-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSHKit Fails in OTP-23 #156
Comments
Hi @CharlesOkwuagwu, thanks for reporting this. 💚 Judging from the error output, it looks like this is an issue with OTP, not SSHKit. I did a quick investigation, looking at recent changes in the
Maybe your server's using one of those? Apparently, as a means of validating this hypothesis, you can re-enable them by passing a This is just a hunch from a few minutes of research though. I hope it can help you figure out more of what's going on. Happy to hear back from you. 🙂 |
@pmeinhardt Thanks for your response. Please can you show me the settings needed to ensure SSH in OTP-23 works with all OTP-22 algorithms enabled? i'm getting this error now, after following the third link you suggested above:
after applying this:
|
That's quite difficult to do, I don't control the servers / environments I am connecting to. |
Like I wrote before, I am only making a guess here that it is related to the changes in the algos enabled by default. I can't be 100% sure, but it seems like a reasonable place to start. If you don't control the server yourself, you may want to reach out to someone who does, when you've confirmed the algorithms are really the problem. As a last resort, if you're okay with the potential security risk for some reason, maybe you don't need to upgrade to OTP 23 right now, but can instead stick with 22.3 for a little bit longer to understand this problem better.
I can somewhat understand your frustration. On the other hand there are a few things you might want to consider. First off, it's a major version release, so you cannot expect everything to work exactly the same as before. I know for a fact that the people working on OTP are quite careful about introducing breaking changes. At the same time, secure defaults are more important than backwards compatibility. Finally, the SSHKit issues aren't really the place to complain about whether or not this update to OTP should have been opt-in or not. 🙂✌️ opt = [
user_interaction: false,
silently_accept_hosts: true,
user: String.to_charlist(@server_username),
password: String.to_charlist(@server_password),
modify_algorithms: [{:append, [{:kex, ['diffie-hellman-group1-sha1']}]}]
] The way you're passing the Maybe someone on the Elixir or OTP message boards can provide further assistance. 🤔 |
try as atom |
@jfis Thanks. I get this now:
|
that is the same error as when there's no :modify_algorithms in options, so double check that it truly did get passed to the connect. also double check for typos. you might need a different kex than diffie-hellman-group1-sha1. you'll see something like: one of the listed must be what it used to use (i dont know how well this translates to Windows 10) |
I Was doing something wrong ... this totally works
|
Hey @CharlesOkwuagwu, I am so happy you figured it out. 🙌 So the key was to |
Either work. I was totally not passing the
|
Environment
SSHKit.ex version (
mix deps
): {:sshkit, "~> 0.3"}Elixir & Erlang/OTP version (
elixir -v
):Erlang/OTP 23 [erts-11.0] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1]
Elixir 1.10.3 (compiled with Erlang/OTP 21)
Operating system (local): Windows 10
Operating system (remote): SUN
SSH version (remote,
ssh -V
): 'SSH-2.0-Sun_SSH_1.1.5'Expected Behavior
Works in OTP 22.3 and earlier.
Actual Behavior
Fails in OTP-23
The text was updated successfully, but these errors were encountered: