On 8/24/20 9:39 AM, Anderson Sasaki wrote:
----- Original Message -----
From: "QUANSHENG CHANG" <[email protected]>
To: [email protected]
Sent: Friday, August 21, 2020 11:42:31 PM
Subject: Help: Create a client to connect to SSH server, but it does not
support ssh-dss
Hi Everyone,
The libshh_0.9.3.2 was installed by vcpkg on my computer. The Visual C++
2015 is being used as developing tool. Platform: Windows 10 64bit.
I am writing a client program which connect to different SSH servers. It
works for most of servers, but one server I got error message like:
no match for method server host key algo: server [ssh-dss], client
[ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa]
I added ssh_options_set(my_ssh_session, SSH_OPTIONS_HOSTKEYS,
"ssh-dss,ecdh-sha2-nistp256"); in my code, but it still not work.
Any suggestion, how to make the libssh support ssh-dss ?
Hello,
I believe libssh in vcpkg is compiled using mbed TLS as the crypto back end.
Unfortunately, mbed TLS doesn't support DSA.
You can compile libssh using OpenSSL as the backend to have ssh-dss support.
If you have control over that server, I strongly suggest updating it to support
modern algorithms.
Or even better update server with some more secure host keys (or talk
with the server administrator to do so).
DSA security is really questionable and you should not depend on it in
any for any production servers. Additionally, it will be disabled in the
future libssh versions out of the box for all crypto backends.
Regards,
--
Jakub Jelen
Senior Software Engineer
Crypto Team, Security Engineering
Red Hat, Inc.
