Update Ciphers and Encryption algorithms

Roi-Danton commented 4 years ago

Hi,

is it possible to update the included Ciphers and Encryption algorithms? I configured the access to my servers to be a bit more secure and when I use the extension I got the following message: Error while connecting to SSH FS HOST: Handshake failed: no matching client->server HMAC

I allow only hmac-sha2-512 for authentication.

Or is there a possibility to use openssh instead for the included ssh client?

Thanks for you respond.

Best Regards,

Roi Danton

SchoofsKelvin commented 4 years ago

My extension uses the ssh2 and ssh2-streams libraries. These actually restrict weaker algorithms, as mentioned in mscdex/ssh2#417. That issue also tells you how to enable them again.

By default, the SSH configurations are stored in VSCode's global settings.json (Preferences: Open Settings (JSON)) under the field sshfs.configs, where you can paste that block of code:

// Inside settings.json
    "sshfs.configs": [
        {
            "name": "HOST",
            // host, username, ...
            "algorithms": {
                hmac: ['hmac-sha2-512']
            }
        },
        // ...
    ],

eldudemeister commented 3 years ago

Hi, I am having the above issue, I've added the below to the settings.json as below but still have the same issue? Password redacted but everything is left. I've verified that the algorithm is in the server I'm trying to connect to and if I run ssh -m hmac-sha2-512 -A hassio@homeassistant.home in a normal terminal window in VS code I can connect to it?

{
            "name": "homeassistant",
            "host": "homeassistant.home",
            "username": "hassio",
            "password": ""
            "algorithms": {
                hmac: "['hmac-sha2-512']"
        }

SchoofsKelvin commented 3 years ago

@eldudemeister

hmac: "['hmac-sha2-512']"

First of all, I don't know how strict VS Code is about the JSON, but in plain old JSON it should be "hmac": not just hmac:. You also seem to be missing a comma after the password field.

According to this, hmac-sha2-512 should already be enabled by default.

Can you post the SSH FS log? It is available under Output > SSH FS. While it should censor passwords/passphrases, I recommend checking it for (other) sensitive data first. Since this is regarding some internal handshaking stuff, add "debug": true to your config, so it'll spit out the local/remote hmac lists.

eldudemeister commented 3 years ago

Thanks, I changed the "" and added the comma, still the same error. Output from the log is this, appreciate the help!

[INFO]    Created output channel for vscode-sshfs
[INFO]    Loading configurations...
[DEBUG]     Added configuration unraid from 1
[DEBUG]     Added configuration homeassistant from 1
[INFO]    Found 2 configurations
[INFO]    Extension activated, version 1.19.2, mode 2
[INFO]    Command received to open a terminal for FileSystemConfig(homeassistant)
[INFO]    [createConnection(homeassistant,config)] Creating a new connection for 'homeassistant'
[INFO]    Calculating actual config
[DEBUG]     No privateKey, agent or password. Gonna prompt for password
[DEBUG]     Final configuration:
{
    "name": "homeassistant",
    "host": "homeassistant.home",
    "username": "hassio",
    "algorithms": {
        "hmac": "['hmac-sha2-512']",
        "privateKeyPath": "/config/.ssh/id_rsa"
    },
    "workbench.editor.enablePreview": false,
    "terminal.integrated.automationShell.windows": "",
    "terminal.integrated.automationShell.linux": "",
    "_location": 1,
    "_locations": [
        1
    ],
    "_calculated": {
        "name": "homeassistant",
        "host": "homeassistant.home",
        "username": "hassio",
        "algorithms": {
            "hmac": "['hmac-sha2-512']",
            "privateKeyPath": "/config/.ssh/id_rsa"
        },
        "workbench.editor.enablePreview": false,
        "terminal.integrated.automationShell.windows": "",
        "terminal.integrated.automationShell.linux": "",
        "_location": 1,
        "_locations": [
            1
        ]
    },
    "password": "<censored>"
}
[INFO]    [createSocket(homeassistant)] Creating socket
[DEBUG]   [createSocket(homeassistant)] Connecting to homeassistant.home:22
[INFO]    [createSSH(homeassistant)] Flag "DiffieHellman" specified, disabling DiffieHellman kex groupex algorithms
[DEBUG]   [createSSH(homeassistant)]    Resulting algorithms.kex: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
[ERROR]   [createSSH(homeassistant)] Handshake failed: no matching client->server HMAC
Logged at:
    at T.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.2/dist/2.extension.js:1:6187)
    at T.emit (events.js:314:20)
    at ae.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.2/dist/0.extension.js:1:21082)
    at ae.emit (events.js:326:22)
    at /config/extensions/kelvin.vscode-sshfs-1.19.2/dist/0.extension.js:1:185988
Reported from createSSH(homeassistant)
[INFO]    Loading configurations...
[DEBUG]     Added configuration unraid from 1
[DEBUG]     Added configuration homeassistant from 1
[INFO]    Found 2 configurations
[INFO]    Command received to open a terminal for FileSystemConfig(homeassistant)
[INFO]    [createConnection(homeassistant,config)] Creating a new connection for 'homeassistant'
[INFO]    Calculating actual config
[DEBUG]     No privateKey, agent or password. Gonna prompt for password
[DEBUG]     Final configuration:
{
    "name": "homeassistant",
    "host": "homeassistant.home",
    "username": "hassio",
    "algorithms": {
        "hmac": "['hmac-sha2-512']",
        "privateKeyPath": "/config/.ssh/id_rsa",
        "debug": true
    },
    "workbench.editor.enablePreview": false,
    "terminal.integrated.automationShell.windows": "",
    "terminal.integrated.automationShell.linux": "",
    "_location": 1,
    "_locations": [
        1
    ],
    "_calculated": {
        "name": "homeassistant",
        "host": "homeassistant.home",
        "username": "hassio",
        "algorithms": {
            "hmac": "['hmac-sha2-512']",
            "privateKeyPath": "/config/.ssh/id_rsa",
            "debug": true
        },
        "workbench.editor.enablePreview": false,
        "terminal.integrated.automationShell.windows": "",
        "terminal.integrated.automationShell.linux": "",
        "_location": 1,
        "_locations": [
            1
        ]
    },
    "password": "<censored>"
}
[INFO]    [createSocket(homeassistant)] Creating socket
[DEBUG]   [createSocket(homeassistant)] Connecting to homeassistant.home:22
[INFO]    [createSSH(homeassistant)] Flag "DiffieHellman" specified, disabling DiffieHellman kex groupex algorithms
[DEBUG]   [createSSH(homeassistant)]    Resulting algorithms.kex: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
[ERROR]   [createSSH(homeassistant)] Handshake failed: no matching client->server HMAC
Logged at:
    at T.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.2/dist/2.extension.js:1:6187)
    at T.emit (events.js:314:20)
    at ae.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.2/dist/0.extension.js:1:21082)
    at ae.emit (events.js:326:22)
    at /config/extensions/kelvin.vscode-sshfs-1.19.2/dist/0.extension.js:1:185988
Reported from createSSH(homeassistant)

SchoofsKelvin commented 3 years ago

There are 2 things I notice immediately:

There is no ssh2 debug output, since you didn't add "debug": true to the config
Your configuration mentions workbench.editor.enablePreview and a few other weird config settings, I assume there's a mismatched/missing } or so

eldudemeister commented 3 years ago

Sorry, does this help debug?

[INFO]    Created output channel for vscode-sshfs
[INFO]    Loading configurations...
[DEBUG]     Added configuration unraid from 1
[DEBUG]     Added configuration homeassistant from 1
[INFO]    Found 2 configurations
[INFO]    Extension activated, version 1.19.3, mode 2
[INFO]    Command received to open a terminal for FileSystemConfig(homeassistant)
[INFO]    [createConnection(homeassistant,config)] Creating a new connection for 'homeassistant'
[INFO]    Calculating actual config
[DEBUG]     No privateKey, agent or password. Gonna prompt for password
[DEBUG]     Final configuration:
{
    "name": "homeassistant",
    "host": "homeassistant.home",
    "username": "hassio",
    "algorithms": {
        "hmac": "['hmac-sha2-512']",
        "privateKeyPath": "/config/.ssh/id_rsa"
    },
    "_location": 1,
    "_locations": [
        1
    ],
    "_calculated": {
        "name": "homeassistant",
        "host": "homeassistant.home",
        "username": "hassio",
        "algorithms": {
            "hmac": "['hmac-sha2-512']",
            "privateKeyPath": "/config/.ssh/id_rsa"
        },
        "_location": 1,
        "_locations": [
            1
        ]
    },
    "password": "<censored>"
}
[INFO]    [createSocket(homeassistant)] Creating socket
[DEBUG]   [createSocket(homeassistant)] Connecting to homeassistant.home:22
[INFO]    [createSSH(homeassistant)] Flag "DF-GE" not specified, disabling DiffieHellman kex groupex algorithms
[DEBUG]   [createSSH(homeassistant)]    Resulting algorithms.kex: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
[ERROR]   [createSSH(homeassistant)] Handshake failed: no matching client->server HMAC
Logged at:
    at T.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.3/dist/2.extension.js:1:6432)
    at T.emit (events.js:314:20)
    at ae.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.3/dist/0.extension.js:1:21082)
    at ae.emit (events.js:326:22)
    at /config/extensions/kelvin.vscode-sshfs-1.19.3/dist/0.extension.js:1:185988
Reported from createSSH(homeassistant)
[INFO]    Command received to open a terminal for FileSystemConfig(homeassistant)
[INFO]    [createConnection(homeassistant,config)] Creating a new connection for 'homeassistant'
[INFO]    Calculating actual config
[DEBUG]     No privateKey, agent or password. Gonna prompt for password
[DEBUG]     Final configuration:
{
    "name": "homeassistant",
    "host": "homeassistant.home",
    "username": "hassio",
    "algorithms": {
        "hmac": "['hmac-sha2-512']",
        "privateKeyPath": "/config/.ssh/id_rsa"
    },
    "_location": 1,
    "_locations": [
        1
    ],
    "_calculated": {
        "name": "homeassistant",
        "host": "homeassistant.home",
        "username": "hassio",
        "algorithms": {
            "hmac": "['hmac-sha2-512']",
            "privateKeyPath": "/config/.ssh/id_rsa"
        },
        "_location": 1,
        "_locations": [
            1
        ]
    },
    "password": "<censored>"
}
[INFO]    [createSocket(homeassistant)] Creating socket
[DEBUG]   [createSocket(homeassistant)] Connecting to homeassistant.home:22
[INFO]    [createSSH(homeassistant)] Flag "DF-GE" not specified, disabling DiffieHellman kex groupex algorithms
[DEBUG]   [createSSH(homeassistant)]    Resulting algorithms.kex: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
[ERROR]   [createSSH(homeassistant)] Handshake failed: no matching client->server HMAC
Logged at:
    at T.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.3/dist/2.extension.js:1:6432)
    at T.emit (events.js:314:20)
    at ae.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.3/dist/0.extension.js:1:21082)
    at ae.emit (events.js:326:22)
    at /config/extensions/kelvin.vscode-sshfs-1.19.3/dist/0.extension.js:1:185988
Reported from createSSH(homeassistant)
[INFO]    Command received to open a terminal for FileSystemConfig(homeassistant)
[INFO]    [createConnection(homeassistant,config)] Creating a new connection for 'homeassistant'
[INFO]    Calculating actual config
[DEBUG]     No privateKey, agent or password. Gonna prompt for password
[DEBUG]     Final configuration:
{
    "name": "homeassistant",
    "host": "homeassistant.home",
    "username": "hassio",
    "algorithms": {
        "hmac": "['hmac-sha2-512']",
        "privateKeyPath": "/config/.ssh/id_rsa"
    },
    "_location": 1,
    "_locations": [
        1
    ],
    "_calculated": {
        "name": "homeassistant",
        "host": "homeassistant.home",
        "username": "hassio",
        "algorithms": {
            "hmac": "['hmac-sha2-512']",
            "privateKeyPath": "/config/.ssh/id_rsa"
        },
        "_location": 1,
        "_locations": [
            1
        ]
    },
    "password": "<censored>"
}
[INFO]    [createSocket(homeassistant)] Creating socket
[DEBUG]   [createSocket(homeassistant)] Connecting to homeassistant.home:22
[INFO]    [createSSH(homeassistant)] Flag "DF-GE" not specified, disabling DiffieHellman kex groupex algorithms
[DEBUG]   [createSSH(homeassistant)]    Resulting algorithms.kex: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
[ERROR]   [createSSH(homeassistant)] Handshake failed: no matching client->server HMAC
Logged at:
    at T.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.3/dist/2.extension.js:1:6432)
    at T.emit (events.js:314:20)
    at ae.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.3/dist/0.extension.js:1:21082)
    at ae.emit (events.js:326:22)
    at /config/extensions/kelvin.vscode-sshfs-1.19.3/dist/0.extension.js:1:185988
Reported from createSSH(homeassistant)
[INFO]    Loading configurations...
[DEBUG]     Added configuration unraid from 1
[DEBUG]     Added configuration homeassistant from 1
[INFO]    Found 2 configurations
[INFO]    Command received to open a terminal for FileSystemConfig(homeassistant)
[INFO]    [createConnection(homeassistant,config)] Creating a new connection for 'homeassistant'
[INFO]    Calculating actual config
[DEBUG]     No privateKey, agent or password. Gonna prompt for password
[DEBUG]     Final configuration:
{
    "name": "homeassistant",
    "host": "homeassistant.home",
    "username": "hassio",
    "debug": true,
    "algorithms": {
        "hmac": "['hmac-sha2-512']",
        "privateKeyPath": "/config/.ssh/id_rsa"
    },
    "_location": 1,
    "_locations": [
        1
    ],
    "_calculated": {
        "name": "homeassistant",
        "host": "homeassistant.home",
        "username": "hassio",
        "debug": true,
        "algorithms": {
            "hmac": "['hmac-sha2-512']",
            "privateKeyPath": "/config/.ssh/id_rsa"
        },
        "_location": 1,
        "_locations": [
            1
        ]
    },
    "password": "<censored>"
}
[INFO]    [createSocket(homeassistant)] Creating socket
[DEBUG]   [createSocket(homeassistant)] Connecting to homeassistant.home:22
[INFO]    [createSSH(homeassistant)] Flag "DF-GE" not specified, disabling DiffieHellman kex groupex algorithms
[DEBUG]   [createSSH(homeassistant)]    Resulting algorithms.kex: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
[DEBUG]   [ssh2(homeassistant)] DEBUG: Local ident: 'SSH-2.0-ssh2js0.4.10'
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_INIT
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_GREETING
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_HEADER
[DEBUG]   [ssh2(homeassistant)] DEBUG: Remote ident: 'SSH-2.0-OpenSSH_8.4'
[DEBUG]   [ssh2(homeassistant)] DEBUG: Outgoing: Writing KEXINIT
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_PACKET
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: pktLen:660,padLen:8,remainLen:656
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_PACKETDATA
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_PACKETDATAAFTER, packet: KEXINIT
[DEBUG]   [ssh2(homeassistant)] DEBUG: Comparing KEXINITs ...
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) KEX algorithms: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
[DEBUG]   [ssh2(homeassistant)] DEBUG: KEX algorithm: curve25519-sha256@libssh.org
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) Host key formats: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) Host key formats: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-ed25519
[DEBUG]   [ssh2(homeassistant)] DEBUG: Host key format: ssh-ed25519
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) Client->Server ciphers: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) Client->Server ciphers: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
[DEBUG]   [ssh2(homeassistant)] DEBUG: Client->Server Cipher: aes128-ctr
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) Server->Client ciphers: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) Server->Client ciphers: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
[DEBUG]   [ssh2(homeassistant)] DEBUG: Server->Client Cipher: aes128-ctr
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) Client->Server HMAC algorithms: hmac-sha2-256,hmac-sha2-512,hmac-sha1
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) Client->Server HMAC algorithms: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
[DEBUG]   [ssh2(homeassistant)] DEBUG: No matching Client->Server HMAC algorithm
[ERROR]   [createSSH(homeassistant)] Handshake failed: no matching client->server HMAC
Logged at:
    at T.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.3/dist/2.extension.js:1:6432)
    at T.emit (events.js:314:20)
    at ae.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.3/dist/0.extension.js:1:21082)
    at ae.emit (events.js:326:22)
    at /config/extensions/kelvin.vscode-sshfs-1.19.3/dist/0.extension.js:1:185988
Reported from createSSH(homeassistant)
[DEBUG]   [ssh2(homeassistant)] DEBUG: Outgoing: Writing DISCONNECT (KEY_EXCHANGE_FAILED)
[INFO]    Command received to open a terminal for FileSystemConfig(homeassistant)
[INFO]    [createConnection(homeassistant,config)] Creating a new connection for 'homeassistant'
[INFO]    Calculating actual config
[DEBUG]     No privateKey, agent or password. Gonna prompt for password
[DEBUG]     Final configuration:
{
    "name": "homeassistant",
    "host": "homeassistant.home",
    "username": "hassio",
    "debug": true,
    "algorithms": {
        "hmac": "['hmac-sha2-512']",
        "privateKeyPath": "/config/.ssh/id_rsa"
    },
    "_location": 1,
    "_locations": [
        1
    ],
    "_calculated": {
        "name": "homeassistant",
        "host": "homeassistant.home",
        "username": "hassio",
        "debug": true,
        "algorithms": {
            "hmac": "['hmac-sha2-512']",
            "privateKeyPath": "/config/.ssh/id_rsa"
        },
        "_location": 1,
        "_locations": [
            1
        ]
    },
    "password": "<censored>"
}
[INFO]    [createSocket(homeassistant)] Creating socket
[DEBUG]   [createSocket(homeassistant)] Connecting to homeassistant.home:22
[INFO]    [createSSH(homeassistant)] Flag "DF-GE" not specified, disabling DiffieHellman kex groupex algorithms
[DEBUG]   [createSSH(homeassistant)]    Resulting algorithms.kex: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
[DEBUG]   [ssh2(homeassistant)] DEBUG: Local ident: 'SSH-2.0-ssh2js0.4.10'
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_INIT
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_GREETING
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_HEADER
[DEBUG]   [ssh2(homeassistant)] DEBUG: Remote ident: 'SSH-2.0-OpenSSH_8.4'
[DEBUG]   [ssh2(homeassistant)] DEBUG: Outgoing: Writing KEXINIT
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_PACKET
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: pktLen:660,padLen:8,remainLen:656
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_PACKETDATA
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_PACKETDATAAFTER, packet: KEXINIT
[DEBUG]   [ssh2(homeassistant)] DEBUG: Comparing KEXINITs ...
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) KEX algorithms: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
[DEBUG]   [ssh2(homeassistant)] DEBUG: KEX algorithm: curve25519-sha256@libssh.org
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) Host key formats: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) Host key formats: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-ed25519
[DEBUG]   [ssh2(homeassistant)] DEBUG: Host key format: ssh-ed25519
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) Client->Server ciphers: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) Client->Server ciphers: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
[DEBUG]   [ssh2(homeassistant)] DEBUG: Client->Server Cipher: aes128-ctr
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) Server->Client ciphers: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) Server->Client ciphers: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
[DEBUG]   [ssh2(homeassistant)] DEBUG: Server->Client Cipher: aes128-ctr
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) Client->Server HMAC algorithms: hmac-sha2-256,hmac-sha2-512,hmac-sha1
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) Client->Server HMAC algorithms: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
[DEBUG]   [ssh2(homeassistant)] DEBUG: No matching Client->Server HMAC algorithm
[ERROR]   [createSSH(homeassistant)] Handshake failed: no matching client->server HMAC
Logged at:
    at T.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.3/dist/2.extension.js:1:6432)
    at T.emit (events.js:314:20)
    at ae.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.3/dist/0.extension.js:1:21082)
    at ae.emit (events.js:326:22)
    at /config/extensions/kelvin.vscode-sshfs-1.19.3/dist/0.extension.js:1:185988
Reported from createSSH(homeassistant)
[DEBUG]   [ssh2(homeassistant)] DEBUG: Outgoing: Writing DISCONNECT (KEY_EXCHANGE_FAILED)
[INFO]    Loading configurations...
[DEBUG]     Added configuration unraid from 1
[DEBUG]     Added configuration homeassistant from 1
[INFO]    Found 2 configurations
[INFO]    Command received to open a terminal for FileSystemConfig(homeassistant)
[INFO]    [createConnection(homeassistant,config)] Creating a new connection for 'homeassistant'
[INFO]    Calculating actual config
[DEBUG]     No privateKey, agent or password. Gonna prompt for password
[DEBUG]     Final configuration:
{
    "name": "homeassistant",
    "host": "homeassistant.home",
    "username": "hassio",
    "debug": true,
    "algorithms": {
        "hmac": "['hmac-sha2-512']",
        "privateKeyPath": "/config/.ssh/id_rsa"
    },
    "_location": 1,
    "_locations": [
        1
    ],
    "_calculated": {
        "name": "homeassistant",
        "host": "homeassistant.home",
        "username": "hassio",
        "debug": true,
        "algorithms": {
            "hmac": "['hmac-sha2-512']",
            "privateKeyPath": "/config/.ssh/id_rsa"
        },
        "_location": 1,
        "_locations": [
            1
        ]
    },
    "password": "<censored>"
}
[INFO]    [createSocket(homeassistant)] Creating socket
[DEBUG]   [createSocket(homeassistant)] Connecting to homeassistant.home:22
[INFO]    [createSSH(homeassistant)] Flag "DF-GE" not specified, disabling DiffieHellman kex groupex algorithms
[DEBUG]   [createSSH(homeassistant)]    Resulting algorithms.kex: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
[DEBUG]   [ssh2(homeassistant)] DEBUG: Local ident: 'SSH-2.0-ssh2js0.4.10'
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_INIT
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_GREETING
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_HEADER
[DEBUG]   [ssh2(homeassistant)] DEBUG: Remote ident: 'SSH-2.0-OpenSSH_8.4'
[DEBUG]   [ssh2(homeassistant)] DEBUG: Outgoing: Writing KEXINIT
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_PACKET
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: pktLen:660,padLen:8,remainLen:656
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_PACKETDATA
[DEBUG]   [ssh2(homeassistant)] DEBUG: Parser: IN_PACKETDATAAFTER, packet: KEXINIT
[DEBUG]   [ssh2(homeassistant)] DEBUG: Comparing KEXINITs ...
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) KEX algorithms: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
[DEBUG]   [ssh2(homeassistant)] DEBUG: KEX algorithm: curve25519-sha256@libssh.org
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) Host key formats: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) Host key formats: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-ed25519
[DEBUG]   [ssh2(homeassistant)] DEBUG: Host key format: ssh-ed25519
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) Client->Server ciphers: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) Client->Server ciphers: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
[DEBUG]   [ssh2(homeassistant)] DEBUG: Client->Server Cipher: aes128-ctr
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) Server->Client ciphers: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) Server->Client ciphers: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
[DEBUG]   [ssh2(homeassistant)] DEBUG: Server->Client Cipher: aes128-ctr
[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) Client->Server HMAC algorithms: hmac-sha2-256,hmac-sha2-512,hmac-sha1
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) Client->Server HMAC algorithms: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
[DEBUG]   [ssh2(homeassistant)] DEBUG: No matching Client->Server HMAC algorithm
[ERROR]   [createSSH(homeassistant)] Handshake failed: no matching client->server HMAC
Logged at:
    at T.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.3/dist/2.extension.js:1:6432)
    at T.emit (events.js:314:20)
    at ae.<anonymous> (/config/extensions/kelvin.vscode-sshfs-1.19.3/dist/0.extension.js:1:21082)
    at ae.emit (events.js:326:22)
    at /config/extensions/kelvin.vscode-sshfs-1.19.3/dist/0.extension.js:1:185988
Reported from createSSH(homeassistant)
[DEBUG]   [ssh2(homeassistant)] DEBUG: Outgoing: Writing DISCONNECT (KEY_EXCHANGE_FAILED)

SchoofsKelvin commented 3 years ago

[DEBUG]   [ssh2(homeassistant)] DEBUG: (local) Client->Server HMAC algorithms: hmac-sha2-256,hmac-sha2-512,hmac-sha1
[DEBUG]   [ssh2(homeassistant)] DEBUG: (remote) Client->Server HMAC algorithms: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com

It seems like your server doesn't support (regular) hmac-sha2-256, but uses hmac-sha2-512-etm@openssh.com instead. This doesn't seem to be supported by the underlying library: mscdex/ssh2-streams#45.

If your server actually supports the regular hmac-sha2-256, which is very likely since it uses OpenSSH 8.4, you can configure your server to make use of it.

eldudemeister commented 3 years ago

Thanks, all sorted now!

marcelbrueckner commented 3 years ago

In case someone is coming here from Google trying to find the solution with vscode-sshfs and supervised Home Assistant's SSH add-on, the following add-on configuration enables additional HMAC algorithms:

compatibility_mode: true

SchoofsKelvin / vscode-sshfs

Update Ciphers and Encryption algorithms #191