search

wizmer / syncorg

An implementation of MobileOrg for the Android platform
GNU General Public License v3.0
174 stars 23 forks source link

support stronger ssh key exchange algorithm #29

Open aspiers opened 7 years ago

aspiers commented 7 years ago

I guess that this is an issue not with SyncOrg itself, but with whatever library it uses for ssh, but I'll report it here as a starting point:

My server had

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

in /etc/ssh/sshd_config on account of this advice, but that prevents SyncOrg from connecting, resulting in messages like:

sshd[1216]: fatal: Unable to negotiate with [IP address] port 43420: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]

It would be nice if it could support at least one of the two recommended algorithms above.

hammerandtongs commented 7 years ago

The upstream ssh library is

http://www.jcraft.com/jsch/

From there -

"""Key exchange: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521"""

So perhaps your fallback kex isn't happening?

sleep-walker commented 6 years ago

I have the same issue as @aspiers.