[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#812368: marked as done (openssh-server: sshd thinks PuTTY can't do diffie-hellman-group-exchange-sha256)

Your message dated Fri, 22 Jan 2016 21:11:53 +0000
with message-id <20160122211153.GP2181@riva.ucam.org>
and subject line Re: Bug#812368: openssh-server: sshd thinks PuTTY can't do diffie-hellman-group-exchange-sha256
has caused the Debian Bug report #812368,
regarding openssh-server: sshd thinks PuTTY can't do diffie-hellman-group-exchange-sha256
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
812368: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812368
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-server
Version: 1:7.1p2-2
Severity: normal

Dear Maintainer,

I'm trying to connect to my system from a Windows client using PuTTY.
The particular version of PuTTY I'm using is TortoisePlink 0.63.0.9999
from the Xpra distribution.  It supports the key exchange 
diffie-hellman-group-exchange-sha256, which OpenSSH also supports.
However, it seems to be blocked by OpenSSH's compatibility mode.

The pertinent line from the log:

debug2: Compat: skipping algorithm
"diffie-hellman-group-exchange-sha256" [preauth]

I'm attaching the complete log.  Note that I'm using sslh to forward ssh
traffic arriving on port 443 to localhost port 22.


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.0.0 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssh-server depends on:
ii  adduser                 3.113+nmu3
ii  cdebconf [debconf-2.0]  0.201
ii  debconf [debconf-2.0]   1.5.58
ii  dpkg                    1.18.4
ii  init-system-helpers     1.24
ii  libaudit1               1:2.4.5-1
ii  libc6                   2.21-6
ii  libcomerr2              1.42.13-1
ii  libgssapi-krb5-2        1.13.2+dfsg-4
ii  libkrb5-3               1.13.2+dfsg-4
ii  libpam-modules          1.1.8-3.2
ii  libpam-runtime          1.1.8-3.2
ii  libpam0g                1.1.8-3.2
ii  libselinux1             2.4-3
ii  libssl1.0.2             1.0.2e-1
ii  libsystemd0             228-4
ii  libwrap0                7.6.q-25
ii  lsb-base                9.20160110
ii  openssh-client          1:7.1p2-2
ii  openssh-sftp-server     1:7.1p2-2
ii  procps                  2:3.3.11-3
ii  zlib1g                  1:1.2.8.dfsg-2+b1

Versions of packages openssh-server recommends:
ii  ncurses-term  6.0+20151024-2
ii  xauth         1:1.0.9-1

Versions of packages openssh-server suggests:
ii  molly-guard                      0.6.2
ii  monkeysphere                     0.37-3
ii  rssh                             2.3.4-4+b1
ii  ssh-askpass                      1:1.2.4.1-9
ii  ssh-askpass-gnome [ssh-askpass]  1:7.1p2-1
ii  ufw                              0.34-2

-- debconf information:
  ssh/new_config: true
  ssh/vulnerable_host_keys:
  ssh/disable_cr_auth: false
* ssh/insecure_telnetd:
  ssh/insecure_rshd:
  ssh/encrypted_host_key_but_no_keygen:
* ssh/use_old_init_script: true
  openssh-server/permit-root-login: false

# /usr/sbin/sshd -dd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 1235
debug2: parse_server_config: config /etc/ssh/sshd_config len 1235
debug1: sshd version OpenSSH_7.1, OpenSSL 1.0.2e 3 Dec 2015
debug1: private host key #0: ssh-rsa SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
debug1: private host key #1: ssh-ed25519 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-dd'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 44436 on 127.0.0.1 port 22
debug1: Client protocol version 2.0; client software version PuTTY_Local:_Mar_19_2015_19:02:45
debug1: match: PuTTY_Local:_Mar_19_2015_19:02:45 pat PuTTY_Local:*,PuTTY-Release-0.5*,PuTTY_Release_0.5*,PuTTY_Release_0.60*,PuTTY_Release_0.61*,PuTTY_Release_0.62*,PuTTY_Release_0.63*,PuTTY_Release_0.64* compat 0x00004000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1p2 Debian-2
debug2: fd 3 setting O_NONBLOCK
debug2: Network child is on pid 32034
debug1: permanently_set_uid: 101/65534 [preauth]
debug2: compat_kex_proposal: original KEX proposal: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 [preauth]
debug2: Compat: skipping algorithm "diffie-hellman-group-exchange-sha256" [preauth]
debug2: compat_kex_proposal: compat KEX proposal: curve25519-sha256@libssh.org [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-ed25519 [preauth]
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr [preauth]
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr [preauth]
debug2: kex_parse_kexinit: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com [preauth]
debug2: kex_parse_kexinit: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com [preauth]
debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1 [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss [preauth]
debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth]
debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth]
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5 [preauth]
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5 [preauth]
debug2: kex_parse_kexinit: none,zlib [preauth]
debug2: kex_parse_kexinit: none,zlib [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug1: kex: client->server aes256-ctr hmac-sha2-256 none [preauth]
debug1: kex: server->client aes256-ctr hmac-sha2-256 none [preauth]
Unable to negotiate with 127.0.0.1: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1 [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: Killing privsep child 32034
debug1: audit_event: unhandled event 12

--- End Message ---
--- Begin Message --- 
On Fri, Jan 22, 2016 at 03:30:18PM -0500, Brian Minton wrote:
> I'm trying to connect to my system from a Windows client using PuTTY.
> The particular version of PuTTY I'm using is TortoisePlink 0.63.0.9999
> from the Xpra distribution.  It supports the key exchange 
> diffie-hellman-group-exchange-sha256, which OpenSSH also supports.
> However, it seems to be blocked by OpenSSH's compatibility mode.

Right.  This is because that version of PuTTY used an old version of the
DH key exchange protocol, predating its standardisation in RFC 4419
(March 2006), and the OpenSSH server has intentionally dropped support
for that.  This is documented here:

  http://www.openssh.com/txt/release-6.9
  http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rfc4419.html

(The "backwards-compatibility code" mentioned in the latter link is
simply filtering out the relevant key exchange methods in the case of
clients that use the old protocol.)

Now, normally this would still all work fine, because that version of
PuTTY still has other key exchange algorithms in common with those that
the OpenSSH server accepts.  But it appears that you've turned most of
those off using the KexAlgorithms option in /etc/ssh/sshd_config:

> debug2: compat_kex_proposal: original KEX proposal: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 [preauth]

Fair enough, but one consequence of restricting those is reduced client
compatibility, as you're seeing here.  You'll need to find a suitable
executable based on PuTTY 0.65 or newer, and upgrade to that.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]

--- End Message ---
Reply to: