Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ssh: Doesn't support AES-CBC #16327

Closed
beauhoyt opened this issue Jul 12, 2016 · 2 comments
Closed

x/crypto/ssh: Doesn't support AES-CBC #16327

beauhoyt opened this issue Jul 12, 2016 · 2 comments
Labels
FrozenDueToAge

Comments

@beauhoyt
Copy link

beauhoyt commented Jul 12, 2016
edited

  1. What version of Go are you using (go version)?

go version go1.6.2 darwin/amd64

  1. What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/beau/go"
GORACE=""
GOROOT="/usr/local/Cellar/go/1.6.2/libexec"
GOTOOLDIR="/usr/local/Cellar/go/1.6.2/libexec/pkg/tool/darwin_amd64"
GO15VENDOREXPERIMENT="1"
CC="clang"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fno-common"
CXX="clang++"
CGO_ENABLED="1"

  1. What did you do?
    If possible, provide a recipe for reproducing the error.
    A complete runnable program is good.
    A link on play.golang.org is best.

Was trying to write a test to manage our Cisco IOS switch via SSH.

package main

import (
    "bytes"
    "fmt"
    "golang.org/x/crypto/ssh"
    "golang.org/x/crypto/ssh/agent"
    "net"
    "os"
)

func SSHAgent() ssh.AuthMethod {
    if sshAgent, err := net.Dial("unix", os.Getenv("SSh_AUTH_SOCK")); err == nil {
        return ssh.PublicKeysCallback(agent.NewClient(sshAgent).Signers)
    }
    return nil
}

func main() {
    config := &ssh.ClientConfig{
        User: "root",
        Auth: []ssh.AuthMethod{
            SSHAgent(),
        },
    }
    client, err := ssh.Dial("tcp", "asw01.sea01.office.priv:22", config)
    if err != nil {
        panic("Failed to dial: " + err.Error())
    }

    session, err := client.NewSession()
    if err != nil {
        panic("Failed to create session: " + err.Error())
    }

    var b bytes.Buffer
    session.Stdout = &b

    fmt.Println(b.String())
}
  1. What did you expect to see?




User Name:
  1. What did you see instead?
panic: Failed to dial: ssh: handshake failed: ssh: no common algorithm for client to server cipher; client offered: [aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128], server offered: [aes128-cbc 3des-cbc arcfour aes192-cbc aes256-cbc]

goroutine 1 [running]:
panic(0x1f1560, 0xc82000ab70)
    /usr/local/Cellar/go/1.6.2/libexec/src/runtime/panic.go:481 +0x3e6
main.main()
    /Users/beau/go/src/github.com/beauhoyt/test-ssh/main.go:28 +0x211
@bradfitz
Copy link
Contributor

You have to add "aes128-cbc" to your ssh.Config.Ciphers. It's disabled by default.

@beauhoyt
Copy link
Author

@bradfitz Thanks for the quick reply and solution :)

@golang golang locked and limited conversation to collaborators Jul 12, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bradfitz @beauhoyt @gopherbot