KeyExchangeError exception

[belkir]

Bug reports

Steps to reproduce:

1. Example code that produces error: Python 3.8.3 (default, Jun 18 2020, 20:51:40) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linux Type "help", "copyright", "credits" or "license" for more information.

   import socket from ssh2.session import Session

   host = '10.10.11.121' sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((host, 22)) session = Session() session.handshake(sock) Traceback (most recent call last): File "", line 1, in File "ssh2/session.pyx", line 105, in ssh2.session.Session.handshake File "ssh2/utils.pyx", line 138, in ssh2.utils.handle_error_codes ssh2.exceptions.KeyExchangeError

2. ssh -vvv 10.10.11.121

   OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
   debug1: Reading configuration data /etc/ssh/ssh_config
   debug1: /etc/ssh/ssh_config line 58: Applying options for *
   debug2: resolving "10.10.11.121" port 22
   debug2: ssh_connect_direct: needpriv 0
   debug1: Connecting to 10.10.11.121 [10.10.11.121] port 22.
   debug1: Connection established.
   debug1: permanently_set_uid: 0/0
   debug1: identity file /root/.ssh/id_rsa type 1
   debug1: key_load_public: No such file or directory
   debug1: identity file /root/.ssh/id_rsa-cert type -1
   debug1: key_load_public: No such file or directory
   debug1: identity file /root/.ssh/id_dsa type -1
   debug1: key_load_public: No such file or directory
   debug1: identity file /root/.ssh/id_dsa-cert type -1
   debug1: key_load_public: No such file or directory
   debug1: identity file /root/.ssh/id_ecdsa type -1
   debug1: key_load_public: No such file or directory
   debug1: identity file /root/.ssh/id_ecdsa-cert type -1
   debug1: key_load_public: No such file or directory
   debug1: identity file /root/.ssh/id_ed25519 type -1
   debug1: key_load_public: No such file or directory
   debug1: identity file /root/.ssh/id_ed25519-cert type -1
   debug1: Enabling compatibility mode for protocol 2.0
   debug1: Local version string SSH-2.0-OpenSSH_7.4
   debug1: Remote protocol version 2.0, remote software version Cisco-1.25
   debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x60000000
   debug2: fd 3 setting O_NONBLOCK
   debug1: Authenticating to 10.10.11.121:22 as 'root'
   debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
   debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:6
   debug3: load_hostkeys: loaded 1 keys from 10.10.11.121
   debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
   debug3: send packet: type 20
   debug1: SSH2_MSG_KEXINIT sent
   debug3: receive packet: type 20
   debug1: SSH2_MSG_KEXINIT received
   debug2: local client KEXINIT proposal
   debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
   debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
   debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
   debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
   debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
   debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
   debug2: compression ctos: none,zlib@openssh.com,zlib
   debug2: compression stoc: none,zlib@openssh.com,zlib
   debug2: languages ctos:
   debug2: languages stoc:
   debug2: first_kex_follows 0
   debug2: reserved 0
   debug2: peer server KEXINIT proposal
   debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
   debug2: host key algorithms: ssh-rsa
   debug2: ciphers ctos: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
   debug2: ciphers stoc: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
   debug2: MACs ctos: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
   debug2: MACs stoc: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
   debug2: compression ctos: none
   debug2: compression stoc: none
   debug2: languages ctos:
   debug2: languages stoc:
   debug2: first_kex_follows 0
   debug2: reserved 0
   debug1: kex: algorithm: diffie-hellman-group-exchange-sha1
   debug1: kex: host key algorithm: ssh-rsa
   debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha1 compression: none
   debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha1 compression: none
   debug1: kex: diffie-hellman-group-exchange-sha1 need=20 dh_need=20
   debug1: kex: diffie-hellman-group-exchange-sha1 need=20 dh_need=20
   debug3: send packet: type 34
   debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent
   debug3: receive packet: type 31
   debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
   debug2: bits set: 2011/4096
   debug3: send packet: type 32
   debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
   debug3: receive packet: type 33
   debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
   debug1: Server host key: ssh-rsa SHA256:CQS0yuck6Ka996k/NVyfvKrHDLi7mMtrRAOmcNdt4cA
   debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
   debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:6
   debug3: load_hostkeys: loaded 1 keys from 10.10.11.121
   debug1: Host '10.10.11.121' is known and matches the RSA host key.
   debug1: Found key in /root/.ssh/known_hosts:6
   debug2: bits set: 2048/4096
   debug3: send packet: type 21
   debug2: set_newkeys: mode 1
   debug1: rekey after 4294967296 blocks
   debug1: SSH2_MSG_NEWKEYS sent
   debug1: expecting SSH2_MSG_NEWKEYS
   debug3: receive packet: type 21
   debug1: SSH2_MSG_NEWKEYS received
   debug2: set_newkeys: mode 0
   debug1: rekey after 4294967296 blocks
   debug2: key: /root/.ssh/id_rsa (0x56062f6e25a0)
   debug2: key: /root/.ssh/id_dsa ((nil))
   debug2: key: /root/.ssh/id_ecdsa ((nil))
   debug2: key: /root/.ssh/id_ed25519 ((nil))
   debug3: send packet: type 5
   debug3: receive packet: type 6
   debug2: service_accept: ssh-userauth
   debug1: SSH2_MSG_SERVICE_ACCEPT received
   debug3: send packet: type 50
   debug3: receive packet: type 51
   debug1: Authentications that can continue: publickey,keyboard-interactive,password
   debug3: start over, passed a different list publickey,keyboard-interactive,password
   debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
   debug3: authmethod_lookup publickey
   debug3: remaining preferred: keyboard-interactive,password
   debug3: authmethod_is_enabled publickey
   debug1: Next authentication method: publickey
   debug1: Offering RSA public key: /root/.ssh/id_rsa
   debug3: send_pubkey_test
   debug3: send packet: type 50
   debug2: we sent a publickey packet, wait for reply
   debug3: receive packet: type 51
   debug1: Authentications that can continue: publickey,keyboard-interactive,password
   debug1: Trying private key: /root/.ssh/id_dsa
   debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
   debug1: Trying private key: /root/.ssh/id_ecdsa
   debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
   debug1: Trying private key: /root/.ssh/id_ed25519
   debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
   debug2: we did not send a packet, disable method
   debug3: authmethod_lookup keyboard-interactive
   debug3: remaining preferred: password
   debug3: authmethod_is_enabled keyboard-interactive
   debug1: Next authentication method: keyboard-interactive
   debug2: userauth_kbdint
   debug3: send packet: type 50
   debug2: we sent a keyboard-interactive packet, wait for reply
   debug3: receive packet: type 60
   debug2: input_userauth_info_req
   debug2: input_userauth_info_req: num_prompts 1

Additional info: [libssh2 version 0.23.0, RHEL7]

Hi! Getting a KeyExchangeError while connecting to old Cisco router. Any ideas how to fix that?

[pkittenis]

Would need a libssh2 trace to say what the issue is. Would think the server is using a configuration libssh2 does not support.

[belkir]

Would need a libssh2 trace to say what the issue is. Would think the server is using a configuration libssh2 does not support.

Ok, how I can trace libssh2 connection?

[belkir]

Additional info: debug from Cisco Router:

Nov 17 06:38:21.592: SSH3: starting SSH control process
Nov 17 06:38:21.592: SSH3: sent protocol version id SSH-2.0-Cisco-1.25
Nov 17 06:38:21.636: SSH3: protocol version id is - SSH-2.0-libssh2_1.9.0_DEV
Nov 17 06:38:21.640: SSH2 3: SSH2_MSG_KEXINIT sent
Nov 17 06:38:21.640: SSH2 3: SSH2_MSG_KEXINIT received
Nov 17 06:38:21.640: SSH2:kex: client->server enc:aes256-cbc mac:hmac-sha1
Nov 17 06:38:21.640: SSH2:kex: server->client enc:aes256-cbc mac:hmac-sha1
Nov 17 06:38:21.680: SSH2 3: SSH2_MSG_KEX_DH_GEX_REQUEST received
Nov 17 06:38:21.680: SSH2 3: Range sent by client is - 1024 < 1536 < 2048
Nov 17 06:38:21.680: SSH2 3:  Invalid modulus length
Nov 17 06:38:21.780: SSH3: Session disconnected - error 0x00

[pkittenis]

Tracing functionality is not merged into master yet, will show code to enable libssh2 tracing then. It will also need to be compiled into libssh2.

[pkittenis]

Looking at debug above, looks like method_pref would need to be used to select a different key exchange method. Method pref functions are now implemented - #128

The Openssh client is also using different client key type, might not be related.

[jasonlazo]

If this is an old cisco router is too possible that KexAlghoritms were different to the system default.

take into consideration the next trace:

Nov 17 06:38:21.680: SSH2 3: SSH2_MSG_KEX_DH_GEX_REQUEST received Nov 17 06:38:21.680: SSH2 3: Range sent by client is - 1024 < 1536 < 2048 Nov 17 06:38:21.680: SSH2 3: Invalid modulus length

[tuxmaster5000]

I have the same error, connecting to an CentOS8 stream system. Normal ssh connection will work. SSH config of my target:

PORT STATE SERVICE 22/tcp open ssh | ssh2-enum-algos: | kex_algorithms: (1) | curve25519-sha256@libssh.org | server_host_key_algorithms: (4) | ssh-rsa | rsa-sha2-512 | rsa-sha2-256 | ssh-ed25519 | encryption_algorithms: (2) | chacha20-poly1305@openssh.com | aes256-gcm@openssh.com | mac_algorithms: (2) | hmac-sha2-512-etm@openssh.com | hmac-sha2-256-etm@openssh.com | compressionalgorithms: (2) | none | zlib@openssh.com

libssh2: libssh2-1.9.0-7.fc34.x86_64

server log: no matching cipher found. Their offer: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu. se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc,none [preauth]

It looks like libssh2 don't support modern ciphers.

[pkittenis]

Thanks for the feedback.

There is a new version of libssh2 available, will re-test once ssh2-python has been updated.

The above does not appear to be the same issue though.

[tuxmaster5000]

In the meantime, I have switched to ssh-python, which will use libssh instant of libssh2. Here the new ciphers will work.

[pkittenis]

Use the high level clients in parallel-ssh instead of either ssh-python or ssh2-python directly. Unless you are feeling particularly masochistic.

[wfleurant]

if an openssh system, sshd_config can support libssh2 with PubkeyAcceptedKeyTypes and/or HostKeyAlgorithms options filled in. check the manual page first man sshd_config and see re: ssh -Q cipher