ssh-ed25519 fingerprint is invalid (in HostKeyEventArgs) with older servers

[timmi4sa]

Fantastic library, amazingly easy to use - thank you!. The library version 2020.0.1 seems to fail to provide a correct fingerprint (MD5) for e.HostKeyName that equals to "ssh-ed25519". The HostKeyEventArgs (e.Fingerprint) contains 16 bytes that absolutely don't match OS X ssh (nor Windows 10 built-in ssh command output.) I even made sure to execute the command like below to ensure I am requesting the "ssh-ed25519" (to match what's reported by e.HostKeyName).

The ssh command: ssh admin@host-address -o HostKeyAlgorithms=ssh-ed25519 -o FingerprintHash=md5

Please help! The library works correctly with e.HostKeyName of "ssh-rsa", but "ssh.net" doesn't pick "rsa" when connecting to AWS Ubuntu hosts in 2021.

How to reproduce: 1) Connect to an AWS Linux host (Debian versions as recent as 2017), 2) The e.HostKeyName will be "ssh-ed25519" 3) The e.Fingerprint will "not" match the "ssh" command executed manually.

[darinkes]

Couldn't reproduce so far. Looped a 1000 random keys and Fingerprint is always identical.

$ ssh root@localhost -p 22222 -o HostKeyAlgorithms=ssh-ed25519 -o FingerprintHash=md5
The authenticity of host '[localhost]:22222 ([127.0.0.1]:22222)' can't be established.
ED25519 key fingerprint is MD5:4d:ff:ab:96:9b:0b:fc:87:72:32:ee:c4:62:d8:88:12.

var client = new SshClient("127.0.0.1", 22222, "root", staticKey);
client .HostKeyReceived += delegate(object? sender, HostKeyEventArgs eventArgs)
{
        Console.WriteLine($"HostKeyName: {eventArgs.HostKeyName}");
        Console.WriteLine($"MD5: {BitConverter.ToString(eventArgs.FingerPrint).Replace('-', ':').ToLower()}");
};
client .Connect();

=>

HostKeyName: ssh-ed25519
MD5: 4d:ff:ab:96:9b:0b:fc:87:72:32:ee:c4:62:d8:88:12

[timmi4sa]

Thanks for the quick reply. I really hope that I am not wasting anybody's time.

Your code snippet when connecting to the AWS Debian returns: HostKeyName: ssh-ed25519 MD5: d2:45:85:6b:3f:80:56:53:45:6c:59:ce:03:84:48:b1

The verbose reply from ssh on Mac OS (Catalina) I hope there is some inconsistency in the Debian remote host reply (by AWS), I wonder if you could see it that I am not seeing:

$ ssh admin@123.45.67.89 -o HostKeyAlgorithms=ssh-ed25519 -o FingerprintHash=md5 -v OpenSSH_8.1p1, LibreSSL 2.7.3 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 47: Applying options for debug1: Connecting to 123.45.67.89 [123.45.67.89] port 22. debug1: Connection established. debug1: identity file /Users/johndoe/.ssh/id_rsa type -1 debug1: identity file /Users/johndoe/.ssh/id_rsa-cert type -1 debug1: identity file /Users/johndoe/.ssh/id_dsa type -1 debug1: identity file /Users/johndoe/.ssh/id_dsa-cert type -1 debug1: identity file /Users/johndoe/.ssh/id_ecdsa type -1 debug1: identity file /Users/johndoe/.ssh/id_ecdsa-cert type -1 debug1: identity file /Users/johndoe/.ssh/id_ed25519 type -1 debug1: identity file /Users/johndoe/.ssh/id_ed25519-cert type -1 debug1: identity file /Users/johndoe/.ssh/id_xmss type -1 debug1: identity file /Users/johndoe/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u8 debug1: match: OpenSSH_6.7p1 Debian-5+deb8u8 pat OpenSSH compat 0x04000000 debug1: Authenticating to 123.45.67.89:22 as 'admin' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-ed25519 MD5:62:71:3d:a8:26:73:89:29:d9:2c:2d:4c:4a:ca:64:0a The authenticity of host '123.45.67.89 (123.45.67.89)' can't be established. ED25519 key fingerprint is MD5:62:71:3d:a8:26:73:89:29:d9:2c:2d:4c:4a:ca:64:0a. Are you sure you want to continue connecting (yes/no/[fingerprint])?

[timmi4sa]

OK, some more specific info. I have attempted to connect to a very recently installed VM on my local network (Ubuntu 18.04.5) and immediately detected a difference in the verbose output:

Kex Algorithm

Unexpected fingerprint for (note the libssh.org suffix!): debug1: kex: algorithm: curve25519-sha256@libssh.org

Matching fingerprint for: debug1: kex: algorithm: curve25519-sha256

Remote software

Unexpected fingerprint for debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u8 debug1: match: OpenSSH_6.7p1 Debian-5+deb8u8 pat OpenSSH* compat 0x04000000

Matching fingerprint for debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002

I think we will use version 2016.1.0 for older hosts to "force" ssh-rsa (if we ever encounter a client with older server software), and the latest version for modern servers. Apparently, according to my limited understanding of the matter, there has been a bug in OpenSSH implementation prior to OpenSSH version 7.6, the article has a discussion of a similar issue plaguing another unrelated product: curve25519-sha256 vs curve25519-sha256@libssh.org.

[darinkes]

You can send me the used hostkey to stefan.rinkes[at]gmail.com or give me access to the machine if you like. Don't need to login, just to do Kex and HostKey-Check.

[timmi4sa]

Emailed the info to gmail.com.

[darinkes]

There is a workaround for this in a pull request: https://github.com/sshnet/SSH.NET/pull/614/commits/6e79603cb62101329b55beac9c9920191c80a912

We are thinking about a proper fix.