sshd self connect problems

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

sshd self connect problems

Alexander Petrovsky-2
Hello, I've some strange problem, when I run ssh server and try to connect to it from code on the same machine I've got an error:

Selection of key exchange algorithm failed

Server:
ssh:daemon(Port, [{system_dir,            "/etc/ssh"},
                              {subsystems,           [wm_ssh_sftp_ext:subsystem_spec(),
                                                               ssh_sftpd:subsystem_spec([{cwd, _CWD = "/"}])]},  
                              {user_passwords,    [{"user", "pass"}]}]).

Client:
Opts = [{user, "user"},
             {password, "pass"},
             {silently_accept_hosts, true}],
ssh:connect(Node, Port, Opts, _Timeout = 5000).

When I capture ssh traffic I find out that the server doesn't suggest `host_key_algorithms`

                kex_algorithms length: 257
                kex_algorithms string [truncated]: ecdh-sha2-nistp384,ecdh-sha2-nistp521,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-grou
                server_host_key_algorithms length: 0
                server_host_key_algorithms string: [Empty]
                encryption_algorithms_client_to_server length: 98
                encryption_algorithms_client_to_server string: [hidden email],aes256-ctr,aes192-ctr,[hidden email],aes128-ctr,aes128-cbc,3des-cbc
                encryption_algorithms_server_to_client length: 98
                encryption_algorithms_server_to_client string: [hidden email],aes256-ctr,aes192-ctr,[hidden email],aes128-ctr,aes128-cbc,3des-cbc
                mac_algorithms_client_to_server length: 37
                mac_algorithms_client_to_server string: hmac-sha2-256,hmac-sha2-512,hmac-sha1
                mac_algorithms_server_to_client length: 37
                mac_algorithms_server_to_client string: hmac-sha2-256,hmac-sha2-512,hmac-sha1
                compression_algorithms_client_to_server length: 26
                compression_algorithms_client_to_server string: none,[hidden email],zlib
                compression_algorithms_server_to_client length: 26
                compression_algorithms_server_to_client string: none,[hidden email],zlib
                languages_client_to_server length: 0
                languages_client_to_server string: [Empty]
                languages_server_to_client length: 0
                languages_server_to_client string: [Empty]
                First KEX Packet Follows: 0
                Reserved: 00000000
            Padding String: 21850013139a828f718a

But the client has some values:

                kex_algorithms length: 257
                kex_algorithms string [truncated]: ecdh-sha2-nistp384,ecdh-sha2-nistp521,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-grou
                server_host_key_algorithms length: 101
                server_host_key_algorithms string: ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ecdsa-sha2-nistp256,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss
                encryption_algorithms_client_to_server length: 98
                encryption_algorithms_client_to_server string: [hidden email],aes256-ctr,aes192-ctr,[hidden email],aes128-ctr,aes128-cbc,3des-cbc
                encryption_algorithms_server_to_client length: 98
                encryption_algorithms_server_to_client string: [hidden email],aes256-ctr,aes192-ctr,[hidden email],aes128-ctr,aes128-cbc,3des-cbc
                mac_algorithms_client_to_server length: 37
                mac_algorithms_client_to_server string: hmac-sha2-256,hmac-sha2-512,hmac-sha1
                mac_algorithms_server_to_client length: 37
                mac_algorithms_server_to_client string: hmac-sha2-256,hmac-sha2-512,hmac-sha1
                compression_algorithms_client_to_server length: 26
                compression_algorithms_client_to_server string: none,[hidden email],zlib
                compression_algorithms_server_to_client length: 26
                compression_algorithms_server_to_client string: none,[hidden email],zlib
                languages_client_to_server length: 0
                languages_client_to_server string: [Empty]
                languages_server_to_client length: 0
                languages_server_to_client string: [Empty]
                First KEX Packet Follows: 0
                Reserved: 00000000
            Padding String: 49945334a432cfa4a0371700f6

Could someone help me please resolve this problem?

--
Петровский Александр / Alexander Petrovsky,

Skype: askjuise
Phone: +7 931 9877991


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: sshd self connect problems

Hans Nilsson R (AL/EAB)
Hi,

1) Are there host keys in /etc/ssh ?
2) Are the *private* keys in /etc/ssh and that directory readable by the user running erl ?

Note that it is potentially dangerous to make the private keys world readable.  I would
recommend you to generate new host keys (ssh-keygen) in a separate directory readable only by the user
running erlang.

