Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix unsupported cipher 'aes128-gcm' #2219

Open
ClementJeannesson opened this issue Mar 29, 2023 · 6 comments
Open

Fix unsupported cipher 'aes128-gcm' #2219

ClementJeannesson opened this issue Mar 29, 2023 · 6 comments

Comments

@ClementJeannesson
Copy link

A recent update of Scalingo (March 24th 2023) deprecated some ciphers (encryption algorithms). As a consequence, it is impossible to connect to Scalingo-hosted databases through SSH tunneling using Paramiko, as Scalingo-compatible ciphers are no longer supported by Paramiko.

To be more precise, I get next error when I try to open my SSH tunnel:

>>> ssh_tunnel.start()
2023-03-29 10:40:30,109| ERROR   | Exception (client): Incompatible ssh server (no acceptable ciphers)
2023-03-29 10:40:30,112| ERROR   | Traceback (most recent call last):
2023-03-29 10:40:30,112| ERROR   |   File "/Users/clement.jeannesson/.pyenv/versions/test_paramiko/lib/python3.9/site-packages/paramiko/transport.py", line 2137, in run
2023-03-29 10:40:30,113| ERROR   |     self._handler_table[ptype](self, m)
2023-03-29 10:40:30,113| ERROR   |   File "/Users/clement.jeannesson/.pyenv/versions/test_paramiko/lib/python3.9/site-packages/paramiko/transport.py", line 2257, in _negotiate_keys
2023-03-29 10:40:30,113| ERROR   |     self._parse_kex_init(m)
2023-03-29 10:40:30,113| ERROR   |   File "/Users/clement.jeannesson/.pyenv/versions/test_paramiko/lib/python3.9/site-packages/paramiko/transport.py", line 2510, in _parse_kex_init
2023-03-29 10:40:30,113| ERROR   |     raise IncompatiblePeer(
2023-03-29 10:40:30,113| ERROR   | paramiko.ssh_exception.IncompatiblePeer: Incompatible ssh server (no acceptable ciphers)
2023-03-29 10:40:30,113| ERROR   | 
2023-03-29 10:40:30,113| ERROR   | Could not connect to gateway ssh.osc-fr1.scalingo.com:22 : Incompatible ssh server (no acceptable ciphers)

It seems Paramiko supports next ciphers: ('aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-cbc', 'aes192-cbc', 'aes256-cbc', '3des-cbc'), while Scalingo removed ('aes128-ctr', 'aes192-ctr', 'aes256-ctr') to keep only
('chacha20-poly1305', 'aes128-gcm'), making Scalingo not compatible with the use of paramiko.

My request: is it possible to add support for the cipher 'aes128-gcm' ?

I tried to patch myself transport.py to add the missing cipher, with no success. I added 'aes128-gcm' in Transport._preferred_ciphers and

        "aes128-gcm": {
            "class": algorithms.AES,
            "mode": modes.GCM,
            "block-size": 16,
            "key-size": 16,
        },

in Transport._cipher_info. Is there something missing ?

Tests have been done using paramiko version 3.1.0, and Python 3.9.2.

@vikanezrimaya
Copy link

The cipher is actually called aes128-gcm@openssh.com, that's why it wasn't used. The problem is -- AES-GCM is an authenticated cipher, and when using the name of the cipher, Paramiko happily tries to use it -- but it doesn't append the authentication tag of the cipher, and a remote OpenSSH server rejects the packet as invalid (because it essentially is).

Reading through the source code, it seems like the packetizer is actually responsible for encrypting packets -- so it needs to be modified to properly use the AES-GCM ciphers and append the necessary authentication tags.

@vikanezrimaya
Copy link

While we're at it, might as well consider adding aes256-gcm@openssh.com and chacha20-poly1305@openssh.com to this list. These have essentially the same properties, and implementing support for one will make adding the others trivial.

@vikanezrimaya
Copy link

transport.py:2664 sets the outbound cipher for the packetizer. It seems to have some special handling for -ctr ciphers already. The Packetizer class is then responsible for building packets, and it encrypts them in the send_message() function (packet.py:405-412).

@vikanezrimaya
Copy link

The aes128-gcm@openssh.com and aes256-gcm@openssh.com ciphers were introduced in OpenSSH 6.2. The changelog says (Markdown formatting mine):

  • ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in SSH protocol 2. The new cipher is available as aes128-gcm@openssh.com and aes256-gcm@openssh.com. It uses an identical packet format to the AES-GCM mode specified in RFC 5647, but uses simpler and different selection rules during key exchange.

@jun66j5
Copy link
Contributor

jun66j5 commented Mar 29, 2023

Pull request #2157 has been proposed.

@bskinn
Copy link
Contributor

bskinn commented Apr 25, 2023

Flagging this for consideration as part of #387.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants