russh
russh copied to clipboard
Unable to connect with aes256gcm cipher
Hi,
I have an OpenSSH_8.0p1 server where I've disabled the [email protected] cipher so that russh will use the aes256gcm cipher instead.
Upon doing this, I get the following error on the openssh server when trying to open a session using a russh client:
ssh_dispatch_run_fatal: Connection from X.X.X.X port 65175: message authentication code incorrect [preauth]
I am able to connect without issue if the [email protected] cipher is used instead.
The following client code can reproduce the issue:
extern crate env_logger;
extern crate futures;
extern crate russh;
extern crate russh_keys;
extern crate tokio;
use anyhow::Context;
use russh::*;
use russh_keys::*;
use std::net::SocketAddr;
use std::str::FromStr;
use std::sync::Arc;
struct Client {}
impl client::Handler for Client {
type Error = russh::Error;
type FutureUnit = futures::future::Ready<Result<(Self, client::Session), Self::Error>>;
type FutureBool = futures::future::Ready<Result<(Self, bool), Self::Error>>;
fn finished_bool(self, b: bool) -> Self::FutureBool {
futures::future::ready(Ok((self, b)))
}
fn finished(self, session: client::Session) -> Self::FutureUnit {
futures::future::ready(Ok((self, session)))
}
fn check_server_key(self, server_public_key: &key::PublicKey) -> Self::FutureBool {
println!("check_server_key: {:?}", server_public_key);
self.finished_bool(true)
}
}
#[tokio::main]
async fn main() {
env_logger::init();
let config = russh::client::Config::default();
let config = Arc::new(config);
let sh = Client {};
let mut session =
russh::client::connect(config, SocketAddr::from_str("X.X.X.X:22").unwrap(), sh)
.await
.unwrap();
let x = session
.authenticate_password("XX", "XX")
.await
.unwrap();
dbg!(x);
let mut ch = session.channel_open_session().await.unwrap();
}
Please retry with 0.34.0-beta.5 and if it doesn't help, post the log from running your example with RUST_LOG=debug.
This issue can be close, I am not able to reproduce it with 0.38. The test forces [email protected] as the only encryption_algorithms
[root@localhost ~]# nmap --script ssh2-enum-algos -sV -p 22 localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2023-08-25 09:12 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000037s latency).
Other addresses for localhost (not scanned): ::1
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.0 (protocol 2.0)
| ssh2-enum-algos:
| kex_algorithms: (10)
| curve25519-sha256
| [email protected]
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| diffie-hellman-group14-sha1
| server_host_key_algorithms: (5)
| rsa-sha2-512
| rsa-sha2-256
| ssh-rsa
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (1)
| [email protected]
| mac_algorithms: (10)
| [email protected]
| [email protected]
| [email protected]
| [email protected]
| [email protected]
| [email protected]
| [email protected]
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ [email protected]
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.56 seconds
Code:
use anyhow::Context;
use async_trait::async_trait;
use russh::*;
use russh_keys::*;
use std::net::SocketAddr;
use std::str::FromStr;
use std::sync::Arc;
struct Client {}
#[async_trait]
impl client::Handler for Client {
type Error = russh::Error;
async fn check_server_key(
self,
server_public_key: &key::PublicKey,
) -> Result<(Self, bool), Self::Error> {
println!("check_server_key: {:?}", server_public_key);
Ok((self, true))
}
}
#[tokio::main]
async fn main() {
let config = russh::client::Config::default();
let config = Arc::new(config);
let sh = Client {};
let mut session =
russh::client::connect(config, SocketAddr::from_str("X.X.X.X:22").unwrap(), sh)
.await
.unwrap();
let x = session
.authenticate_password("XX", "XX")
.await
.unwrap();
dbg!(x);
let mut ch = session.channel_open_session().await.unwrap();
}
Output:
[root@localhost test_ssh]$ cargo run
Finished dev [unoptimized + debuginfo] target(s) in 0.09s
Running `target/debug/test_ssh`
check_server_key: Ed25519(VerifyingKey(CompressedEdwardsY: [139, 62, 90, 206, 55, 219, 198, 72, 228, 88, 255, 182, 221, 229, 142, 157, 107, 200, 184, 174, 116, 7, 11, 36, 134, 36, 102, 73, 221, 135, 181, 142]), EdwardsPoint{
X: FieldElement51([1283301002909871, 1826826915504172, 1653665558672354, 1167319924461394, 1288750370877980]),
Y: FieldElement51([1929882591968907, 1045497768610072, 812683753831319, 636694634412631, 258765300733538]),
Z: FieldElement51([1, 0, 0, 0, 0]),
T: FieldElement51([2145775406359520, 721736678741455, 914166269665513, 1749770547171263, 1394020773802850])
}))
[src/main.rs:40] x = true