Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unknown key Name("ecdsa-sha2-nistp256") #259

Closed
TwilightVanish opened this issue Mar 7, 2024 · 6 comments
Closed

unknown key Name("ecdsa-sha2-nistp256") #259

TwilightVanish opened this issue Mar 7, 2024 · 6 comments

Comments

@TwilightVanish
Copy link

Something is going wrong when exchanging keys (similar to #227?). However it doesn't seem like ecdsa-sha2-nistp256 is the selected host key algorithm from ssh logs. This issue also appears when running the example echoserver provided in the repo.

Russh logs:

[2024-03-07T15:05:06Z DEBUG russh::ssh_read] read_ssh_id: reading
[2024-03-07T15:05:06Z DEBUG russh::ssh_read] read 33
[2024-03-07T15:05:06Z DEBUG russh::ssh_read] Ok("SSH-2.0-OpenSSH_for_Windows_8.1\r\n")
[2024-03-07T15:05:06Z DEBUG russh::server::kex] server kex init: [20, 31, 170, 16, 116, 62, 105, 241, 26, 202, 247, 11, 9, 253, 96, 228, 149, 0, 0, 0, 146, 99, 117, 114, 118, 101, 50, 53, 53, 49, 57, 45, 115, 104, 97, 50, 53, 54, 44, 99, 117, 114, 118, 101, 50, 53, 53, 49, 57, 45, 115, 104, 97, 50, 53, 54, 
64, 108, 105, 98, 115, 115, 104, 46, 111, 114, 103, 44, 100, 105, 102, 102, 105, 101, 45, 104, 101, 108, 108, 109, 97, 110, 45, 103, 114, 111, 117, 112, 49, 54, 45, 115, 104, 97, 53, 49, 50, 44, 100, 105, 102, 102, 105, 101, 45, 104, 101, 108, 108, 109, 97, 110, 45, 103, 114, 111, 117, 112, 49, 52, 45, 115,
 104, 97, 50, 53, 54, 44, 101, 120, 116, 45, 105, 110, 102, 111, 45, 115, 44, 107, 101, 120, 45, 115, 116, 114, 105, 99, 116, 45, 115, 45, 118, 48, 48, 64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, 0, 0, 0, 11, 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 85, 99, 104, 97, 99, 104, 97
, 50, 48, 45, 112, 111, 108, 121, 49, 51, 48, 53, 64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, 44, 97, 101, 115, 50, 53, 54, 45, 103, 99, 109, 64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, 44, 97, 101, 115, 50, 53, 54, 45, 99, 116, 114, 44, 97, 101, 115, 49, 57, 50, 45, 99, 116, 114, 
44, 97, 101, 115, 49, 50, 56, 45, 99, 116, 114, 0, 0, 0, 85, 99, 104, 97, 99, 104, 97, 50, 48, 45, 112, 111, 108, 121, 49, 51, 48, 53, 64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, 44, 97, 101, 115, 50, 53, 54, 45, 103, 99, 109, 64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, 44, 97, 101
, 115, 50, 53, 54, 45, 99, 116, 114, 44, 97, 101, 115, 49, 57, 50, 45, 99, 116, 114, 44, 97, 101, 115, 49, 50, 56, 45, 99, 116, 114, 0, 0, 0, 123, 104, 109, 97, 99, 45, 115, 104, 97, 50, 45, 53, 49, 50, 45, 101, 116, 109, 64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, 44, 104, 109, 97, 99, 45, 115
, 104, 97, 50, 45, 50, 53, 54, 45, 101, 116, 109, 64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, 44, 104, 109, 97, 99, 45, 115, 104, 97, 50, 45, 53, 49, 50, 44, 104, 109, 97, 99, 45, 115, 104, 97, 50, 45, 50, 53, 54, 44, 104, 109, 97, 99, 45, 115, 104, 97, 49, 45, 101, 116, 109, 64, 111, 112, 101,
 110, 115, 115, 104, 46, 99, 111, 109, 44, 104, 109, 97, 99, 45, 115, 104, 97, 49, 0, 0, 0, 123, 104, 109, 97, 99, 45, 115, 104, 97, 50, 45, 53, 49, 50, 45, 101, 116, 109, 64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, 44, 104, 109, 97, 99, 45, 115, 104, 97, 50, 45, 50, 53, 54, 45, 101, 116, 109, 
64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, 44, 104, 109, 97, 99, 45, 115, 104, 97, 50, 45, 53, 49, 50, 44, 104, 109, 97, 99, 45, 115, 104, 97, 50, 45, 50, 53, 54, 44, 104, 109, 97, 99, 45, 115, 104, 97, 49, 45, 101, 116, 109, 64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, 44, 104, 10
9, 97, 99, 45, 115, 104, 97, 49, 0, 0, 0, 26, 110, 111, 110, 101, 44, 122, 108, 105, 98, 44, 122, 108, 105, 98, 64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, 0, 0, 0, 26, 110, 111, 110, 101, 44, 122, 108, 105, 98, 44, 122, 108, 105, 98, 64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, 0, 
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
[2024-03-07T15:05:06Z DEBUG russh::cipher] writing, seqn = 0
[2024-03-07T15:05:06Z DEBUG russh::cipher] padding length 4
[2024-03-07T15:05:06Z DEBUG russh::cipher] packet_length 692
[2024-03-07T15:05:06Z DEBUG russh::ssh_read] id 33 33
[2024-03-07T15:05:06Z DEBUG russh::cipher] reading, len = [0, 0, 5, 108]
[2024-03-07T15:05:06Z DEBUG russh::cipher] reading, seqn = 0
[2024-03-07T15:05:06Z DEBUG russh::cipher] reading, clear len = 1388
[2024-03-07T15:05:06Z DEBUG russh::cipher] read_exact 1392
[2024-03-07T15:05:06Z DEBUG russh::cipher] read_exact done
[2024-03-07T15:05:06Z DEBUG russh::cipher] reading, padding_length 4
[2024-03-07T15:05:06Z DEBUG russh::negotiation] kex 216
[2024-03-07T15:05:06Z DEBUG russh::negotiation] kex 238
[2024-03-07T15:05:06Z DEBUG russh::negotiation] kex 246
[2024-03-07T15:05:06Z DEBUG russh::negotiation] client_compression = None
[2024-03-07T15:05:06Z DEBUG russh::server::kex] unknown key Name("ecdsa-sha2-nistp256")
[2024-03-07T15:05:06Z DEBUG russh::server] Connection closed with error

SSH logs:

OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data C:\\Users\\Windows/.ssh/config
debug1: C:\\Users\\Windows/.ssh/config line 6: Applying options for testing
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug2: ssh_connect_direct
debug1: Connecting to testing [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file C:\\Users\\Windows/.ssh/id_rsa type 0
debug1: identity file C:\\Users\\Windows/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\Windows/.ssh/id_dsa type -1
debug1: identity file C:\\Users\\Windows/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\Windows/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\Windows/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\Windows/.ssh/id_ed25519 type 3
debug1: identity file C:\\Users\\Windows/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\Windows/.ssh/id_xmss type -1
debug1: identity file C:\\Users\\Windows/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version russh_0.43.0-beta.1
debug1: no match: russh_0.43.0-beta.1
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 127.0.0.1:2222 as 'windows'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,ext-info-s,kex-strict-s-v00@openssh.com
debug2: host key algorithms: ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1-etm@openssh.com,hmac-sha1
debug2: MACs stoc: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1-etm@openssh.com,hmac-sha1
debug2: compression ctos: none,zlib,zlib@openssh.com
debug2: compression stoc: none,zlib,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 2222: Unknown error

To solve this issue I need to specifically add "HostKeyAlgorithms ssh-ed25519" to my ssh config.

host testing
	Hostname 127.0.0.1
	Port 2222
	HostKeyAlgorithms ssh-ed25519
@Eugeny
Copy link
Member

Eugeny commented Mar 7, 2024

Are you on the latest version of the crate?

@TwilightVanish
Copy link
Author

Yes, I'm running latest - v0.43.0-beta.1

@T0b1-iOS
Copy link

T0b1-iOS commented Mar 19, 2024
edited

So the problems seems to be that the server will filter out the host key algorithms for which it does not have keys when offering them to the client but will not do the same when selecting the algorithm on the server side. This will cause it to incorrectly choose ecdsa-sha2-nistp256 every time a client offers it.

I made a commit to fix this.
I can make a PR but I don't know if the code style fits particularily well.
Maybe @Eugeny has an opinion on that.

This should also fix #245 since I also encountered it when using libgit2

Eugeny added a commit that referenced this issue Mar 20, 2024
@Eugeny
fixed #259, fixed #245, ref #227 - fixed host key algo selection when…
767314e 
… Preferred::key and the available host keys don't match
@Eugeny
Copy link
Member

Eugeny commented Mar 20, 2024

@T0b1-iOS thanks! I've reworked your code a bit and put it up in #262

@TwilightVanish @Qix- could you please give it a try?

@TwilightVanish
Copy link
Author

Thanks for the update, @Eugeny! I've tested the changes in #262, and everything seems to be working smoothly on my end.

Eugeny added a commit that referenced this issue Mar 21, 2024
@Eugeny
#259, #245, ref #227 - fixed host key algo selection when Preferred::…
62366e9 
…key and the available host keys don't match (#262)
@Qix-
Copy link

Qix- commented Mar 30, 2024

Thanks for doing this! I haven't had the chance to test, been keeping this 'unread' until I do (I'm on vacation at the moment and we were using Russh at work).

Despite being closed already I'll still keep this on my list and check it next week and report back for good measure.

Highly appreciated :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Eugeny @Qix- @T0b1-iOS @TwilightVanish