Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

weakdh.org: Doesn't work with "KexAlgorithms curve25519-sha256@libssh.org" #532

Closed
rata opened this issue May 28, 2015 · 12 comments
Closed

weakdh.org: Doesn't work with "KexAlgorithms curve25519-sha256@libssh.org" #532

rata opened this issue May 28, 2015 · 12 comments

Comments

@rata
Copy link

@rata rata commented May 28, 2015

As suggested here: https://weakdh.org/sysadmin.html on the new weakdh.org attack site, one solution is to use:

KexAlgorithms curve25519-sha256@libssh.org

On the sshd_config of the server. So that lines restricts the KexAlgorithms to just that one. But that makes paramiko unable to connect.

It throws this error:

No handlers could be found for logger "paramiko.transport"

Fatal error: Incompatible ssh peer (no acceptable kex algorithm)

Underlying exception:
    Incompatible ssh peer (no acceptable kex algorithm)

I'm using paramiko==1.15.2 (the last release). Can you please consider fixing this ?

@bitprophet
Copy link
Member

@bitprophet bitprophet commented May 28, 2015

See #256 #356 :) thanks!

@bitprophet bitprophet closed this May 28, 2015
@rata
Copy link
Author

@rata rata commented May 28, 2015

Sorry @bitprophet, but I don't follow. That seems to be a pull req just changing to Sphinx.

Did you mean some other pull req ? If that is the case, can I know which one and when it will be included in a release ? :)

@bitprophet
Copy link
Member

@bitprophet bitprophet commented May 29, 2015

@rata - yea, that was a typo (probably induced by the fact that the topic involves "256"), I meant #356.

@rata
Copy link
Author

@rata rata commented Jun 6, 2015

Cool, thanks. But @bitprophet do you know when a new release that I can use with curve25519-sha256@libssh.org will be available ?

As I said, this is kind of important because of what weakdh.org site says

@rata
Copy link
Author

@rata rata commented Jun 11, 2015

@bitprophet can you pelase re-open as this doesn't seem to be fixed with pull req #356 (as https://github.com/gertvdijk commented) ?

@rata
Copy link
Author

@rata rata commented Jun 11, 2015

Thanks! The issue is as easy to reproduce as I originally reported. Let me know if I can help testing or something.

Thanks again!
Rodrigo

@bitprophet
Copy link
Member

@bitprophet bitprophet commented Jun 13, 2015

Will do, and thanks a lot for your input! I'll be tearing through all these key related issues in the near future.

@rata
Copy link
Author

@rata rata commented Jun 16, 2015

Thanks a lot! Let me know if I can help you testing or something!

@iandennismiller
Copy link

@iandennismiller iandennismiller commented Dec 18, 2016

The weakdh.org recommendations ultimately brought me here.

There is a temporary fix that permits Paramiko to function without curve 25519. This is essentially described at https://weakdh.org/sysadmin.html#openssh although it is not obvious how to apply it to the Paramiko situation. I have clarified the instructions for Paramiko users:

Generate fresh 2048-bit modulii

Assuming your sshd configuration is in /etc/ssh, the following would overwrite the weak moduli that ship with openssh by default.

ssh-keygen -G /etc/ssh/moduli-2048.candidates -b 2048
ssh-keygen -T /etc/ssh/moduli -f /etc/ssh/moduli-2048.candidates

Set the available sshd key exchange algorithms:

In /etc/ssh/sshd_config, specify the available algorithms to include a non-elliptic-curve algorithm.

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group14-sha1

This provides a fallback algorithm that Paramiko can use that will at least make use of the fresh 2048-bit modulii we generated, thereby mitigating weakdh (according to weakdh.org recommendations).

Of course, the solution for Paramiko is still to merge code that supports curve 25519... I have to confess I haven't tried to solve this, so I know I've got no standing to complain. I hope this temporary fix helps in the meanwhile.

@enmanuel17
Copy link

@enmanuel17 enmanuel17 commented Aug 2, 2018

Hello @bitprophet ,

Thanks for maintaining paramiko. Do you know if there is any traction/implementing for curve25519-sha256@libssh.org

@usrbinsam
Copy link

@usrbinsam usrbinsam commented Jan 21, 2019

+1

As an added bonus, with support for this KEx and the other OpenSSH builtin MACs and Ciphers, you can build OpenSSH without OpenSSL/LibreSSL.

@bitprophet
Copy link
Member

@bitprophet bitprophet commented Jun 7, 2019

Closing this in lieu of the kex implementations liked above.

@bitprophet bitprophet closed this Jun 7, 2019
bitprophet added a commit that referenced this issue Jun 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

5 participants