Re: OpenWRT Dropbear v2020.80: Exit before auth: No matching algo kex
Hi Walter, What if I want to use ecdh and ecdsa for kex and signing while diffie-hellman-group1-sha1 is disabled. It should work as well right ? Jiye Walter Harms 于2020年10月23日周五 上午5:24写道: > This is caused by changes in ssh_config. You can try: > ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 USER@TARGET > > or persistent in ssh_config > KexAlgorithms=+diffie-hellman-group1-sha1 > > your mileage may vary etc. > > re, > wh > > Von: Dropbear [dropbear-boun...@ucc.asn.au] im Auftrag von Piotr > Jurkiewicz [piotr.jerzy.jurkiew...@gmail.com] > Gesendet: Donnerstag, 22. Oktober 2020 20:33 > An: dropbear@ucc.asn.au > Betreff: OpenWRT Dropbear v2020.80: Exit before auth: No matching algo kex > > Hi, > > when trying to connect to OpenWRT router (mipsel_24kc architecture) with > PyCharm (uses sshj v0.29.0 client library) I started to get the > following error: > > Exit before auth from : No matching algo kex > > I remember that couple of month ago it worked fine. I have downgraded > Dropbear package on the router to version from the previous OpenWRT > release (v2020.78) and indeed I am able to connect to it. > > I have tried removing the ed25519 hostkey in v2020.80, but it does not > help. > > Below I am pasting hex dumps of negotiation on both versions: > > Dropbear v2020.80 (No matching algo kex): > > 53 53 48 2d 32 2e 30 2d 53 53 48 4a 5f 30 2e 32 SSH-2.0- > SSHJ_0.2 > 0010 39 2e 30 0d 0a 9.0.. > 53 53 48 2d 32 2e 30 2d 64 72 6f 70 62 65 61 72 SSH-2.0- > dropbear > 0010 0d 0a 00 00 01 84 07 14 be 21 14 d9 76 eb d7 98 > .!..v... > 0020 a7 14 cd b1 ee ce 91 14 00 00 00 82 63 75 72 76 > curv > 0030 65 32 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 e25519-s > ha256,cu > 0040 72 76 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 rve25519 > -sha256@ > 0050 6c 69 62 73 73 68 2e 6f 72 67 2c 64 69 66 66 69 libssh.o > rg,diffi > 0060 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 e-hellma > n-group1 > 0070 34 2d 73 68 61 32 35 36 2c 64 69 66 66 69 65 2d 4-sha256 > ,diffie- > 0080 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 34 2d hellman- > group14- > 0090 73 68 61 31 2c 6b 65 78 67 75 65 73 73 32 40 6d sha1,kex > guess2@m > 00A0 61 74 74 2e 75 63 63 2e 61 73 6e 2e 61 75 00 00 att.ucc. > asn.au.. > 00B0 00 20 73 73 68 2d 65 64 32 35 35 31 39 2c 72 73 . ssh-ed > 25519,rs > 00C0 61 2d 73 68 61 32 2d 32 35 36 2c 73 73 68 2d 72 a-sha2-2 > 56,ssh-r > 00D0 73 61 00 00 00 33 63 68 61 63 68 61 32 30 2d 70 sa...3ch > acha20-p > 00E0 6f 6c 79 31 33 30 35 40 6f 70 65 6e 73 73 68 2e oly1305@ > openssh. > 00F0 63 6f 6d 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 com,aes1 > 28-ctr,a > 0100 65 73 32 35 36 2d 63 74 72 00 00 00 33 63 68 61 es256-ct > r...3cha > 0110 63 68 61 32 30 2d 70 6f 6c 79 31 33 30 35 40 6f cha20-po > ly1305@o > 0120 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 31 32 penssh.c > om,aes12 > 0130 38 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 74 72 8-ctr,ae > s256-ctr > 0140 00 00 00 17 68 6d 61 63 2d 73 68 61 31 2c 68 6d hmac > -sha1,hm > 0150 61 63 2d 73 68 61 32 2d 32 35 36 00 00 00 17 68 ac-sha2- > 256h > 0160 6d 61 63 2d 73 68 61 31 2c 68 6d 61 63 2d 73 68 mac-sha1 > ,hmac-sh > 0170 61 32 2d 32 35 36 00 00 00 04 6e 6f 6e 65 00 00 a2-256.. > ..none.. > 0180 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 ..none.. > > 0190 00 00 00 fd 9d 4e 7a a7 2d 49 .Nz. -I > 0015 00 00 08 d4 07 14 71 12 38 a7 62 81 7d 79 63 ca ..q. > 8.b.}yc. > 0025 3c fb a3 f1 1e 8c 00 00 02 9c 63 75 72 76 65 32 <... > ..curve2 > 0035 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 72 76 5519-sha > 256,curv > 0045 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 6c 69 e25519-s > ha256@li > 0055 62 73 73 68 2e 6f 72 67 2c 64 69 66 66 69 65 2d bssh.org > ,diffie- > 0065 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 hellman- > group-ex > 0075 63 68 61 6e 67 65 2d 73 68 61 32 35 36 2c 65 63 change-s > ha256,ec > 0085 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 35 32 31 dh-sha2- > nistp521 > 0095 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 ,ecdh-sh > a2-nistp > 00A5 33 38 34 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 384,ecdh > -sha2-ni > 00B5 73 74 70 32 35 36 2c 64 69 66 66 69 65 2d 68 65 stp256,d > iffie-he > 00C5 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 63 68 llman-gr > oup-exch > 00D5 61 6e 67 65 2d 73 68 61 31 2c 64 69 66 66 69 65 ange-sha > 1,diffie > 00E5 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d -hellman > -group1- > 00F5 73 68 61 31 2c 64 69 66 66 69 65 2d 68 65 6c 6c sha1,dif > fie-hell > 0105 6d 61 6e 2d 67 72 6f 75 70
Dropbear Agent Protocol
Hi, Does dropbear support agent protocol which use for key management and key signing? Regards, Jiye
Running Dropbear in Cygwin
Hi, I have recently encountered not able to talk to the server using dbclient on the cigwin The verbose from the cigwin is: My server only has aes-gcm for the cipher and does not have cbc and ctr. Also how am I able to enable aes gcm from compiling. I did make DROPBEAR_ENABLE_GCM_MODE 1 But I also encountered this error: ==error=== In file included from ../options.h:24, from src/headers/tomcrypt_dropbear.h:2, from src/headers/tomcrypt_custom.h:13, from src/headers/tomcrypt.h:22, from src/ciphers/aes/aes.c:31: *../sysoptions.h:258:3: error: #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."* 258 | #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'." | ^ make[1]: *** [Makefile:246: src/ciphers/aes/aes.o] Error 1 make[1]: Leaving directory '/home/jitang/Archive/dropbear-DROPBEAR_2020.80/libtomcrypt' make: *** [Makefile:234: libtomcrypt/libtomcrypt.a] Error 2 === >From verbose user:~/Dropbear/dropbear$ ./dbclient -vv username@ip TRACE (6505) 0.00: host is: username@ip TRACE (6505) 0.72: loadidentityfile /home/jitang/.ssh/id_dropbear TRACE (6505) 0.000635: user='root' host='10.185.100.126' port='22' bind_address='(null)' bind_port='(null)' TRACE (6505) 0.000681: enter session_init TRACE (6505) 0.000687: update_channel_prio TRACE (6505) 0.000692: leave update_channel_prio: no socket TRACE (6505) 0.000700: setnonblocking: 5 TRACE (6505) 0.000706: leave setnonblocking TRACE (6505) 0.000711: setnonblocking: 6 TRACE (6505) 0.000716: leave setnonblocking TRACE (6505) 0.000730: leave session_init TRACE (6505) 0.000744: proxy command PID='0' TRACE (6505) 0.000754: kexinitialise() TRACE (6505) 0.000762: algolist add 225 'curve25519-sha256, curve25519-sha...@libssh.org ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1, kexgue...@matt.ucc.asn.au,ext-info-c' TRACE (6505) 0.000772: algolist add 100 'ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,ssh-rsa,ssh-dss' TRACE (6505) 0.000778: algolist add 97 'chacha20-poly1...@openssh.com, aes128-...@openssh.com,aes256-...@openssh.com,aes128-ctr,aes256-ctr' TRACE (6505) 0.000784: algolist add 97 'chacha20-poly1...@openssh.com, aes128-...@openssh.com,aes256-...@openssh.com,aes128-ctr,aes256-ctr' TRACE (6505) 0.000790: algolist add 23 'hmac-sha1,hmac-sha2-256' TRACE (6505) 0.000795: algolist add 23 'hmac-sha1,hmac-sha2-256' TRACE (6505) 0.000800: algolist add 26 'z...@openssh.com,zlib,none' TRACE (6505) 0.000805: algolist add 26 'z...@openssh.com,zlib,none' TRACE (6505) 0.000816: send_msg_kexdh_init() TRACE (6505) 0.002027: DATAALLOWED=0 TRACE (6505) 0.002033: -> KEXINIT TRACE (6505) 0.002046: setnonblocking: 10 TRACE (6505) 0.002055: leave setnonblocking TRACE (6505) 0.003231: maybe_empty_reply_queue - no data allowed TRACE (6505) 0.003261: handling 10.185.100.126 port 22 socket 10 TRACE (6505) 0.003269: update_channel_prio TRACE (6505) 0.003273: update_channel_prio: not any TRACE (6505) 0.003278: Dropbear priority transitioning 10 -> 11 TRACE (6505) 0.003294: Couldn't set IPV6_TCLASS (Protocol not available) TRACE (6505) 0.003303: leave handle_connect_fds - success TRACE (6505) 0.003327: empty queue dequeing TRACE (6505) 0.006992: enter ident_readln TRACE (6505) 0.007017: leave ident_readln: read error TRACE (6505) 0.007024: error reading remote ident: Connection reset by peer TRACE (6505) 0.007042: Exited, cleaning up: Remote closed the connection TRACE (6505) 0.007049: enter session_cleanup TRACE (6505) 0.007054: enter chancleanup TRACE (6505) 0.007059: leave chancleanup TRACE (6505) 0.007066: enter cli_tty_cleanup TRACE (6505) 0.007070: leave cli_tty_cleanup: not in raw mode TRACE (6505) 0.007079: leave session_cleanup ./dbclient: Connection to username@ip exited: Remote closed the connection Wonder if anyone knows this thanks. Regards, Jiye
