[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#908839: Some of my stretch ssh clients can no longer negotiate chacha20-poly1305

Package: openssh-client
Version: 1:7.6p1-2
Severity: important
File: openssh

This is not the machine which shows this error; I was unable to
install reportbug there due to:

  reportbug : Depends: python3-reportbug (= 7.1.7+deb9u2) but it is not going to be installed

On that other machine, any mention of chacha20-poly1305@openssh.com in
the Ciphers list before an alg which both sides support prevents
cipher negotiation.

Other stretch machines work fine (including this one, which already
had reportbug installed).

The other machine is also on 1:7.6p1-2, and is configured very similarly.

One interesting thing from -vv output, is that it ends with:

  Unable to negotiate with IP.ADD.RE.SS port NUM: no matching cipher found. Their offer: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.comssh.com,aes256-gcm@openssh.com

Note the aes256-gcm@openssh.comssh.com in there.

-- System Information: Debian Release: stretch APT prefers stable
APT policy: (500, 'stable') Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-042stab127.2 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages openssh-client depends on:
ii  adduser           3.116
ii  dpkg    
ii  libc6             2.25-6
ii  libedit2          3.1-20170329-1
ii  libgssapi-krb5-2  1.15.2-2
ii  libselinux1       2.7-2
ii  libssl1.0.2       1.0.2n-1
ii  passwd            1:4.5-1
ii  zlib1g            1:1.2.8.dfsg-5

Versions of packages openssh-client recommends:
pn  xauth  <none>

Versions of packages openssh-client suggests:
pn  keychain      <none>
pn  libpam-ssh    <none>
pn  monkeysphere  <none>
pn  ssh-askpass   <none>

-- no debconf information

Reply to: