Re: OpenWRT Dropbear v2020.80: Exit before auth: No matching algo kex
Walter Harms wrote: > This is caused by changes in ssh_config. You can try: > ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 USER@TARGET > > or persistent in ssh_config > KexAlgorithms=+diffie-hellman-group1-sha1 > > your mileage may vary etc. > > re, > wh Thanks! This advice has shown me how to connect directly to an old OpenSSH server again (not Dropbear), instead of via intermediate hops on intermediate servers :) However after reading [1] I decided a safer kex is diffie-hellman-group14-sha1 (group14 instead of group1). Mentioning this in case it's also an option for old Dropbear/OpenWRT users. [1] https://tools.ietf.org/id/draft-ietf-curdle-ssh-kex-sha2-09.html#rfc.section.3.4 "Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)". Best, -- Jamie
Re: OpenWRT Dropbear v2020.80: Exit before auth: No matching algo kex
Forcing diffie-hellman-group1-sha1 shouldn't usually be necessary. The only case would be for servers prior to 2018.76 that compiled with all other default options disabled. Cheers, Matt > On Fri 23/10/2020, at 9:00 pm, Tang Jiye wrote: > > Hi Walter, > > What if I want to use ecdh and ecdsa for kex and signing while > diffie-hellman-group1-sha1 is disabled. > > It should work as well right ? > > Jiye > > Walter Harms mailto:wha...@bfs.de>> 于2020年10月23日周五 上午5:24写道: > This is caused by changes in ssh_config. You can try: > ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 USER@TARGET > > or persistent in ssh_config > KexAlgorithms=+diffie-hellman-group1-sha1 > > your mileage may vary etc. > > re, > wh > > Von: Dropbear [dropbear-boun...@ucc.asn.au > <mailto:dropbear-boun...@ucc.asn.au>] im Auftrag von Piotr Jurkiewicz > [piotr.jerzy.jurkiew...@gmail.com <mailto:piotr.jerzy.jurkiew...@gmail.com>] > Gesendet: Donnerstag, 22. Oktober 2020 20:33 > An: dropbear@ucc.asn.au <mailto:dropbear@ucc.asn.au> > Betreff: OpenWRT Dropbear v2020.80: Exit before auth: No matching algo kex > > Hi, > > when trying to connect to OpenWRT router (mipsel_24kc architecture) with > PyCharm (uses sshj v0.29.0 client library) I started to get the > following error: > > Exit before auth from : No matching algo kex > > I remember that couple of month ago it worked fine. I have downgraded > Dropbear package on the router to version from the previous OpenWRT > release (v2020.78) and indeed I am able to connect to it. > > I have tried removing the ed25519 hostkey in v2020.80, but it does not help. > > Below I am pasting hex dumps of negotiation on both versions: > > Dropbear v2020.80 (No matching algo kex): > > 53 53 48 2d 32 2e 30 2d 53 53 48 4a 5f 30 2e 32 SSH-2.0- SSHJ_0.2 > 0010 39 2e 30 0d 0a 9.0.. > 53 53 48 2d 32 2e 30 2d 64 72 6f 70 62 65 61 72 SSH-2.0- > dropbear > 0010 0d 0a 00 00 01 84 07 14 be 21 14 d9 76 eb d7 98 > .!..v... > 0020 a7 14 cd b1 ee ce 91 14 00 00 00 82 63 75 72 76 > curv > 0030 65 32 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 e25519-s > ha256,cu > 0040 72 76 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 rve25519 > -sha256@ > 0050 6c 69 62 73 73 68 2e 6f 72 67 2c 64 69 66 66 69 libssh.o > rg,diffi > 0060 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 e-hellma > n-group1 > 0070 34 2d 73 68 61 32 35 36 2c 64 69 66 66 69 65 2d 4-sha256 > ,diffie- > 0080 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 34 2d hellman- > group14- > 0090 73 68 61 31 2c 6b 65 78 67 75 65 73 73 32 40 6d sha1,kex > guess2@m > 00A0 61 74 74 2e 75 63 63 2e 61 73 6e 2e 61 75 00 00 att.ucc. > asn.au.. > 00B0 00 20 73 73 68 2d 65 64 32 35 35 31 39 2c 72 73 . ssh-ed > 25519,rs > 00C0 61 2d 73 68 61 32 2d 32 35 36 2c 73 73 68 2d 72 a-sha2-2 > 56,ssh-r > 00D0 73 61 00 00 00 33 63 68 61 63 68 61 32 30 2d 70 sa...3ch > acha20-p > 00E0 6f 6c 79 31 33 30 35 40 6f 70 65 6e 73 73 68 2e oly1305@ > openssh. > 00F0 63 6f 6d 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 com,aes1 > 28-ctr,a > 0100 65 73 32 35 36 2d 63 74 72 00 00 00 33 63 68 61 es256-ct > r...3cha > 0110 63 68 61 32 30 2d 70 6f 6c 79 31 33 30 35 40 6f cha20-po > ly1305@o > 0120 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 31 32 penssh.c > om,aes12 > 0130 38 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 74 72 8-ctr,ae > s256-ctr > 0140 00 00 00 17 68 6d 61 63 2d 73 68 61 31 2c 68 6d hmac > -sha1,hm > 0150 61 63 2d 73 68 61 32 2d 32 35 36 00 00 00 17 68 ac-sha2- > 256h > 0160 6d 61 63 2d 73 68 61 31 2c 68 6d 61 63 2d 73 68 mac-sha1 > ,hmac-sh > 0170 61 32 2d 32 35 36 00 00 00 04 6e 6f 6e 65 00 00 a2-256.. > ..none.. > 0180 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 ..none.. > > 0190 00 00 00 fd 9d 4e 7a a7 2d 49 .Nz. -I > 0015 00 00 08 d4 07 14 71 12 38 a7 62 81 7d 79 63 ca ..q. 8.b.}yc. > 0025 3c fb a3 f1 1e 8c 00 00 02 9c 63 75 72 76 65 32 <... ..curve2 > 0035 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 72 76 5519-sha 256,curv > 0045 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 6c 69 e25519-s ha256@li > 0055 62 73 73 68 2e 6f 72 67 2c 64 69 66 66 69 65 2d bssh.org > <http://bssh.org/> ,diffie- > 0065 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 hellman-
Re: OpenWRT Dropbear v2020.80: Exit before auth: No matching algo kex
Hi Walter, What if I want to use ecdh and ecdsa for kex and signing while diffie-hellman-group1-sha1 is disabled. It should work as well right ? Jiye Walter Harms 于2020年10月23日周五 上午5:24写道: > This is caused by changes in ssh_config. You can try: > ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 USER@TARGET > > or persistent in ssh_config > KexAlgorithms=+diffie-hellman-group1-sha1 > > your mileage may vary etc. > > re, > wh > > Von: Dropbear [dropbear-boun...@ucc.asn.au] im Auftrag von Piotr > Jurkiewicz [piotr.jerzy.jurkiew...@gmail.com] > Gesendet: Donnerstag, 22. Oktober 2020 20:33 > An: dropbear@ucc.asn.au > Betreff: OpenWRT Dropbear v2020.80: Exit before auth: No matching algo kex > > Hi, > > when trying to connect to OpenWRT router (mipsel_24kc architecture) with > PyCharm (uses sshj v0.29.0 client library) I started to get the > following error: > > Exit before auth from : No matching algo kex > > I remember that couple of month ago it worked fine. I have downgraded > Dropbear package on the router to version from the previous OpenWRT > release (v2020.78) and indeed I am able to connect to it. > > I have tried removing the ed25519 hostkey in v2020.80, but it does not > help. > > Below I am pasting hex dumps of negotiation on both versions: > > Dropbear v2020.80 (No matching algo kex): > > 53 53 48 2d 32 2e 30 2d 53 53 48 4a 5f 30 2e 32 SSH-2.0- > SSHJ_0.2 > 0010 39 2e 30 0d 0a 9.0.. > 53 53 48 2d 32 2e 30 2d 64 72 6f 70 62 65 61 72 SSH-2.0- > dropbear > 0010 0d 0a 00 00 01 84 