search

vlvassilev / yuma123

The yuma123 repository
Other
24 stars 28 forks source link

yangcli sends outdated hmacs #136

Closed mmirate closed 1 year ago

mmirate commented 1 year ago

When attempting to use yangcli to connect to some network equipment who actually appears to use a modicum of sensibly up-to-date software under the hood, the equipment's sshd logs the following: Unable to negotiate with 10.1.4.234 port 33006: no matching MAC found. Their offer: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com [preauth]. Using the openssh command-line program from the same machine, however, is able to connect to the same equipment's human-directed command-line interface, and that client-side output includes debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512. Installed libssh2 version is 1.5.0-2ubuntu0.1.

vlvassilev commented 1 year ago

yangcli dynamically links to the installed libssh2 library. If the negotiation fails you should update your libss2 library if the newer versions implement a matching algorithm.