New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[exception] did not receive MSG_KEXINIT (20), instead received unknown message (1) #144
Comments
Please can you:
|
I've updated the initial post with the output. After skimming the Git Commit Messages, i don't think there is a particular fix in dev either. |
Hi, Thanks for providing the additional information requested. When ssh-audit is used against a server it acts as a client. The majority of the information that ssh-audit obtains is gathered by issuing an In my experience, when a client issues a To prove this point, I modified ssh-audit so that all calls to
I then proceeded to audit two different SSH servers, one of which was my own private server running OpenSSH and the other is the publicly available I was able to successfully audit both servers. Here's an excerpt from my modified ssh-audit showing that it sent "foo" for all algorithms in the
Here's an excerpt from my private SSH server showing that it received the value of "foo":
Here's an excerpt from my modified ssh-audit showing that it received a
The only consequence of ssh-audit sending "foo" in the In summary, when ssh-audit acts as a client, I don't think it can be responsible for a server failing to respond to a I would suggest that you try using another client tool to send a |
@BjoernAkAManf : can you reproduce this problem against a host available on the public Internet? If so, what is its hostname/IP? Otherwise, can you describe the server software & configuration that triggers it? This would help us debug the issue. Thanks! |
@BjoernAkAManf : I tested the
|
Hi!
I'm working on a product, that needs to implement ssh / scp themselves. I've read a dozens of rfc's myself already, but still would rather not implement everything myself. As such I've opted to use Apache Mina SSHD.
Trying to disable the ecdsa-sha2-nistp521 Signature however seems to be problematic. I can see, that ssh-audit tries connecting with only that signature algorithm and then see that the server implementation concludes, that a session cannot be negotiated properly. As such it sends the Message SSH_MSG_DISCONNECT (1), while logging the error message: "SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE - sendKexInit() no resolved signatures available".
However ssh-audit then fails to execute with the following message: [exception] did not receive MSG_KEXINIT (20), instead received unknown message (1). While reading the RFC 4253 i would say, that this is to be expected though, as on Page 18 it says:
My Test Code utilizes Containers (testContainers-java) and JUnit. For reference:
The cause of the error is linked here
I'm unsure on how one would approach this though. As I have not yet understood the code base here. My suggestion would be to check if the server disconnected, but i can see. that the protocol definition currently has no such field.
EDIT:
Output of Help Menu running in Docker Container
Output of --debug running in Docker Container (Error).
Supported Signatures:
ssh-dss
ssh-dss-cert-v01@openssh.com
ssh-rsa
ssh-rsa-cert-v01@openssh.com
rsa-sha2-256
rsa-sha2-256-cert-v01@openssh.com
rsa-sha2-512
rsa-sha2-512-cert-v01@openssh.com
ecdsa-sha2-nistp256
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384
ecdsa-sha2-nistp384-cert-v01@openssh.com
sk-ecdsa-sha2-nistp256@openssh.com
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
sk-ssh-ed25519@openssh.com
Output of --debug running in Docker Container (Successful, but audit fails).
Supported Signatures:
ssh-dss
ssh-dss-cert-v01@openssh.com
ssh-rsa
ssh-rsa-cert-v01@openssh.com
rsa-sha2-256
rsa-sha2-256-cert-v01@openssh.com
rsa-sha2-512
rsa-sha2-512-cert-v01@openssh.com
ecdsa-sha2-nistp256
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521
ecdsa-sha2-nistp521-cert-v01@openssh.com
sk-ecdsa-sha2-nistp256@openssh.com
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
sk-ssh-ed25519@openssh.com
The text was updated successfully, but these errors were encountered: