Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ssh: curve25519-sha256@libssh.org is now curve25519-sha256 #48756

Closed
pasupuletisrinath opened this issue Oct 4, 2021 · 7 comments
Closed

x/crypto/ssh: curve25519-sha256@libssh.org is now curve25519-sha256 #48756

pasupuletisrinath opened this issue Oct 4, 2021 · 7 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Unreleased

Comments

@pasupuletisrinath
Copy link

What version of Go are you using (go version)?

$ go version
go version go1.14 windows/amd64

Does this issue reproduce with the latest release?

I didnt try with the latest version. As this is in production cannot suggest our team to update go version

What operating system and processor architecture are you using (go env)?

go env Output
$ go env

set GO111MODULE=

set GOARCH=amd64

set GOBIN=

set GOCACHE=D:\Users\srinathp\AppData\Local\go-build

set GOENV=D:\Users\srinathp\AppData\Roaming\go\env

set GOEXE=.exe

set GOFLAGS=

set GOHOSTARCH=amd64

set GOHOSTOS=windows

set GOINSECURE=

set GONOPROXY=

set GONOSUMDB=

set GOOS=windows

set GOPATH=D:\Users\srinathp\workspace\trax\go

set GOPRIVATE=

set GOPROXY=https://proxy.golang.org,direct

set GOROOT=c:\go

set GOSUMDB=sum.golang.org

set GOTMPDIR=

set GOTOOLDIR=c:\go\pkg\tool\windows_amd64

set GCCGO=gccgo

set AR=ar

set CC=gcc

set CXX=g++

set CGO_ENABLED=1

set GOMOD=

set CGO_CFLAGS=-g -O2

set CGO_CPPFLAGS=

set CGO_CXXFLAGS=-g -O2

set CGO_FFLAGS=-g -O2

set CGO_LDFLAGS=-g -O2

set PKG_CONFIG=pkg-config

set GOGCCFLAGS=-m64 -mthreads -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=D:\Users\srinathp\AppData\Local\Temp\go-build360633286=/tmp/go-build -gno-record-gcc-switches

What did you do?

var sshConfig ssh.Config
sshConfig.SetDefaults()
sshConfig.Ciphers = append(sshConfig.Ciphers, "aes256-cbc")
// Define the Client Config as:
config := &ssh.ClientConfig{
	Config: sshConfig,
	User:   remoteUser,
	Auth: []ssh.AuthMethod{
		ssh.PublicKeys(key),
	},
	HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}

client, err := ssh.Dial("tcp", fmt.Sprintf("%s:%s", remoteHost, remoteSSHPort), config)
if err != nil {
	errMsg := fmt.Sprintf("Error connecting to client: %s", err.Error())
	return nil, errors.New(errMsg)
}

What did you expect to see?

I expect to upload file to ssh server.

What did you see instead?

ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1], server offered: [diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256 diffie-hellman-group14-sha256@ssh.com curve25519-sha256]
@ALTree ALTree changed the title ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1], server offered: [diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256 diffie-hellman-group14-sha256@ssh.com curve25519-sha256] ssh: handshake failed: ssh: no common algorithm for key exchange Oct 4, 2021
@ALTree ALTree changed the title ssh: handshake failed: ssh: no common algorithm for key exchange x/crypto/ssh: handshake failed: no common algorithm for key exchange Oct 4, 2021
@gopherbot gopherbot added this to the Unreleased milestone Oct 4, 2021
@ALTree
Copy link
Member

ALTree commented Oct 4, 2021

I didnt try with the latest version. As this is in production cannot suggest our team to update go version

Go 1.14 is no longer supported, so even if this was an actual bug, you wouldn't benefit from an hypothetical fix, as the patch would be merged into 1.16 and 1.17 at best (the latest two Go versions are supported).

@pasupuletisrinath
Copy link
Author

are there any stronger cipher that are supported in that package?

@mknyszek mknyszek added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Oct 4, 2021
@mknyszek
Copy link
Contributor

mknyszek commented Oct 4, 2021

CC @FiloSottile @katiehockman @rolandshoemaker via https://dev.golang.org/owners

@seankhliao seankhliao added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Nov 2, 2021
@sticnarf sticnarf mentioned this issue Nov 5, 2021
Closed
@gopherbot
Copy link

Timed out in state WaitingForInfo. Closing.

(I am just a bot, though. Please speak up if this is a mistake or you have the requested information.)

@FiloSottile
Copy link
Contributor

Hmm, looks like curve25519-sha256 graduated from curve25519-sha256@libssh.org and we did not keep up.

@FiloSottile FiloSottile changed the title x/crypto/ssh: handshake failed: no common algorithm for key exchange x/crypto/ssh: curve25519-sha256@libssh.org is now curve25519-sha256 Dec 3, 2021
@FiloSottile FiloSottile added NeedsFix The path to resolution is known, but the work has not been done. and removed WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Dec 3, 2021
@FiloSottile FiloSottile reopened this Dec 3, 2021
@fev0ks
Copy link

fev0ks commented Feb 8, 2022
edited

Is there any WA to use kexAlgoCurve25519SHA256 as "curve25519-sha256" ?
I think fix is not too difficult if algorithms are the same for "curve25519-sha256" and "curve25519-sha256@libssh.org"
image_2022_02_08T11_43_14_145Z

update
385394: crypto/ssh: Add additional kex algorithm support | https://go-review.googlesource.com/c/crypto/+/385394

@gopherbot
Copy link

Change https://go.dev/cl/385394 mentions this issue: crypto/ssh: support new curve25519-sha256 kex name

pete-woods pushed a commit to CircleCI-Public/golang-crypto that referenced this issue Mar 14, 2022
@Finn9000 @FiloSottile
ssh: support new curve25519-sha256 kex name
7dfa0b8 
RFC 8731 standardized curve25519-sha256@libssh.org as curve25519-sha256,
and some systems only advertise support for the new name.

Fixes golang/go#48756

Change-Id: Ice35874cd8c07ad48752686ac368bf11ab793f77
Co-authored-by: Filippo Valsorda <filippo@golang.org>
iamacarpet pushed a commit to affordablemobiles/xcrypto that referenced this issue Aug 2, 2022
@Finn9000 @FiloSottile @iamacarpet
ssh: support new curve25519-sha256 kex name
0e77833 
RFC 8731 standardized curve25519-sha256@libssh.org as curve25519-sha256,
and some systems only advertise support for the new name.

Fixes golang/go#48756

Change-Id: Ice35874cd8c07ad48752686ac368bf11ab793f77
Co-authored-by: Filippo Valsorda <filippo@golang.org>
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/385394
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Trust: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LewiGoddard pushed a commit to LewiGoddard/crypto that referenced this issue Feb 16, 2023
@Finn9000 @FiloSottile
ssh: support new curve25519-sha256 kex name
7e9bcfb 
RFC 8731 standardized curve25519-sha256@libssh.org as curve25519-sha256,
and some systems only advertise support for the new name.

Fixes golang/go#48756

Change-Id: Ice35874cd8c07ad48752686ac368bf11ab793f77
Co-authored-by: Filippo Valsorda <filippo@golang.org>
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/385394
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Trust: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
@golang golang locked and limited conversation to collaborators Mar 14, 2023
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
@Finn9000 @FiloSottile
ssh: support new curve25519-sha256 kex name
b3c28bf 
RFC 8731 standardized curve25519-sha256@libssh.org as curve25519-sha256,
and some systems only advertise support for the new name.

Fixes golang/go#48756

Change-Id: Ice35874cd8c07ad48752686ac368bf11ab793f77
Co-authored-by: Filippo Valsorda <filippo@golang.org>
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/385394
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Trust: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
7 participants
@FiloSottile @mknyszek @ALTree @pasupuletisrinath @gopherbot @seankhliao @fev0ks