savannah-hackers-public
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] List of available SSH cipher types?


From: Bob Proulx
Subject: Re: [Savannah-hackers-public] List of available SSH cipher types?
Date: Sun, 10 Oct 2021 15:18:27 -0600

Andrew Engelbrecht wrote:
> Someone said they were having trouble ssh'ing to Savannah, and course
> they're an Arch user, so likely using SSH 8.8. ; )

Agreed.  Very likely.

> They did apply the +ssh-rsa trick, but for some reason Savannah
> wasn't accepting their key that had been working for a while
> already.

Likely that was actually a different problem.  Since the workaround
for it did not work.  Or perhaps the workaround was not correctly
applied.  For example have had one case already where misunderstanding
of the "old-host" example name caused the user to use that placeholder
string literally instead of using the actual hostname.

> They said that once they created an ED25519 key, the could log in.

Though undocumented in the OpenSSH 8.8 release notes it seems likely
that using an ED25519 user key also enables using an ED25519 host key
and thereby avoiding the SHA-1 algorithm in the ssh-rsa host key which
is otherwise used by default.  There have been several reports that
upgrading to ED25519 user keys works.

Upgrading to an ED25519 user key is definitely a good upgrade all
around.  I think we should be recommending that for people who wish to
move forward.

[[ I still don't have an OpenSSH 8.8 client system of my own to try
experiments with and therefore am just working based upon reports from
others. ]]

> It's possible that their SSH authorized keys list on Savannah was
> changed at some point, and they forgot?

Historically users have had a variety of problems.  There are an
infinite number of ways for things to fail.  But there is only one way
for things to work correctly.  Trying to guess why something has
failed without any information is a gamble at best.

Other users have successfully applied the +ssh-rsa workaround and it
has worked.  The release notes document it.  If that did not work then
the problem must be something else.

> In any case, they requested that we update the following page with info
> about acceptable ciphers:
>
> https://savannah.gnu.org/maintenance/SshAccess/

Thanks for the nudge to do this.  I have updated that page with
information concerning this issue.

> I don't think it's super urgent, but it might be nice to add a list to that
> page. I hope that I sent this to the right list. I'm likely not subscribed,
> so please CC me on any replies.

OpenSSH does not make this information trivially available to the
user!  And I should just stop the email here but...  You asked!  And
so here is actually a way to get this information.  :-)

I would "ssh -vv git.savannah.gnu.org" and then look through the
verbose information provided there.  That's always going to be the
correct information about what is happening.  That going to be the
easier way to figure out what is happening.  And it is mostly
incomprehensible to mere mortals reading it.  For example.

    rwp@angst:~$ ssh -vv git.savannah.gnu.org

    debug2: local client KEXINIT proposal
    debug2: KEX algorithms: 
curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-cdebug2:
 host key algorithms: 
ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
    debug2: ciphers ctos: 
chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
    debug2: ciphers stoc: 
chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
    debug2: MACs ctos: 
umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: MACs stoc: 
umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: compression ctos: none,zlib@openssh.com,zlib
    debug2: compression stoc: none,zlib@openssh.com,zlib

    debug2: peer server KEXINIT proposal
    debug2: KEX algorithms: 
curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellma$-group14-sha1,diffie-hellman-group1-sha1
    debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
    debug2: ciphers ctos: 
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-c$c,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: ciphers stoc: 
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-c$c,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: MACs ctos: 
hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-e$m@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openss$.com,hmac-sha1-96,hmac-md5-96
    debug2: MACs stoc: 
hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-e$m@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openss$.com,hmac-sha1-96,hmac-md5-96

    debug1: kex: algorithm: curve25519-sha256@libssh.org
    debug1: kex: host key algorithm: ssh-rsa
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: 
<implicit> compression: none
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: 
<implicit> compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ssh-rsa 
SHA256:FYkx0iik+iBeCLRzvUyUSTRT98TEBBJoYuQsTXbyGL8
    debug1: Host 'git.savannah.gnu.org' is known and matches the RSA host key.
    debug1: Found key in /home/rwp/.ssh/known_hosts:154

There you go!  All of the information is right there.  But does it
help? :-) In this case everything is working okay.  But in the case of
a misalignment between client and server it would have error messages
indicating the problems.

It *is* actually possible to probe remote systems using nmap and have
nmap since version r20844 provide this information too.

    rwp@angst:~$ nmap --script ssh2-enum-algos -sV -p 22 git.savannah.gnu.org

    Starting Nmap 7.40 ( https://nmap.org ) at 2021-10-10 14:52 MDT
    Nmap scan report for git.savannah.gnu.org (209.51.188.201)
    Host is up (0.075s latency).
    Other addresses for git.savannah.gnu.org (not scanned): 2001:470:142:5::201
    rDNS record for 209.51.188.201: vcs0.savannah.gnu.org
    PORT   STATE SERVICE VERSION
    22/tcp open  ssh     OpenSSH 6.6.1p1 (protocol 2.0; Trisquel 7.0)
    | ssh2-enum-algos:
    |   kex_algorithms: (8)
    |       curve25519-sha256@libssh.org
    |       ecdh-sha2-nistp256
    |       ecdh-sha2-nistp384
    |       ecdh-sha2-nistp521
    |       diffie-hellman-group-exchange-sha256
    |       diffie-hellman-group-exchange-sha1
    |       diffie-hellman-group14-sha1
    |       diffie-hellman-group1-sha1
    |   server_host_key_algorithms: (4)
    |       ssh-rsa
    |       ssh-dss
    |       ecdsa-sha2-nistp256
    |       ssh-ed25519
    |   encryption_algorithms: (16)
    |       aes128-ctr
    |       aes192-ctr
    |       aes256-ctr
    |       arcfour256
    |       arcfour128
    |       aes128-gcm@openssh.com
    |       aes256-gcm@openssh.com
    |       chacha20-poly1305@openssh.com
    |       aes128-cbc
    |       3des-cbc
    |       blowfish-cbc
    |       cast128-cbc
    |       aes192-cbc
    |       aes256-cbc
    |       arcfour
    |       rijndael-cbc@lysator.liu.se
    |   mac_algorithms: (19)
    |       hmac-md5-etm@openssh.com
    |       hmac-sha1-etm@openssh.com
    |       umac-64-etm@openssh.com
    |       umac-128-etm@openssh.com
    |       hmac-sha2-256-etm@openssh.com
    |       hmac-sha2-512-etm@openssh.com
    |       hmac-ripemd160-etm@openssh.com
    |       hmac-sha1-96-etm@openssh.com
    |       hmac-md5-96-etm@openssh.com
    |       hmac-md5
    |       hmac-sha1
    |       umac-64@openssh.com
    |       umac-128@openssh.com
    |       hmac-sha2-256
    |       hmac-sha2-512
    |       hmac-ripemd160
    |       hmac-ripemd160@openssh.com
    |       hmac-sha1-96
    |       hmac-md5-96
    |   compression_algorithms: (2)
    |       none
    |_      zlib@openssh.com
    Service Info: OS: Linux; CPE: 
cpe:/o:trisquel_project:trisquel_gnu%2flinux:7.0

    Service detection performed. Please report any incorrect results at 
https://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 4.66 seconds

Couple that with using ssh -Q query to ask the client what it
supports.  This ssh -Q option is available since version 6.3.

    rwp@angst:~$ for q in cipher cipher-auth mac kex key key-cert key-plain 
protocol-version; do echo $q; ssh -Q $q | sed 's/^/    /'; done

    cipher
        3des-cbc
        blowfish-cbc
        cast128-cbc
        arcfour
        arcfour128
        arcfour256
        aes128-cbc
        aes192-cbc
        aes256-cbc
        rijndael-cbc@lysator.liu.se
        aes128-ctr
        aes192-ctr
        aes256-ctr
        aes128-gcm@openssh.com
        aes256-gcm@openssh.com
        chacha20-poly1305@openssh.com
    cipher-auth
        aes128-gcm@openssh.com
        aes256-gcm@openssh.com
        chacha20-poly1305@openssh.com
    mac
        hmac-sha1
        hmac-sha1-96
        hmac-sha2-256
        hmac-sha2-512
        hmac-md5
        hmac-md5-96
        hmac-ripemd160
        hmac-ripemd160@openssh.com
        umac-64@openssh.com
        umac-128@openssh.com
        hmac-sha1-etm@openssh.com
        hmac-sha1-96-etm@openssh.com
        hmac-sha2-256-etm@openssh.com
        hmac-sha2-512-etm@openssh.com
        hmac-md5-etm@openssh.com
        hmac-md5-96-etm@openssh.com
        hmac-ripemd160-etm@openssh.com
        umac-64-etm@openssh.com
        umac-128-etm@openssh.com
    kex
        diffie-hellman-group1-sha1
        diffie-hellman-group14-sha1
        diffie-hellman-group14-sha256
        diffie-hellman-group16-sha512
        diffie-hellman-group18-sha512
        diffie-hellman-group-exchange-sha1
        diffie-hellman-group-exchange-sha256
        ecdh-sha2-nistp256
        ecdh-sha2-nistp384
        ecdh-sha2-nistp521
        curve25519-sha256
        curve25519-sha256@libssh.org
    key
        ssh-ed25519
        ssh-ed25519-cert-v01@openssh.com
        ssh-rsa
        ssh-dss
        ecdsa-sha2-nistp256
        ecdsa-sha2-nistp384
        ecdsa-sha2-nistp521
        ssh-rsa-cert-v01@openssh.com
        ssh-dss-cert-v01@openssh.com
        ecdsa-sha2-nistp256-cert-v01@openssh.com
        ecdsa-sha2-nistp384-cert-v01@openssh.com
        ecdsa-sha2-nistp521-cert-v01@openssh.com
    key-cert
        ssh-ed25519-cert-v01@openssh.com
        ssh-rsa-cert-v01@openssh.com
        ssh-dss-cert-v01@openssh.com
        ecdsa-sha2-nistp256-cert-v01@openssh.com
        ecdsa-sha2-nistp384-cert-v01@openssh.com
        ecdsa-sha2-nistp521-cert-v01@openssh.com
    key-plain
        ssh-ed25519
        ssh-rsa
        ssh-dss
        ecdsa-sha2-nistp256
        ecdsa-sha2-nistp384
        ecdsa-sha2-nistp521
    protocol-version
        2

And then between those two things the user can see what lines up as
shared available algorithms and what does not.

Bob



reply via email to

[Prev in Thread] Current Thread [Next in Thread]