/Hans

On 10/04/2018 11:13 PM, Alexander Petrovsky wrote:

> Hello, I've some strange problem, when I run ssh server and try to connect
> to it from code on the same machine I've got an error:
>
> Selection of key exchange algorithm failed
>
> Server:
>
>> ssh:daemon(Port, [{system_dir,            "/etc/ssh"},
>>                               {subsystems,
>>  [wm_ssh_sftp_ext:subsystem_spec(),
>>
>>  ssh_sftpd:subsystem_spec([{cwd, _CWD = "/"}])]},
>>                               {user_passwords,    [{"user", "pass"}]}]).
>
>
> Client:
>
>> Opts = [{user, "user"},
>>              {password, "pass"},
>>              {silently_accept_hosts, true}],
>> ssh:connect(Node, Port, Opts, _Timeout = 5000).
>
>
> When I capture ssh traffic I find out that the server doesn't suggest
> `host_key_algorithms`
>
>                 kex_algorithms length: 257
>>                 kex_algorithms string [truncated]:
>> ecdh-sha2-nistp384,ecdh-sha2-nistp521,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-grou
>>                 server_host_key_algorithms length: 0
>>                 server_host_key_algorithms string: [Empty]
>>                 encryption_algorithms_client_to_server length: 98
>>                 encryption_algorithms_client_to_server string:
>> [hidden email],aes256-ctr,aes192-ctr,[hidden email]
>> ,aes128-ctr,aes128-cbc,3des-cbc
>>                 encryption_algorithms_server_to_client length: 98
>>                 encryption_algorithms_server_to_client string:
>> [hidden email],aes256-ctr,aes192-ctr,[hidden email]
>> ,aes128-ctr,aes128-cbc,3des-cbc
>>                 mac_algorithms_client_to_server length: 37
>>                 mac_algorithms_client_to_server string:
>> hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>                 mac_algorithms_server_to_client length: 37
>>                 mac_algorithms_server_to_client string:
>> hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>                 compression_algorithms_client_to_server length: 26
>>                 compression_algorithms_client_to_server string: none,
>> [hidden email],zlib
>>                 compression_algorithms_server_to_client length: 26
>>                 compression_algorithms_server_to_client string: none,
>> [hidden email],zlib
>>                 languages_client_to_server length: 0
>>                 languages_client_to_server string: [Empty]
>>                 languages_server_to_client length: 0
>>                 languages_server_to_client string: [Empty]
>>                 First KEX Packet Follows: 0
>>                 Reserved: 00000000
>>             Padding String: 21850013139a828f718a
>
>
> But the client has some values:
>
>                 kex_algorithms length: 257
>>                 kex_algorithms string [truncated]:
>> ecdh-sha2-nistp384,ecdh-sha2-nistp521,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-grou
>>                 server_host_key_algorithms length: 101
>>                 server_host_key_algorithms string:
>> ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ecdsa-sha2-nistp256,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss
>>                 encryption_algorithms_client_to_server length: 98
>>                 encryption_algorithms_client_to_server string:
>> [hidden email],aes256-ctr,aes192-ctr,[hidden email]
>> ,aes128-ctr,aes128-cbc,3des-cbc
>>                 encryption_algorithms_server_to_client length: 98
>>                 encryption_algorithms_server_to_client string:
>> [hidden email],aes256-ctr,aes192-ctr,[hidden email]
>> ,aes128-ctr,aes128-cbc,3des-cbc
>>                 mac_algorithms_client_to_server length: 37
>>                 mac_algorithms_client_to_server string:
>> hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>                 mac_algorithms_server_to_client length: 37
>>                 mac_algorithms_server_to_client string:
>> hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>                 compression_algorithms_client_to_server length: 26
>>                 compression_algorithms_client_to_server string: none,
>> [hidden email],zlib
>>                 compression_algorithms_server_to_client length: 26
>>                 compression_algorithms_server_to_client string: none,
>> [hidden email],zlib
>>                 languages_client_to_server length: 0
>>                 languages_client_to_server string: [Empty]
>>                 languages_server_to_client length: 0
>>                 languages_server_to_client string: [Empty]
>>                 First KEX Packet Follows: 0
>>                 Reserved: 00000000
>>             Padding String: 49945334a432cfa4a0371700f6
>
>
> Could someone help me please resolve this problem?
>
>
>
> _______________________________________________
> erlang-questions mailing list
> [hidden email]
> http://erlang.org/mailman/listinfo/erlang-questions
>

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: sshd self connect problems

Alexander Petrovsky-2
Oh, you are absolutely right, the problem was in user  permission. Thanks a lot

пт, 5 окт. 2018 г. в 10:00, Hans Nilsson R <[hidden email]>:
Hi,

1) Are there host keys in /etc/ssh ?
2) Are the *private* keys in /etc/ssh and that directory readable by the user running erl ?

