search

stribika / stribika.github.io

307 stars 33 forks source link

Github.com Unable to Negotiate Key Exchange Method #26

Open mmangione opened 9 years ago

mmangione commented 9 years ago

OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014

Here is a printout of ssh -Tv github.com when I use your suggested github configuration in /etc/ssh/ssh_config:

OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /home/<>/.ssh/config debug1: /home/<>/.ssh/config line 1: Applying options for debug1: /home/<>/.ssh/config line 38: Applying options for github.procure debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 24: Applying options for debug1: Hostname has changed; re-reading configuration debug1: Reading configuration data /home/mmangione/.ssh/config debug1: /home/<>/.ssh/config line 1: Applying options for debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: Applying options for github.com debug1: /etc/ssh/ssh_config line 24: Applying options for debug1: Connecting to github.com [192.30.252.130] port 22. debug1: Connection established. debug1: identity file /home/<>/.ssh/id_rsa type 1 debug1: identity file /home/<>/.ssh/id_rsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: Remote protocol version 2.0, remote software version libssh-0.6.0 debug1: no match: libssh-0.6.0 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes256-ctr hmac-sha2-512 none debug1: kex: client->server aes256-ctr hmac-sha2-512 none Unable to negotiate a key exchange method

Here is a printout of the KexMethod lines commented out in /etc/ssh/ssh_config:

OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /home/<>/.ssh/config debug1: /home/<>/.ssh/config line 1: Applying options for debug1: /home/<>/.ssh/config line 38: Applying options for github.com debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 24: Applying options for debug1: Hostname has changed; re-reading configuration debug1: Reading configuration data /home/<>/.ssh/config debug1: /home/<>/.ssh/config line 1: Applying options for debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: Applying options for github.com debug1: /etc/ssh/ssh_config line 24: Applying options for debug1: Connecting to github.com [192.30.252.129] port 22. debug1: Connection established. debug1: identity file /home/<>/.ssh/id_rsa type 1 debug1: identity file /home/<>/.ssh/id_rsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: Remote protocol version 2.0, remote software version libssh-0.6.0 debug1: no match: libssh-0.6.0 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes256-ctr hmac-sha2-512 none debug1: kex: client->server aes256-ctr hmac-sha2-512 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48 debug1: Host 'github.com' is known and matches the RSA host key. debug1: Found key in /home/<>/.ssh/known_hosts:42 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/<>/.ssh/id_rsa debug1: Authentications that can continue: publickey debug1: Offering RSA public key: <> debug1: Authentications that can continue: publickey debug1: Offering RSA public key: id_rsa2 debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey).

Which is the expected output for a successful connection. Any thoughts?

Why am I being forced to use ECDH as a kex method?

dcherian commented 9 years ago

I had the same issue. /etc/ssh/ssh_config says that all options are changed only once, so the first time you change KexAlgorithms under HostName *, it's valid for all else. The solution is to move your HostName * block with default options to the end of the .ssh/config file. Then the Host github.com block will override the default settings.