search

moov-io / paygate

A RESTful API enabling electronic payments to be submitted and received without a deep understanding payment file specification
http://moov.io
Apache License 2.0
129 stars 31 forks source link

ssh: handshake failed: missing diffie-hellman-group-exchange-sha256 #625

Closed adamdecaf closed 3 years ago

adamdecaf commented 3 years ago

PayGate Version: v0.8.0-rc4

What were you trying to do? The following error occurred with Drahomir's paygate instance in production, which is breaking their ability to upload files. Sounds like their ODFI upgraded their server and only offers a newer DHE key exchange. 

ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1], server offered: [diffie-hellman-group-exchange-sha256]"

What did you expect to see? File uploads should be secure and work properly.

adamdecaf commented 3 years ago

I created a branch off of v0.8.0-rc4 in hopes a simple update of pkg/sftp and x/crypto does the trick. I'm thinking otherwise we would need to update the low level ssh config initialized.

adamdecaf commented 3 years ago

fyi, this key exchange algorithm has been supported for a while. I haven't verified the defaults in pkg/sftp yet.

https://github.com/golang/crypto/blame/afb6bcd081ae5258e9449bf8b9af19593c9b261f/ssh/kex.go#L34

pkg/sftp v0.12.0 changelog - https://github.com/pkg/sftp/releases/tag/v1.12.0

adamdecaf commented 3 years ago

Fixed in v0.9.2!