search

spodskubka / RemoteTerminal

An SSH/Telnet terminal emulator for Microsoft Windows
56 stars 41 forks source link

Missing support for recent ciphers prevents SSH connection (Server HMAC algorithm not found) #28

Closed lbarbera closed 6 years ago

lbarbera commented 6 years ago

Using RemoteTerminal on WinRT 8.1 and trying to establish an SSH session to a Raspberry Pi 3 (running OSMC), the connection is refused with the error message Server HMAC algorithm not found.

This is the result of a hardening of SSH default configuration (as explained in https://discourse.osmc.tv/t/ssh-not-working-after-may-update/37394/5). A server-side workaround is available, but that is just a temporary solution and it also implies degrading security. The following ciphers require being disabled:

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

Would it be possible to include the missing ciphers and bring the app to feature parity with standard SSH clients?