Bug#812368: openssh-server: sshd thinks PuTTY can't do diffie-hellman-group-exchange-sha256
Package: openssh-server
Version: 1:7.1p2-2
Severity: normal
Dear Maintainer,
I'm trying to connect to my system from a Windows client using PuTTY.
The particular version of PuTTY I'm using is TortoisePlink 0.63.0.9999
from the Xpra distribution. It supports the key exchange
diffie-hellman-group-exchange-sha256, which OpenSSH also supports.
However, it seems to be blocked by OpenSSH's compatibility mode.
The pertinent line from the log:
debug2: Compat: skipping algorithm
"diffie-hellman-group-exchange-sha256" [preauth]
I'm attaching the complete log. Note that I'm using sslh to forward ssh
traffic arriving on port 443 to localhost port 22.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.0.0 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages openssh-server depends on:
ii adduser 3.113+nmu3
ii cdebconf [debconf-2.0] 0.201
ii debconf [debconf-2.0] 1.5.58
ii dpkg 1.18.4
ii init-system-helpers 1.24
ii libaudit1 1:2.4.5-1
ii libc6 2.21-6
ii libcomerr2 1.42.13-1
ii libgssapi-krb5-2 1.13.2+dfsg-4
ii libkrb5-3 1.13.2+dfsg-4
ii libpam-modules 1.1.8-3.2
ii libpam-runtime 1.1.8-3.2
ii libpam0g 1.1.8-3.2
ii libselinux1 2.4-3
ii libssl1.0.2 1.0.2e-1
ii libsystemd0 228-4
ii libwrap0 7.6.q-25
ii lsb-base 9.20160110
ii openssh-client 1:7.1p2-2
ii openssh-sftp-server 1:7.1p2-2
ii procps 2:3.3.11-3
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages openssh-server recommends:
ii ncurses-term 6.0+20151024-2
ii xauth 1:1.0.9-1
Versions of packages openssh-server suggests:
ii molly-guard 0.6.2
ii monkeysphere 0.37-3
ii rssh 2.3.4-4+b1
ii ssh-askpass 1:1.2.4.1-9
ii ssh-askpass-gnome [ssh-askpass] 1:7.1p2-1
ii ufw 0.34-2
-- debconf information:
ssh/new_config: true
ssh/vulnerable_host_keys:
ssh/disable_cr_auth: false
* ssh/insecure_telnetd:
ssh/insecure_rshd:
ssh/encrypted_host_key_but_no_keygen:
* ssh/use_old_init_script: true
openssh-server/permit-root-login: false
# /usr/sbin/sshd -dd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 1235
debug2: parse_server_config: config /etc/ssh/sshd_config len 1235
debug1: sshd version OpenSSH_7.1, OpenSSL 1.0.2e 3 Dec 2015
debug1: private host key #0: ssh-rsa SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
debug1: private host key #1: ssh-ed25519 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-dd'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 44436 on 127.0.0.1 port 22
debug1: Client protocol version 2.0; client software version PuTTY_Local:_Mar_19_2015_19:02:45
debug1: match: PuTTY_Local:_Mar_19_2015_19:02:45 pat PuTTY_Local:*,PuTTY-Release-0.5*,PuTTY_Release_0.5*,PuTTY_Release_0.60*,PuTTY_Release_0.61*,PuTTY_Release_0.62*,PuTTY_Release_0.63*,PuTTY_Release_0.64* compat 0x00004000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1p2 Debian-2
debug2: fd 3 setting O_NONBLOCK
debug2: Network child is on pid 32034
debug1: permanently_set_uid: 101/65534 [preauth]
debug2: compat_kex_proposal: original KEX proposal: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 [preauth]
debug2: Compat: skipping algorithm "diffie-hellman-group-exchange-sha256" [preauth]
debug2: compat_kex_proposal: compat KEX proposal: curve25519-sha256@libssh.org [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-ed25519 [preauth]
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr [preauth]
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr [preauth]
debug2: kex_parse_kexinit: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com [preauth]
debug2: kex_parse_kexinit: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com [preauth]
debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1 [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss [preauth]
debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth]
debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth]
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5 [preauth]
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5 [preauth]
debug2: kex_parse_kexinit: none,zlib [preauth]
debug2: kex_parse_kexinit: none,zlib [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug1: kex: client->server aes256-ctr hmac-sha2-256 none [preauth]
debug1: kex: server->client aes256-ctr hmac-sha2-256 none [preauth]
Unable to negotiate with 127.0.0.1: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1 [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: Killing privsep child 32034
debug1: audit_event: unhandled event 12
Reply to: