search

darkoperator / Posh-SSH

PowerShell Module for automating tasks on remote systems using SSH
BSD 3-Clause "New" or "Revised" License
985 stars 227 forks source link

Server HMAC algorithm not found #269

Closed escservices closed 5 years ago

escservices commented 5 years ago

I'm having some issues with automation I developed for SSH'ing into servers, it appears that the vendor that created the servers updated ciphers/algorithm used and it's not supported in Posh-SSH. I did -verbose and it didn't provide much additional information regarding what was missing it just states "Server HMAC algorithm not found". The only thing I was able to get to work was the latest version of putty, that was able to connect. Would you be able to add support for these new algorithms? Let me know if there's anything else I can do to provide more useful information. Thanks

Powershell Version 5 (Major 5, Minor 1, Build 14393, Revision 2828) Server 2016 Standard, Version 1607 Build 14393.2848 Posh-SSH version 2.1

image

darkoperator commented 5 years ago

Sadly not much I can do :( the supporting library does not have support for those algorithms and until they support it Posh-SSH can’t use them.

On Apr 23, 2019, at 12:56 PM, Mike notifications@github.com wrote:

I'm having some issues with automation I developed for SSH'ing into servers, it appears that the vendor that created the servers updated ciphers/algorithm used and it's not supported in Posh-SSH. I did -verbose and it didn't provide much additional information regarding what was missing it just states "Server HMAC algorithm not found". The only thing I was able to get to work was the latest version of putty, that was able to connect. Would you be able to add support for these new algorithms? Let me know if there's anything else I can do to provide more useful information. Thanks

Powershell Version 5 (Major 5, Minor 1, Build 14393, Revision 2828) Server 2016 Standard, Version 1607 Build 14393.2848 Posh-SSH version 2.1

https://user-images.githubusercontent.com/1287511/56600395-9177fa80-65c6-11e9-8e6c-3bed53ad421d.png — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/darkoperator/Posh-SSH/issues/269, or mute the thread https://github.com/notifications/unsubscribe-auth/AAD7IHSMVVWV3V4JHD7P25LPR45SFANCNFSM4HH3WX3A.

escservices commented 5 years ago

Understood, thanks for getting back to me. Luckily I was able to use plink.exe as a substitute. Still a huge fan of posh-ssh, thanks for developing it!

On Tue, Apr 23, 2019, 4:47 PM Carlos Perez notifications@github.com wrote:

Sadly not much I can do :( the supporting library does not have support for those algorithms and until they support it Posh-SSH can’t use them.

On Apr 23, 2019, at 12:56 PM, Mike notifications@github.com wrote:

I'm having some issues with automation I developed for SSH'ing into servers, it appears that the vendor that created the servers updated ciphers/algorithm used and it's not supported in Posh-SSH. I did -verbose and it didn't provide much additional information regarding what was missing it just states "Server HMAC algorithm not found". The only thing I was able to get to work was the latest version of putty, that was able to connect. Would you be able to add support for these new algorithms? Let me know if there's anything else I can do to provide more useful information. Thanks

Powershell Version 5 (Major 5, Minor 1, Build 14393, Revision 2828) Server 2016 Standard, Version 1607 Build 14393.2848 Posh-SSH version 2.1

< https://user-images.githubusercontent.com/1287511/56600395-9177fa80-65c6-11e9-8e6c-3bed53ad421d.png

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub < https://github.com/darkoperator/Posh-SSH/issues/269>, or mute the thread < https://github.com/notifications/unsubscribe-auth/AAD7IHSMVVWV3V4JHD7P25LPR45SFANCNFSM4HH3WX3A .

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/darkoperator/Posh-SSH/issues/269#issuecomment-485968185, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJ2KV5ETCGJMN4F2GOYRHDPR5YVXANCNFSM4HH3WX3A .

darkoperator commented 5 years ago

happy you were able to find an alternate solution. Wish this would move faster in the library I'm using.

jollymansart commented 2 days ago

Server HMAC algorithm not found

Need Help: PS C:\Windows\system32> New-SSHSession -ComputerName "10.91.0.105" -Credential (Get-Credential mgeorge) -AcceptKey -Verbose VERBOSE: Using SSH Username and Password authentication for connection. New-SSHSession : Server HMAC algorithm not found At line:1 char:1

jollymansart commented 2 days ago

Is there a way to identify the ssh options that the client device is trying to use

darkoperator commented 2 days ago

do a ssh -vv against the server and look for "peer server KEXINIT proposal” that will be the ciphers and macs offered by the server

jollymansart commented 2 days ago

C:\Windows\system32> ssh -vv 10.91.0.105 OpenSSH_for_Windows_9.5p1, LibreSSL 3.8.2 debug2: resolve_canonicalize: hostname 10.91.0.105 is address debug1: Connecting to 10.91.0.105 [10.91.0.105] port 22. debug1: Connection established. debug1: identity file C:\Users\mgeorge/.ssh/id_rsa type -1 debug1: identity file C:\Users\mgeorge/.ssh/id_rsa-cert type -1 debug1: identity file C:\Users\mgeorge/.ssh/id_ecdsa type -1 debug1: identity file C:\Users\mgeorge/.ssh/id_ecdsa-cert type -1 debug1: identity file C:\Users\mgeorge/.ssh/id_ecdsa_sk type -1 debug1: identity file C:\Users\mgeorge/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file C:\Users\mgeorge/.ssh/id_ed25519 type -1 debug1: identity file C:\Users\mgeorge/.ssh/id_ed25519-cert type -1 debug1: identity file C:\Users\mgeorge/.ssh/id_ed25519_sk type -1 debug1: identity file C:\Users\mgeorge/.ssh/id_ed25519_sk-cert type -1 debug1: identity file C:\Users\mgeorge/.ssh/id_xmss type -1 debug1: identity file C:\Users\mgeorge/.ssh/id_xmss-cert type -1 debug1: identity file C:\Users\mgeorge/.ssh/id_dsa type -1 debug1: identity file C:\Users\mgeorge/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5 debug1: Remote protocol version 2.0, remote software version Cisco-1.25 debug1: compat_banner: match: Cisco-1.25 pat Cisco-1.* compat 0x60000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 10.91.0.105:22 as 'ohdc1\mgeorge' debug1: load_hostkeys: fopen C:\Users\mgeorge/.ssh/known_hosts: No such file or directory debug1: load_hostkeys: fopen C:\Users\mgeorge/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-gcm,aes256-gcm,aes128-ctr,aes192-ctr,aes256-ctr debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-gcm,aes256-gcm,aes128-ctr,aes192-ctr,aes256-ctr debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com debug2: compression ctos: none debug2: compression stoc: none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-512 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: SSH2_MSG_KEX_ECDH_REPLY received debug1: Server host key: ssh-rsa SHA256:VO1GnhSHG8/lfbnFQCnIGQbOPwytEDsateUjt/DmTZI debug1: load_hostkeys: fopen C:\Users\mgeorge/.ssh/known_hosts: No such file or directory debug1: load_hostkeys: fopen C:\Users\mgeorge/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts2: No such file or directory debug1: hostkeys_find_by_key_hostfile: hostkeys file C:\Users\mgeorge/.ssh/known_hosts does not exist debug1: hostkeys_find_by_key_hostfile: hostkeys file C:\Users\mgeorge/.ssh/known_hosts2 does not exist debug1: hostkeys_find_by_key_hostfile: hostkeys file PROGRAMDATA\ssh/ssh_known_hosts does not exist debug1: hostkeys_find_by_key_hostfile: hostkeys file PROGRAMDATA\ssh/ssh_known_hosts2 does not exist The authenticity of host '10.91.0.105 (10.91.0.105)' can't be established. RSA key fingerprint is SHA256:VO1GnhSHG8/lfbnFQCnIGQbOPwytEDsateUjt/DmTZI. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])?

jollymansart commented 2 days ago

how do i know what is compatible with the command "New-SSHSession -ComputerName "10.91.0.105" "

darkoperator commented 2 days ago

based on the list it should be compatible , the list of supported ones is in the readme of the module https://github.com/darkoperator/Posh-SSH/blob/master/Readme.md

jollymansart commented 2 days ago

So it looks like you have the issue fixed in version 3.2.3. The version I was running on was version 3.0.6. of POSH-SSH.

that all said. is it possible to get a list of protocols. or have the code in a future version show the protocol used.

I have been able to connect after upgrading to 3.2.3 version of posh-ssh. thanks

jollymansart commented 2 days ago

thank you

jollymansart commented 2 days ago

your hard work on this script is greatly appreciated. I was able to complete my task. Next task for the future is to breakdown cisco command outputs from switches and wireless controllers. However what you provided made it possible for me to do my immediate task and automate a simple process ;) Can not thank you enough.