[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers-public] List of available SSH cipher types?
From: |
Bob Proulx |
Subject: |
Re: [Savannah-hackers-public] List of available SSH cipher types? |
Date: |
Sun, 10 Oct 2021 15:18:27 -0600 |
Andrew Engelbrecht wrote:
> Someone said they were having trouble ssh'ing to Savannah, and course
> they're an Arch user, so likely using SSH 8.8. ; )
Agreed. Very likely.
> They did apply the +ssh-rsa trick, but for some reason Savannah
> wasn't accepting their key that had been working for a while
> already.
Likely that was actually a different problem. Since the workaround
for it did not work. Or perhaps the workaround was not correctly
applied. For example have had one case already where misunderstanding
of the "old-host" example name caused the user to use that placeholder
string literally instead of using the actual hostname.
> They said that once they created an ED25519 key, the could log in.
Though undocumented in the OpenSSH 8.8 release notes it seems likely
that using an ED25519 user key also enables using an ED25519 host key
and thereby avoiding the SHA-1 algorithm in the ssh-rsa host key which
is otherwise used by default. There have been several reports that
upgrading to ED25519 user keys works.
Upgrading to an ED25519 user key is definitely a good upgrade all
around. I think we should be recommending that for people who wish to
move forward.
[[ I still don't have an OpenSSH 8.8 client system of my own to try
experiments with and therefore am just working based upon reports from
others. ]]
> It's possible that their SSH authorized keys list on Savannah was
> changed at some point, and they forgot?
Historically users have had a variety of problems. There are an
infinite number of ways for things to fail. But there is only one way
for things to work correctly. Trying to guess why something has
failed without any information is a gamble at best.
Other users have successfully applied the +ssh-rsa workaround and it
has worked. The release notes document it. If that did not work then
the problem must be something else.
> In any case, they requested that we update the following page with info
> about acceptable ciphers:
>
> https://savannah.gnu.org/maintenance/SshAccess/
Thanks for the nudge to do this. I have updated that page with
information concerning this issue.
> I don't think it's super urgent, but it might be nice to add a list to that
> page. I hope that I sent this to the right list. I'm likely not subscribed,
> so please CC me on any replies.
OpenSSH does not make this information trivially available to the
user! And I should just stop the email here but... You asked! And
so here is actually a way to get this information. :-)
I would "ssh -vv git.savannah.gnu.org" and then look through the
verbose information provided there. That's always going to be the
correct information about what is happening. That going to be the
easier way to figure out what is happening. And it is mostly
incomprehensible to mere mortals reading it. For example.
rwp@angst:~$ ssh -vv git.savannah.gnu.org
debug2: local client KEXINIT proposal
debug2: KEX algorithms:
curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-cdebug2:
host key algorithms:
ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos:
chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc:
chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos:
umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc:
umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: peer server KEXINIT proposal
debug2: KEX algorithms:
curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellma$-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-c$c,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: ciphers stoc:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-c$c,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: MACs ctos:
hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-e$m@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openss$.com,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc:
hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-e$m@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openss$.com,hmac-sha1-96,hmac-md5-96
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:
<implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa
SHA256:FYkx0iik+iBeCLRzvUyUSTRT98TEBBJoYuQsTXbyGL8
debug1: Host 'git.savannah.gnu.org' is known and matches the RSA host key.
debug1: Found key in /home/rwp/.ssh/known_hosts:154
There you go! All of the information is right there. But does it
help? :-) In this case everything is working okay. But in the case of
a misalignment between client and server it would have error messages
indicating the problems.
It *is* actually possible to probe remote systems using nmap and have
nmap since version r20844 provide this information too.
rwp@angst:~$ nmap --script ssh2-enum-algos -sV -p 22 git.savannah.gnu.org
Starting Nmap 7.40 ( https://nmap.org ) at 2021-10-10 14:52 MDT
Nmap scan report for git.savannah.gnu.org (209.51.188.201)
Host is up (0.075s latency).
Other addresses for git.savannah.gnu.org (not scanned): 2001:470:142:5::201
rDNS record for 209.51.188.201: vcs0.savannah.gnu.org
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1p1 (protocol 2.0; Trisquel 7.0)
| ssh2-enum-algos:
| kex_algorithms: (8)
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group-exchange-sha1
| diffie-hellman-group14-sha1
| diffie-hellman-group1-sha1
| server_host_key_algorithms: (4)
| ssh-rsa
| ssh-dss
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (16)
| aes128-ctr
| aes192-ctr
| aes256-ctr
| arcfour256
| arcfour128
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| chacha20-poly1305@openssh.com
| aes128-cbc
| 3des-cbc
| blowfish-cbc
| cast128-cbc
| aes192-cbc
| aes256-cbc
| arcfour
| rijndael-cbc@lysator.liu.se
| mac_algorithms: (19)
| hmac-md5-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-ripemd160-etm@openssh.com
| hmac-sha1-96-etm@openssh.com
| hmac-md5-96-etm@openssh.com
| hmac-md5
| hmac-sha1
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-ripemd160
| hmac-ripemd160@openssh.com
| hmac-sha1-96
| hmac-md5-96
| compression_algorithms: (2)
| none
|_ zlib@openssh.com
Service Info: OS: Linux; CPE:
cpe:/o:trisquel_project:trisquel_gnu%2flinux:7.0
Service detection performed. Please report any incorrect results at
https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 4.66 seconds
Couple that with using ssh -Q query to ask the client what it
supports. This ssh -Q option is available since version 6.3.
rwp@angst:~$ for q in cipher cipher-auth mac kex key key-cert key-plain
protocol-version; do echo $q; ssh -Q $q | sed 's/^/ /'; done
cipher
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
cipher-auth
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
mac
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
hmac-ripemd160-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com
kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
key
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
key-cert
ssh-ed25519-cert-v01@openssh.com
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
key-plain
ssh-ed25519
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
protocol-version
2
And then between those two things the user can see what lines up as
shared available algorithms and what does not.
Bob