Skip to content

x/crypto/ssh: "ssh: handshake failed: EOF" with 3des-cbc #32075

Open
@eikenb

Description

@eikenb

What version of Go are you using (go version)?

$ go version
go version go1.12.5 linux/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GOARCH="amd64"
GOBIN="/home/jae/.local/bin"
GOCACHE="/home/jae/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/jae/projects/go/golib:/home/jae/projects/go/gotools:/home/jae/projects/go/mylib"
GOPROXY=""
GORACE=""
GOROOT="/home/jae/projects/go/goroot"
GOTMPDIR=""
GOTOOLDIR="/home/jae/projects/go/goroot/pkg/tool/linux_amd64"
GCCGO="/usr/bin/gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/home/jae/notes/developement/programming/go/examples/misc-tests/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build225295978=/tmp/go-build -gno-record-gcc-switches"

What did you do?

I help maintain the github.com/pkg/sftp library and am helping a user with an ssh issue. They have an SFTP server that only supports some older ciphers, like 3des-cbc and they can't connect successfully. I've tried to simplify and reproduce their issue with some success. I've configured my local openssh server to only accept that cipher, with Ciphers 3des-cbc in the sshd_config and was able to connect to it with the openssh client with ssh -c 3des-cbc localhost. If I don't specify -c 3des-cbc on the command line it won't connect with a negotiation error. So everything seems good on that side.

I then try to connect with a simple program using x/crypto/ssh set to use that same cipher and get the error ssh: handshake failed: EOF and the openssh server spits out the following in the log.

May 15 20:41:26 XXX sshd[12686]: Bad packet length 1474871687. [preauth]
May 15 20:41:26 XXX sshd[12686]: ssh_dispatch_run_fatal: Connection from 127.0.0.1 port 53234: Connection corrupted [preauth]

My simple program to reproduce is..

package main

import (
	"fmt"
	"net"
	"os"

	"golang.org/x/crypto/ssh"
	"golang.org/x/crypto/ssh/agent"
)

func main() {
	sshagent, err := net.Dial("unix", os.Getenv("SSH_AUTH_SOCK"))
	if err != nil {
		panic(err)
	}
	signer := ssh.PublicKeysCallback(agent.NewClient(sshagent).Signers)

	sshConfig := &ssh.ClientConfig{
		User:            os.ExpandEnv("$USER"),
		Auth:            []ssh.AuthMethod{signer},
		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
	}
	sshConfig.SetDefaults()
	sshConfig.Ciphers = []string{"3des-cbc"}

	_, err = ssh.Dial("tcp", "localhost:22", sshConfig)
	fmt.Printf("%v\n", err)
}

What did you expect to see?

No error and have it connect.

What did you see instead?

ssh: handshake failed: EOF

Thanks.

Metadata

Metadata

Assignees

No one assigned

    Labels

    NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions