Ubuntu 18.04 -> Ubuntu 20.04 broke libssh2 client
327 views
Skip to first unread message
Matthew Fleming
Feb 25, 2022, 8:52:19 AM2/25/22
to
I've also posted to the libssh2-devel group about this, but no answer so far.
I have a Windows-based client application using libssh2 that was working fine until I moved to a new server running Ubuntu 20.04 LTS, from one running Ubuntu 18.04 LTS. Now libssh2_session_handshake() on the client fails with result code LIBSSH2_ERROR_KEX_FAILURE and libssh2_session_last_error() reports "Unable to exchange keys". Auth.log on the server reports:
sshd[21850]: Unable to negotiate with 104.48.39.9 port 57156: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
This seems odd for a few reasons. I rebuilt the client app with the latest version of libssh2, and this is supposed to also support diffie-hellman-group-exchange-sha256, but that wasn't offered. Also the version of openssh on the Ubuntu server supposedly supports the key exchange methods that were offered but apparently rejected.
ssh -Q kex on the server reports this:
ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve255...@libssh.org
sntrup4591761...@tinyssh.org
I tried adding
KexAlgorithms +diffie-hellman-group1-sha
to /etc/ssh_config (and then restarting ssh and sshd) but it made no difference.
I can ssh and sftp to the server using various clients without any problem. The issue is only with trying to sftp using libssh2.
I rebuilt my Windows client app against the latest version of libssh2, but no difference. (I built libssh2 using vckpkg install libssh2.) I also tried building a different way, to link against the WinCNG, as in https://jpassing.com/2021/02/29/2021-03-29-building-libssh2-on-windows-lessons-learnt/ but no different.
I've spent many hours on this and would really appreciate some help. At this point it seems like my only option is to rebuild the app using another library (libssh perhaps), and I'd really like to avoid that.
Thanks very much in advance.
Matthew Fleming, MD
Fleming Dermatopathology
Milwaukee, WI
I have a Windows-based client application using libssh2 that was working fine until I moved to a new server running Ubuntu 20.04 LTS, from one running Ubuntu 18.04 LTS. Now libssh2_session_handshake() on the client fails with result code LIBSSH2_ERROR_KEX_FAILURE and libssh2_session_last_error() reports "Unable to exchange keys". Auth.log on the server reports:
sshd[21850]: Unable to negotiate with 104.48.39.9 port 57156: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
This seems odd for a few reasons. I rebuilt the client app with the latest version of libssh2, and this is supposed to also support diffie-hellman-group-exchange-sha256, but that wasn't offered. Also the version of openssh on the Ubuntu server supposedly supports the key exchange methods that were offered but apparently rejected.
ssh -Q kex on the server reports this:
ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve255...@libssh.org
sntrup4591761...@tinyssh.org
I tried adding
KexAlgorithms +diffie-hellman-group1-sha
to /etc/ssh_config (and then restarting ssh and sshd) but it made no difference.
I can ssh and sftp to the server using various clients without any problem. The issue is only with trying to sftp using libssh2.
I rebuilt my Windows client app against the latest version of libssh2, but no difference. (I built libssh2 using vckpkg install libssh2.) I also tried building a different way, to link against the WinCNG, as in https://jpassing.com/2021/02/29/2021-03-29-building-libssh2-on-windows-lessons-learnt/ but no different.
I've spent many hours on this and would really appreciate some help. At this point it seems like my only option is to rebuild the app using another library (libssh perhaps), and I'd really like to avoid that.
Thanks very much in advance.
Matthew Fleming, MD
Fleming Dermatopathology
Milwaukee, WI
James Tan
Jul 8, 2022, 7:44:05 PM7/8/22
to
Check /var/log/auth.log, if you see "userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]" then take a look at this https://access.redhat.com/discussions/5251241
james
0 new messages