Only supports hmac-sha1, fails if server disallows it

[codyps]

Could not connect via ssh: kex error : no match for method mac algo client->server: server [hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com], client [hmac-sha1]

SSH Login failed.

Mosh has exited.
Press "x" to close the window.

[rpwoodbu]

Mosh for Chrome uses libssh. AFAICT, they only support hmac-sha1 and "none". If this is an issue for you, please take it up with the libssh folks.

[codyps]

https://red.libssh.org/issues/91 (a "fixed" issue) Indicates it does support at least hmac-sha2-256 and hmac-sha2-512 for at least 9 months.

[rpwoodbu]

Ah, OK. If it is in libssh 0.6.0, then it'll get picked up soon as I'm currently working on a new build with updated deps. I'll reopen this bug, and have you test it once a new Mosh for Chrome is released (hopefully real soon now).

[rpwoodbu]

Actually, I just realized I am using libssh 0.6.0 already. I misinterpreted the date, seeing it was built in January, but of last year. So what I'm doing will not get a newer version of libssh. There are some newer versions available, but the bug you linked says the feature is targeted for 0.7.0, which has not been released. If you find that the feature made it into 0.6.4 or earlier, I can see about getting libssh updated in naclports (the repo of libraries ported to the Native Client environment). Otherwise I'm inclined to wait until 0.7.0 is released before going through the effort.

[pysiak]

The version available in Chrome Store is 0.2.8.30. Are you going to publish a newer version which would include newer libssh to the effect of enabling things like ed25519 and sha2 MACs?

And thanks for your work on this!

[rpwoodbu]

@pysiak Unless I'm missing something, a new release is not going to solve this problem. See my last comment about the issue not being fixed in the latest released version of libssh. I just checked, and they're still at 0.6.4. I am not going to link against an unreleased version of libssh for this issue. If this is a major problem for you, it is easy to build your own Mosh for Chrome with a libssh from head.

All that said, I'm contemplating creating a "bleeding edge" version of the app so folks (including myself) can more easily test changes before releasing, which I believe will make it easier to do releases more often.

[pysiak]

Sorry, for a moment there I thougth libssh-6.4 had it, I must've been confused. Thanks

On Sat, Mar 14, 2015 at 4:18 AM, rpwoodbu notifications@github.com wrote:

@pysiak https://github.com/pysiak Unless I'm missing something, a new release is not going to solve this problem. See my last comment about the issue not being fixed in the latest released version of libssh. I just checked, and they're still at 0.6.4. I am not going to link against an unreleased version of libssh for this issue. If this is a major problem for you, it is easy to build your own Mosh for Chrome with a libssh from head.

All that said, I'm contemplating creating a "bleeding edge" version of the app so folks (including myself) can more easily test changes before releasing, which I believe will make it easier to do releases more often.

— Reply to this email directly or view it on GitHub https://github.com/rpwoodbu/mosh-chrome/issues/75#issuecomment-79772114.

Pysiak

[oittaa]

Any news on this since libssh 0.7.1 has been released? From 0.7.0 changelog:

• Added SHA2 algorithms for HMAC

[rpwoodbu]

Thanks for the update. We'll need to get this updated in naclports first. If someone wants go make that happen, that would be great. But I have a few bigger fish to fry at the moment.

[rpwoodbu]

I'm no longer using libssh from naclports, because I'm maintaining my own patches. This has been the case since SHA 97fad57fc4f10390ccbcfd5a2b7252f0e169d56a. Please reopen if this is not resolved for you.