07 14 be 21 14 d9 76 eb d7 98 > .!..v... > 0020 a7 14 cd b1 ee ce 91 14 00 00 00 82 63 75 72 76 > curv > 0030 65 32 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 e25519-s > ha256,cu > 0040 72 76 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 rve25519 > -sha256@ > 0050 6c 69 62 73 73 68 2e 6f 72 67 2c 64 69 66 66 69 libssh.o > rg,diffi > 0060 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 e-hellma > n-group1 > 0070 34 2d 73 68 61 32 35 36 2c 64 69 66 66 69 65 2d 4-sha256 > ,diffie- > 0080 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 34 2d hellman- > group14- > 0090 73 68 61 31 2c 6b 65 78 67 75 65 73 73 32 40 6d sha1,kex > guess2@m > 00A0 61 74 74 2e 75 63 63 2e 61 73 6e 2e 61 75 00 00 att.ucc. > asn.au.. > 00B0 00 20 73 73 68 2d 65 64 32 35 35 31 39 2c 72 73 . ssh-ed > 25519,rs > 00C0 61 2d 73 68 61 32 2d 32 35 36 2c 73 73 68 2d 72 a-sha2-2 > 56,ssh-r > 00D0 73 61 00 00 00 33 63 68 61 63 68 61 32 30 2d 70 sa...3ch > acha20-p > 00E0 6f 6c 79 31 33 30 35 40 6f 70 65 6e 73 73 68 2e oly1305@ > openssh. > 00F0 63 6f 6d 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 com,aes1 > 28-ctr,a > 0100 65 73 32 35 36 2d 63 74 72 00 00 00 33 63 68 61 es256-ct > r...3cha > 0110 63 68 61 32 30 2d 70 6f 6c 79 31 33 30 35 40 6f cha20-po > ly1305@o > 0120 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 31 32 penssh.c > om,aes12 > 0130 38 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 74 72 8-ctr,ae > s256-ctr > 0140 00 00 00 17 68 6d 61 63 2d 73 68 61 31 2c 68 6d hmac > -sha1,hm > 0150 61 63 2d 73 68 61 32 2d 32 35 36 00 00 00 17 68 ac-sha2- > 256h > 0160 6d 61 63 2d 73 68 61 31 2c 68 6d 61 63 2d 73 68 mac-sha1 > ,hmac-sh > 0170 61 32 2d 32 35 36 00 00 00 04 6e 6f 6e 65 00 00 a2-256.. > ..none.. > 0180 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 ..none.. > > 0190 00 00 00 fd 9d 4e 7a a7 2d 49 .Nz. -I > 0015 00 00 08 d4 07 14 71 12 38 a7 62 81 7d 79 63 ca ..q. > 8.b.}yc. > 0025 3c fb a3 f1 1e 8c 00 00 02 9c 63 75 72 76 65 32 <... > ..curve2 > 0035 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 72 76 5519-sha > 256,curv > 0045 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 6c 69 e25519-s > ha256@li > 0055 62 73 73 68 2e 6f 72 67 2c 64 69 66 66 69 65 2d bssh.org > ,diffie- > 0065 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 hellman- > group-ex > 0075 63 68 61 6e 67 65 2d 73 68 61 32 35 36 2c 65 63 change-s > ha256,ec > 0085 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 35 32 31 dh-sha2- > nistp521 > 0095 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 ,ecdh-sh > a2-nistp > 00A5 33 38 34 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 384,ecdh > -sha2-ni > 00B5 73 74 70 32 35 36 2c 64 69 66 66 69 65 2d 68 65 stp256,d > iffie-he > 00C5 6c 6c 6d
Re: OpenWRT Dropbear v2020.80: Exit before auth: No matching algo kex
Hi Piotr, Dropbear 2020.79 had some changes to the code that parses algorithms, it now is more strict about its MAX_PROPOSED_ALGO = 20 limit. Not intentionally, but as a side-effect. sshj advertises 30 different ciphers. I've increased the limit to 50 in https://hg.ucc.asn.au/dropbear/rev/7c0fcd19e492 and it also prints a message if it is reached. Someone else hit this same problem - I'll try and get a new release out soon. Cheers, Matt > On Fri 23/10/2020, at 2:33 am, Piotr Jurkiewicz > wrote: > > Hi, > > when trying to connect to OpenWRT router (mipsel_24kc architecture) with > PyCharm (uses sshj v0.29.0 client library) I started to get the following > error: > >Exit before auth from : No matching algo kex > > I remember that couple of month ago it worked fine. I have downgraded > Dropbear package on the router to version from the previous OpenWRT release > (v2020.78) and indeed I am able to connect to it. > > I have tried removing the ed25519 hostkey in v2020.80, but it does not help. > > Below I am pasting hex dumps of negotiation on both versions: > > Dropbear v2020.80 (No matching algo kex): > > 53 53 48 2d 32 2e 30 2d 53 53 48 4a 5f 30 2e 32 SSH-2.0- SSHJ_0.2 > 0010 39 2e 30 0d 0a 9.0.. > 53 53 48 2d 32 2e 30 2d 64 72 6f 70 62 65 61 72 SSH-2.0- > dropbear >0010 0d 0a 00 00 01 84 07 14 be 21 14 d9 76 eb d7 98 > .!..v... >0020 a7 14 cd b1 ee ce 91 14 00 00 00 82 63 75 72 76 > curv >0030 65 32 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 e25519-s > ha256,cu >0040 72 76 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 rve25519 > -sha256@ >0050 6c 69 62 73 73 68 2e 6f 72 67 2c 64 69 66 66 69 libssh.o > rg,diffi >0060 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 e-hellma > n-group1 >0070 34 2d 73 68 61 32 35 36 2c 64 69 66 66 69 65 2d 4-sha256 > ,diffie- >0080 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 34 2d hellman- > group14- >0090 73 68 61 31 2c 6b 65 78 67 75 65 73 73 32 40 6d sha1,kex > guess2@m >00A0 61 74 74 2e 75 63 63 2e 61 73 6e 2e 61 75 00 00 att.ucc. > asn.au.. >00B0 00 20 73 73 68 2d 65 64 32 35 35 31 39 2c 72 73 . ssh-ed > 25519,rs >00C0 61 2d 73 68 61 32 2d 32 35 36 2c 73 73 68 2d 72 a-sha2-2 > 56,ssh-r >00D0 73 61 00 00 00 33 63 68 61 63 68 61 32 30 2d 70 sa...3ch > acha20-p >00E0 6f 6c 79 31 33 30 35 40 6f 70 65 6e 73 73 68 2e oly1305@ > openssh. >00F0 63 6f 6d 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 com,aes1 > 28-ctr,a >0100 65 73 32 35 36 2d 63 74 72 00 00 00 33 63 68 61 es256-ct > r...3cha >0110 63 68 61 32 30 2d 70 6f 6c 79 31 33 30 35 40 6f cha20-po > ly1305@o >0120 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 31 32 penssh.c > om,aes12 >0130 38 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 74 72 8-ctr,ae > s256-ctr >0140 00 00 00 17 68 6d 61 63 2d 73 68 61 31 2c 68 6d hmac > -sha1,hm >0150 61 63 2d 73 68 61 32 2d 32 35 36 00 00 00 17 68 ac-sha2- > 256h >0160 6d 61 63 2d 73 68 61 31 2c 68 6d 61 63 2d 73 68 mac-sha1 > ,hmac-sh >0170 61 32 2d 32 35 36 00 00 00 04 6e 6f 6e 65 00 00 a2-256.. > ..none.. >0180 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 ..none.. > >0190 00 00 00 fd 9d 4e 7a a7 2d 49 .Nz. -I > 0015 00 00 08 d4 07 14 71 12 38 a7 62 81 7d 79 63 ca ..q. 8.b.}yc. > 0025 3c fb a3 f1 1e 8c 00 00 02 9c 63 75 72 76 65 32 <... ..curve2 > 0035 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 72 76 5519-sha 256,curv > 0045 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 6c 69 e25519-s ha256@li > 0055 62 73 73 68 2e 6f 72 67 2c 64 69 66 66 69 65 2d bssh.org ,diffie- > 0065 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 hellman- group-ex > 0075 63 68 61 6e 67 65 2d 73 68 61 32 35 36 2c 65 63 change-s ha256,ec > 0085 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 35 32 31 dh-sha2- nistp521 > 0095 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 ,ecdh-sh a2-nistp > 00A5 33 38 34 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 384,ecdh -sha2-ni > 00B5 73 74 70 32 35 36 2c 64 69 66 66 69 65 2d 68 65 stp256,d iffie-he > 00C5 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 63 68 llman-gr oup-exch > 00D5 61 6e 67 65 2d 73 68 61 31 2c 64 69 66 66 69 65 ange-sha 1,diffie > 00E5 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d -hellman -group1- > 00F5 73 68 61 31 2c 64 69 66 66 69 65 2d 68 65 6c 6c sha1,dif fie-hell > 0105 6d 61 6e 2d 67 72 6f 75 70 31 34 2d 73 68 61 31 man-grou p14-sha1 > 0115 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d ,diffie- hellman- > 0125 67 72 6f 75 70 31 34 2d 73 68 61 32 35 36 2c 64 group14- sha256,d > 0135 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 iffie-he llman-gr >
AW: OpenWRT Dropbear v2020.80: Exit before auth: No matching algo kex
This is caused by changes in ssh_config. You can try: ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 USER@TARGET or persistent in ssh_config KexAlgorithms=+diffie-hellman-group1-sha1 your mileage may vary etc. re, wh Von: Dropbear [dropbear-boun...@ucc.asn.au] im Auftrag von Piotr Jurkiewicz [piotr.jerzy.jurkiew...@gmail.com] Gesendet: Donnerstag, 22. Oktober 2020 20:33 An: dropbear@ucc.asn.au Betreff: OpenWRT Dropbear v2020.80: Exit before auth: No matching algo kex Hi, when trying to connect to OpenWRT router (mipsel_24kc architecture) with PyCharm (uses sshj v0.29.0 client library) I started to get the following error: Exit before auth from : No matching algo kex I remember that couple of month ago it worked fine. I have downgraded Dropbear package on the router to version from the previous OpenWRT release (v2020.78) and indeed I am able to connect to it. I have tried removing the ed25519 hostkey in v2020.80, but it does not help. Below I am pasting hex dumps of negotiation on both versions: Dropbear v2020.80 (No matching algo kex): 53 53 48 2d 32 2e 30 2d 53 53 48 4a 5f 30 2e 32 SSH-2.0- SSHJ_0.2 0010 39 2e 30 0d 0a 9.0.. 53 53 48 2d 32 2e 30 2d 64 72 6f 70 62 65 61 72 SSH-2.0- dropbear 0010 0d 0a 00 00 01 84 07 14 be 21 14 d9 76 eb d7 98 .!..v... 0020 a7 14 cd b1 ee ce 91 14 00 00 00 82 63 75 72 76 curv 0030 65 32 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 e25519-s ha256,cu 0040 72 76 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 rve25519 -sha256@ 0050 6c 69 62 73 73 68 2e 6f 72 67 2c 64 69 66 66 69 libssh.o rg,diffi 0060 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 e-hellma n-group1 0070 34 2d 73 68 61 32 35 36 2c 64 69 66 66 69 65 2d 4-sha256 ,diffie- 0080 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 34 2d hellman- group14- 0090 73 68 61 31 2c 6b 65 78 67 75 65 73 73 32 40 6d sha1,kex guess2@m 00A0 61 74 74 2e 75 63 63 2e 61 73 6e 2e 61 75 00 00 att.ucc. asn.au.. 00B0 00 20 73 73 68 2d 65 64 32 35 35 31 39 2c 72 73 . ssh-ed 25519,rs 00C0 61 2d 73 68 61 32 2d 32 35 36 2c 73 73 68 2d 72 a-sha2-2 56,ssh-r 00D0 73 61 00 00 00 33 63 68 61 63 68 61 32 30 2d 70 sa...3ch acha20-p 00E0 6f 6c 79 31 33 30 35 40 6f 70 65 6e 73 73 68 2e oly1305@ openssh. 