search

fast-data-transfer / fdt

FDT is an Application for Efficient Data Transfers which is capable of reading and writing at disk speed over wide area networks (with standard TCP). It is written in Java, runs an all major platforms and it is easy to use. FDT is based on an asynchronous, flexible multithreaded system and is using the capabilities of the Java NIO libraries.
https://fast-data-transfer.github.io/
Apache License 2.0
201 stars 45 forks source link

Cannot connect to modern ssh servers because only legacy key exchanges are supported #53

Open costi opened 3 years ago

costi commented 3 years ago

When trying to initiate a transfer with an Ubuntu 20.04 box it gives this error:

Caused by: java.io.IOException: Cannot negotiate, proposals do not match.
    at ch.ethz.ssh2.transport.KexManager.handleMessage(KexManager.java:340)
    at ch.ethz.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:571)
    at ch.ethz.ssh2.transport.TransportManager$1.run(TransportManager.java:338)
    at java.base/java.lang.Thread.run(Thread.java:834)

I enabled debug logging for the ssh server and I see this error:

Unable to negotiate with 127.0.0.1 port 59398: no matching key exchange method found. 
Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]

The current default key exchange algorithms are:

server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>

Updating the config on the ssh server to support the legacy KEX is not a good idea. The KEX supported by fdt are old and insecure.