Description
What version of Go are you using (go version
)?
$ go version go version go1.12.5 linux/amd64
Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (go env
)?
go env
Output
$ go env GOARCH="amd64" GOBIN="/home/jae/.local/bin" GOCACHE="/home/jae/.cache/go-build" GOEXE="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOOS="linux" GOPATH="/home/jae/projects/go/golib:/home/jae/projects/go/gotools:/home/jae/projects/go/mylib" GOPROXY="" GORACE="" GOROOT="/home/jae/projects/go/goroot" GOTMPDIR="" GOTOOLDIR="/home/jae/projects/go/goroot/pkg/tool/linux_amd64" GCCGO="/usr/bin/gccgo" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="/home/jae/notes/developement/programming/go/examples/misc-tests/go.mod" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build225295978=/tmp/go-build -gno-record-gcc-switches"
What did you do?
I help maintain the github.com/pkg/sftp library and am helping a user with an ssh issue. They have an SFTP server that only supports some older ciphers, like 3des-cbc and they can't connect successfully. I've tried to simplify and reproduce their issue with some success. I've configured my local openssh server to only accept that cipher, with Ciphers 3des-cbc
in the sshd_config and was able to connect to it with the openssh client with ssh -c 3des-cbc localhost
. If I don't specify -c 3des-cbc
on the command line it won't connect with a negotiation error. So everything seems good on that side.
I then try to connect with a simple program using x/crypto/ssh set to use that same cipher and get the error ssh: handshake failed: EOF
and the openssh server spits out the following in the log.
May 15 20:41:26 XXX sshd[12686]: Bad packet length 1474871687. [preauth]
May 15 20:41:26 XXX sshd[12686]: ssh_dispatch_run_fatal: Connection from 127.0.0.1 port 53234: Connection corrupted [preauth]
My simple program to reproduce is..
package main
import (
"fmt"
"net"
"os"
"golang.org/x/crypto/ssh"
"golang.org/x/crypto/ssh/agent"
)
func main() {
sshagent, err := net.Dial("unix", os.Getenv("SSH_AUTH_SOCK"))
if err != nil {
panic(err)
}
signer := ssh.PublicKeysCallback(agent.NewClient(sshagent).Signers)
sshConfig := &ssh.ClientConfig{
User: os.ExpandEnv("$USER"),
Auth: []ssh.AuthMethod{signer},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
sshConfig.SetDefaults()
sshConfig.Ciphers = []string{"3des-cbc"}
_, err = ssh.Dial("tcp", "localhost:22", sshConfig)
fmt.Printf("%v\n", err)
}
What did you expect to see?
No error and have it connect.
What did you see instead?
ssh: handshake failed: EOF
Thanks.