00F0 63 6f 6d 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 com,aes1 28-ctr,a 0100 65 73 32 35 36 2d 63 74 72 00 00 00 33 63 68 61 es256-ct r...3cha 0110 63 68 61 32 30 2d 70 6f 6c 79 31 33 30 35 40 6f cha20-po ly1305@o 0120 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 31 32 penssh.c om,aes12 0130 38 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 74 72 8-ctr,ae s256-ctr 0140 00 00 00 17 68 6d 61 63 2d 73 68 61 31 2c 68 6d hmac -sha1,hm 0150 61 63 2d 73 68 61 32 2d 32 35 36 00 00 00 17 68 ac-sha2- 256h 0160 6d 61 63 2d 73 68 61 31 2c 68 6d 61 63 2d 73 68 mac-sha1 ,hmac-sh 0170 61 32 2d 32 35 36 00 00 00 04 6e 6f 6e 65 00 00 a2-256.. ..none.. 0180 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 ..none.. 0190 00 00 00 fd 9d 4e 7a a7 2d 49 .Nz. -I 0015 00 00 08 d4 07 14 71 12 38 a7 62 81 7d 79 63 ca ..q. 8.b.}yc. 0025 3c fb a3 f1 1e 8c 00 00 02 9c 63 75 72 76 65 32 <... ..curve2 0035 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 72 76 5519-sha 256,curv 0045 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 6c 69 e25519-s ha256@li 0055 62 73 73 68 2e 6f 72 67 2c 64 69 66 66 69 65 2d bssh.org ,diffie- 0065 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 hellman- group-ex 0075 63 68 61 6e 67 65 2d 73 68 61 32 35 36 2c 65 63 change-s ha256,ec 0085 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 35 32 31 dh-sha2- nistp521 0095 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 ,ecdh-sh a2-nistp 00A5 33 38 34 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 384,ecdh -sha2-ni 00B5 73 74 70 32 35 36 2c 64 69 66 66 69 65 2d 68 65 stp256,d iffie-he 00C5 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 63 68 llman-gr oup-exch 00D5 61 6e 67 65 2d 73 68 61 31 2c 64 69 66 66 69 65 ange-sha 1,diffie 00E5 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d -hellman -group1- 00F5 73 68 61 31 2c 64 69 66 66 69 65 2d 68 65 6c 6c sha1,dif fie-hell 0105 6d 61 6e 2d 67 72 6f 75 70 31 34 2d 73 68 61 31 man-grou p14-sha1 0115 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d ,diffie- hellman- 0125 67 72 6f 75 70 31 34 2d 73 68 61 32 35 36 2c 64 group14- sha256,d 0135 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 iffie-he llman-gr 0145 6f 75 70 31 35 2d 73 68 61 35 31 32 2c 64 69 66 oup15-sh a512,dif 0155 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 fie-hell
OpenWRT Dropbear v2020.80: Exit before auth: No matching algo kex
Hi, when trying to connect to OpenWRT router (mipsel_24kc architecture) with PyCharm (uses sshj v0.29.0 client library) I started to get the following error: Exit before auth from : No matching algo kex I remember that couple of month ago it worked fine. I have downgraded Dropbear package on the router to version from the previous OpenWRT release (v2020.78) and indeed I am able to connect to it. I have tried removing the ed25519 hostkey in v2020.80, but it does not help. Below I am pasting hex dumps of negotiation on both versions: Dropbear v2020.80 (No matching algo kex): 53 53 48 2d 32 2e 30 2d 53 53 48 4a 5f 30 2e 32 SSH-2.0- SSHJ_0.2 0010 39 2e 30 0d 0a 9.0.. 53 53 48 2d 32 2e 30 2d 64 72 6f 70 62 65 61 72 SSH-2.0- dropbear 0010 0d 0a 00 00 01 84 07 14 be 21 14 d9 76 eb d7 98 .!..v... 0020 a7 14 cd b1 ee ce 91 14 00 00 00 82 63 75 72 76 curv 0030 65 32 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 e25519-s ha256,cu 0040 72 76 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 rve25519 -sha256@ 0050 6c 69 62 73 73 68 2e 6f 72 67 2c 64 69 66 66 69 libssh.o rg,diffi 0060 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 e-hellma n-group1 0070 34 2d 73 68 61 32 35 36 2c 64 69 66 66 69 65 2d 4-sha256 ,diffie- 0080 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 34 2d hellman- group14- 0090 73 68 61 31 2c 6b 65 78 67 75 65 73 73 32 40 6d sha1,kex guess2@m 00A0 61 74 74 2e 75 63 63 2e 61 73 6e 2e 61 75 00 00 att.ucc. asn.au.. 00B0 00 20 73 73 68 2d 65 64 32 35 35 31 39 2c 72 73 . ssh-ed 25519,rs 00C0 61 2d 73 68 61 32 2d 32 35 36 2c 73 73 68 2d 72 a-sha2-2 56,ssh-r 00D0 73 61 00 00 00 33 63 68 61 63 68 61 32 30 2d 70 sa...3ch acha20-p 00E0 6f 6c 79 31 33 30 35 40 6f 70 65 6e 73 73 68 2e oly1305@ openssh. 00F0 63 6f 6d 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 com,aes1 28-ctr,a 0100 65 73 32 35 36 2d 63 74 72 00 00 00 33 63 68 61 es256-ct r...3cha 0110 63 68 61 32 30 2d 70 6f 6c 79 31 33 30 35 40 6f cha20-po ly1305@o 0120 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 31 32 penssh.c om,aes12 0130 38 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 74 72 8-ctr,ae s256-ctr 0140 00 00 00 17 68 6d 61 63 2d 73 68 61 31 2c 68 6d hmac -sha1,hm 0150 61 63 2d 73 68 61 32 2d 32 35 36 00 00 00 17 68 ac-sha2- 256h 0160 6d 61 63 2d 73 68 61 31 2c 68 6d 61 63 2d 73 68 mac-sha1 ,hmac-sh 0170 61 32 2d 32 35 36 00 00 00 04 6e 6f 6e 65 00 00 a2-256.. ..none.. 0180 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 ..none.. 0190 00 00 00 fd 9d 4e 7a a7 2d 49 .Nz. -I 0015 00 00 08 d4 07 14 71 12 38 a7 62 81 7d 79 63 ca ..q. 8.b.}yc. 0025 3c fb a3 f1 1e 8c 00 00 02 9c 63 75 72 76 65 32 <... ..curve2 0035 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 72 76 5519-sha 256,curv 0045 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 6c 69 e25519-s ha256@li 0055 62 73 73 68 2e 6f 72 67 2c 64 69 66 66 69 65 2d bssh.org ,diffie- 0065 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 hellman- group-ex 0075 63 68 61 6e 67 65 2d 73 68 61 32 35 36 2c 65 63 change-s ha256,ec 0085 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 35 32 31 dh-sha2- nistp521 0095 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 ,ecdh-sh a2-nistp 00A5 33 38 34 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 384,ecdh -sha2-ni 00B5 73 74 70 32 35 36 2c 64 69 66 66 69 65 2d 68 65 stp256,d iffie-he 00C5 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 63 68 llman-gr oup-exch 00D5 61 6e 67 65 2d 73 68 61 31 2c 64 69 66 66 69 65 ange-sha 1,diffie 00E5 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d -hellman -group1- 00F5 73 68 61 31 2c 64 69 66 66 69 65 2d 68 65 6c 6c sha1,dif fie-hell 0105 6d 61 6e 2d 67 72 6f 75 70 31 34 2d 73 68 61 31 man-grou p14-sha1 0115 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d ,diffie- hellman- 0125 67 72 6f 75 70 31 34 2d 73 68 61 32 35 36 2c 64 group14- sha256,d 0135 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 iffie-he llman-gr 0145 6f 75 70 31 35 2d 73 68 61 35 31 32 2c 64 69 66 oup15-sh a512,dif 0155 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 fie-hell man-grou 0165 70 31 36 2d 73 68 61 35 31 32 2c 64 69 66 66 69 p16-sha5 12,diffi 0175 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 e-hellma n-group1 0185 37 2d 73 68 61 35 31 32 2c 64 69 66 66 69 65 2d 7-sha512 ,diffie- 0195 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 38 2d hellman- group18- 01A5 73 68 61 35 31 32 2c 64 69 66 66 69 65 2d 68 65 sha512,d iffie-he 01B5 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 34 2d 73 68 llman-gr oup14-sh 01C5 61 32 35 36 40 73 73 68 2e 63 6f 6d 2c 64