rr-
commented
8 years ago Seems I got the culprit - OpenSSH reports there's an error in the key exchange parameters:
mm_answer_moduli: bad parameters: 2048 2048 1024
Closed rr- closed 7 years ago
rr-
commented
8 years ago Seems I got the culprit - OpenSSH reports there's an error in the key exchange parameters:
mm_answer_moduli: bad parameters: 2048 2048 1024
rr-
commented
8 years ago The following change fixes the issue for me:
diff --git a/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupExchangeSha1.cs b/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupExchangeSha1.cs
index 2e91396..cb330b9 100644
--- a/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupExchangeSha1.cs
+++ b/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupExchangeSha1.cs
@@ -34,8 +34,8 @@ namespace Renci.SshNet.Security
ServerPayload = this._serverPayload,
HostKey = this._hostKey,
MinimumGroupSize = 1024,
- PreferredGroupSize = 1024,
- MaximumGroupSize = 1024,
+ PreferredGroupSize = 2048,
+ MaximumGroupSize = 2048,
Prime = this._prime,
SubGroup = this._group,
ClientExchangeValue = this._clientExchangeValue,
@@ -61,7 +61,7 @@ namespace Renci.SshNet.Security
this.Session.MessageReceived += Session_MessageReceived;
// 1. send SSH_MSG_KEY_DH_GEX_REQUEST
- this.SendMessage(new KeyExchangeDhGroupExchangeRequest(1024, 1024, 1024));
+ this.SendMessage(new KeyExchangeDhGroupExchangeRequest(1024, 2048, 2048));
}
/// <summary>
diff --git a/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupExchangeSha256.cs b/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupExchangeSha256.cs
index 5cc9c23..c48def9 100644
--- a/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupExchangeSha256.cs
+++ b/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupExchangeSha256.cs
@@ -34,7 +34,7 @@ namespace Renci.SshNet.Security
this.Session.MessageReceived += Session_MessageReceived;
// 1. send SSH_MSG_KEY_DH_GEX_REQUEST
- this.SendMessage(new KeyExchangeDhGroupExchangeRequest(1024,1024,1024));
+ this.SendMessage(new KeyExchangeDhGroupExchangeRequest(1024,2048,2048));
}
@@ -64,8 +64,8 @@ namespace Renci.SshNet.Security
ServerPayload = this._serverPayload,
HostKey = this._hostKey,
MinimumGroupSize = 1024,
- PreferredGroupSize = 1024,
- MaximumGroupSize = 1024,
+ PreferredGroupSize = 2048,
+ MaximumGroupSize = 2048,
Prime = this._prime,
SubGroup = this._group,
ClientExchangeValue = this._clientExchangeValue,
misuzu
commented
8 years ago Same issue with OpenSSH 7.2.
SzieberthAdam
commented
8 years ago https://stribika.github.io/2015/01/04/secure-secure-shell.html
diffie-hellman-group1-sha1: 1024 bit DH with SHA1 diffie-hellman-group14-sha1: 2048 bit DH with SHA1 diffie-hellman-group-exchange-sha1: Custom DH with SHA1 diffie-hellman-group-exchange-sha256: Custom DH with SHA2
For the first glance it seems to me that KeyExchangeDiffieHellmanGroupExchangeSha1.cs and KeyExchangeDiffieHellmanGroupExchangeSha256.cs should support custom DH key size as agruments instead of hardcoded constants.
KrullBorg
commented
8 years ago duplicate of #75
rr-
commented
8 years ago Well on the bright side, we came up with a fix (see linked PR and article above)
gschnitzler
commented
8 years ago Patch works for me with OpenSSH_7.2p2 and dokan 1.0 Attached is a build from the latest devel branch.
tmairegasnighto
commented
8 years ago Same issue exists with RC2 (1.6.0.9), although @gerulf-profitsee's version above works without any other adjustment, although it labels itself 1.6.0.7.
I can't connect to my server using WinSSHFS, but I can connect just fine with normal (cygwin) SSH using the same address and credentials.
This isn't firewall's fault - when I disable it temporarily, the error's all the same.
Stack trace:
Server software is
SSH-2.0-OpenSSH_7.2