Note that it is potentially dangerous to make the private keys world readable.  I would
recommend you to generate new host keys (ssh-keygen) in a separate directory readable only by the user
running erlang.

/Hans

On 10/04/2018 11:13 PM, Alexander Petrovsky wrote:
> Hello, I've some strange problem, when I run ssh server and try to connect
> to it from code on the same machine I've got an error:
>
> Selection of key exchange algorithm failed
>
> Server:
>
>> ssh:daemon(Port, [{system_dir,            "/etc/ssh"},
>>                               {subsystems,
>>  [wm_ssh_sftp_ext:subsystem_spec(),
>>
>>  ssh_sftpd:subsystem_spec([{cwd, _CWD = "/"}])]},
>>                               {user_passwords,    [{"user", "pass"}]}]).
>
>
> Client:
>
>> Opts = [{user, "user"},
>>              {password, "pass"},
>>              {silently_accept_hosts, true}],
>> ssh:connect(Node, Port, Opts, _Timeout = 5000).
>
>
> When I capture ssh traffic I find out that the server doesn't suggest
> `host_key_algorithms`
>
>                 kex_algorithms length: 257
>>                 kex_algorithms string [truncated]:
>> ecdh-sha2-nistp384,ecdh-sha2-nistp521,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-grou
>>                 server_host_key_algorithms length: 0
>>                 server_host_key_algorithms string: [Empty]
>>                 encryption_algorithms_client_to_server length: 98
>>                 encryption_algorithms_client_to_server string:
>> [hidden email],aes256-ctr,aes192-ctr,[hidden email]
>> ,aes128-ctr,aes128-cbc,3des-cbc
>>                 encryption_algorithms_server_to_client length: 98
>>                 encryption_algorithms_server_to_client string:
>> [hidden email],aes256-ctr,aes192-ctr,[hidden email]
>> ,aes128-ctr,aes128-cbc,3des-cbc
>>                 mac_algorithms_client_to_server length: 37
>>                 mac_algorithms_client_to_server string:
>> hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>                 mac_algorithms_server_to_client length: 37
>>                 mac_algorithms_server_to_client string:
>> hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>                 compression_algorithms_client_to_server length: 26
>>                 compression_algorithms_client_to_server string: none,
>> [hidden email],zlib
>>                 compression_algorithms_server_to_client length: 26
>>                 compression_algorithms_server_to_client string: none,
>> [hidden email],zlib
>>                 languages_client_to_server length: 0
>>                 languages_client_to_server string: [Empty]
>>                 languages_server_to_client length: 0
>>                 languages_server_to_client string: [Empty]
>>                 First KEX Packet Follows: 0
>>                 Reserved: 00000000
>>             Padding String: 21850013139a828f718a
>
>
> But the client has some values:
>
>                 kex_algorithms length: 257
>>                 kex_algorithms string [truncated]:
>> ecdh-sha2-nistp384,ecdh-sha2-nistp521,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-grou
>>                 server_host_key_algorithms length: 101
>>                 server_host_key_algorithms string:
>> ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ecdsa-sha2-nistp256,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss
>>                 encryption_algorithms_client_to_server length: 98
>>                 encryption_algorithms_client_to_server string:
>> [hidden email],aes256-ctr,aes192-ctr,[hidden email]
>> ,aes128-ctr,aes128-cbc,3des-cbc
>>                 encryption_algorithms_server_to_client length: 98
>>                 encryption_algorithms_server_to_client string:
>> [hidden email],aes256-ctr,aes192-ctr,[hidden email]
>> ,aes128-ctr,aes128-cbc,3des-cbc
>>                 mac_algorithms_client_to_server length: 37
>>                 mac_algorithms_client_to_server string:
>> hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>                 mac_algorithms_server_to_client length: 37
>>                 mac_algorithms_server_to_client string:
>> hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>                 compression_algorithms_client_to_server length: 26
>>                 compression_algorithms_client_to_server string: none,
>> [hidden email],zlib
>>                 compression_algorithms_server_to_client length: 26
>>                 compression_algorithms_server_to_client string: none,
>> [hidden email],zlib
>>                 languages_client_to_server length: 0
>>                 languages_client_to_server string: [Empty]
>>                 languages_server_to_client length: 0
>>                 languages_server_to_client string: [Empty]
>>                 First KEX Packet Follows: 0
>>                 Reserved: 00000000
>>             Padding String: 49945334a432cfa4a0371700f6
>
>
> Could someone help me please resolve this problem?
>
>
>
> _______________________________________________
> erlang-questions mailing list
> [hidden email]
> http://erlang.org/mailman/listinfo/erlang-questions
>

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
--
Петровский Александр / Alexander Petrovsky,

Skype: askjuise
Phone: +7 931 9877991


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions