no client algorithms for hmac_client #654
Description
First of all I'm not expert in Ruby. Really appreciate if someone can help me on this.
Very high level issue is - We do have Ruby deployment scripts to deploy java application to EC2 server (push deployment)
-
That's working fine through my below local machine
uname -a
Linux quantumit-laptop 4.15.0-39-generic Don't depend on jruby-pageant unless we're installing under jruby #42-Ubuntu SMP Tue Oct 23 15:48:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux -
But fails from another EC2 instance
uname -a
Linux totalcheck-stg-nuc-jenkins-i-09607f8fa0827499f 4.14.88-88.73.amzn2.x86_64 Net:SSH problem with open_channel (Ruby 1.8.7) #1 SMP Thu Dec 13 18:04:55 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux -
Faliure is when trying to ssh through Ruby. To isolate the issue please consider the below Ruby script which trying to SSH
cat ssh-test.rb
require 'rubygems'
require 'net/ssh'Net::SSH.start("server-name", "user") do |ssh|
puts "Connected..."
end -
Below "could not settle on hmac_client algorithm" error comes
[root@totalcheck-nuc-jenkins-i-07aa232fcf10dad69 ~]# ruby ssh-test.rb
Traceback (most recent call last):
13: from ssh-test.rb:11:in<main>' 12: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh.rb:242:instart'
11: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh.rb:242:innew' 10: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/session.rb:90:ininitialize'
9: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/session.rb:223:inwait' 8: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/session.rb:223:inloop'
7: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/session.rb:225:inblock in wait' 6: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/session.rb:190:inpoll_message'
5: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/session.rb:190:inloop' 4: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/session.rb:210:inblock in poll_message'
3: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/algorithms.rb:150:inaccept_kexinit' 2: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/algorithms.rb:210:inproceed!'
1: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/algorithms.rb:333:innegotiate_algorithms' /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/algorithms.rb:354:innegotiate': could not settle on hmac_client algorithm (Net::SSH::Exception) -
There was a suggestion to update the net-ssh I tried few version and now got the latest but still the same issue
-
As a further experiment I went to 354 line (Net::SSH::Exception) in following file.
/usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/algorithms.rb:354
def negotiate(algorithm) match = self[algorithm].find { |item| @server_data[algorithm].include?(item) } raise Net::SSH::Exception, "could not settle on #{algorithm} algorithm" if match.nil? return match end
6.1 And wanted to print avalable client/server algorithm for each algorithm like hmac_client etc
So change the above code like below
def negotiate(algorithm)
puts "#{algorithm} ----------------self[algorithm]------------------"
puts self[algorithm]
puts "#{algorithm} ****************@server_data[algorithm]*******************"
puts @server_data[algorithm]
match = self[algorithm].find { |item| @server_data[algorithm].include?(item) }
raise Net::SSH::Exception, "could not settle on #{algorithm} algorithm" if match.nil?
return match
end
6.2 Now the ouput shows me NO client side algorithms fro hmac_client
[root@totalcheck-nuc-jenkins-i-07aa232fcf10dad69 ~]# ruby ssh-test.rb
kex ----------------client -- self[algorithm]------------------
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
kex ****************server -- @server_data[algorithm]*******************
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group14-sha256
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1
host_key ----------------client -- self[algorithm]------------------
ecdsa-sha2-nistp256
ssh-rsa
ssh-dss
ssh-rsa-cert-v01@openssh.com
ssh-rsa-cert-v00@openssh.com
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
host_key ****************server -- @server_data[algorithm]*******************
ssh-rsa
rsa-sha2-512
rsa-sha2-256
ecdsa-sha2-nistp256
ssh-ed25519
encryption_client ----------------client -- self[algorithm]------------------
aes256-ctr
aes192-ctr
aes128-ctr
encryption_client ****************server -- @server_data[algorithm]*******************
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
3des-cbc
encryption_server ----------------client -- self[algorithm]------------------
aes256-ctr
aes192-ctr
aes128-ctr
encryption_server ****************server -- @server_data[algorithm]*******************
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
3des-cbc
hmac_client ----------------client -- self[algorithm]------------------
hmac_client ****************server -- @server_data[algorithm]*******************
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1
Traceback (most recent call last):
13: from ssh-test.rb:11:in `<main>'
12: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh.rb:242:in `start'
11: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh.rb:242:in `new'
10: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/session.rb:90:in `initialize'
9: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/session.rb:223:in `wait'
8: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/session.rb:223:in `loop'
7: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/session.rb:225:in `block in wait'
6: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/session.rb:190:in `poll_message'
5: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/session.rb:190:in `loop'
4: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/session.rb:210:in `block in poll_message'
3: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/algorithms.rb:150:in `accept_kexinit'
2: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/algorithms.rb:210:in `proceed!'
1: from /usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/algorithms.rb:333:in `negotiate_algorithms'
/usr/local/rvm/rubies/ruby-2.5.3/lib/ruby/gems/2.5.0/gems/net-ssh-5.1.0/lib/net/ssh/transport/algorithms.rb:360:in `negotiate': could not settle on hmac_client algorithm (Net::SSH::Exception)
6.3 I'm talking about below -- Only the server algorithms are listed - why there is no client algorithms for hmac_client – I belive that’s why I get this error???
hmac_client ----------------client -- self[algorithm]------------------
hmac_client server -- @server_data[algorithm]***
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1
7. Environment
[root@totalcheck-nuc-jenkins-i-07aa232fcf10dad69 ~]# ruby -v
ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
[root@totalcheck-nuc-jenkins-i-07aa232fcf10dad69 ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@totalcheck-nuc-jenkins-i-07aa232fcf10dad69 ~]# gem list
*** LOCAL GEMS ***
bigdecimal (1.4.2, default: 1.3.4)
bundle (0.0.1)
bundler (1.17.3, default: 1.16.6)
bundler-unload (1.0.2)
cmath (default: 1.0.0)
csv (3.0.2, default: 1.0.0)
date (default: 1.0.0)
dbm (default: 1.0.0)
did_you_mean (1.3.0, 1.2.0)
domain_name (0.5.20180417)
etc (1.0.1, default: 1.0.0)
executable-hooks (1.6.0)
fcntl (default: 1.0.0)
fiddle (default: 1.0.0)
fileutils (1.1.0, default: 1.0.2)
gem-wrappers (1.4.0)
http-cookie (1.0.3)
io-console (default: 0.4.6)
ipaddr (1.2.2, default: 1.2.0)
json (default: 2.1.0)
mime-types (3.2.2)
mime-types-data (3.2018.0812)
minitest (5.11.3, 5.10.3)
net-sftp (2.1.2)
net-ssh (5.1.0)
net-telnet (0.2.0, 0.1.1)
netrc (0.11.0)
openssl (default: 2.1.2)
power_assert (1.1.3, 1.1.1)
psych (3.1.0, default: 3.0.2)
rake (12.3.2, 12.3.0)
rdoc (6.1.1, default: 6.0.1)
rest-client (2.0.2)
rubygems-bundler (1.4.5)
rvm (1.11.3.9)
scanf (default: 1.0.0)
sdbm (default: 1.0.0)
stringio (0.0.2, default: 0.0.1)
strscan (default: 1.0.0)
test-unit (3.2.9, 3.2.7)
unf (0.1.4)
unf_ext (0.0.7.5)
webrick (default: 1.4.2)
xmlrpc (0.3.0)
zlib (default: 1.0.0)