ssh-keyscan can choose unsupported KEX algorithm

[heidelman]

Prerequisites

• [X] Write a descriptive title.
• [X] Make sure you are able to repro it on the latest version
• [X] Search the existing issues.

Steps to reproduce

The ssh-keyscan.exe client application can propose unsupported KEX algorithms, notably [email protected]. The server (if it also supports sntrup) will also propose sntrup. However, ssh-keyscan.exe will then fail in choose_kex with the error: choose_kex: unsupported KEX method [email protected] That KEX algorithm requires a C99 compiler and is hidden behind a #if in defines.h.

ssh.exe and sshd.exe do not have this issue, because only supported KEX algorithms are proposed using the function match_filter_allowlist.

Client requirement: Win32-OpenSSH version 9.2 (a merge in 9.1 moved sntrup to the top of the preferred KEX list) Server requirement: Linux (for enabled [email protected] support) OpenSSH version >=8.9 (where sntrup support was added)

ssh.exe -V OpenSSH_for_Windows_9.2p1, LibreSSL 3.7.2

ssh-keyscan.exe -vvv ip

Expected behavior

ssh-keyscan.exe should not claim to support [email protected].

Actual behavior

debug1: kex: algorithm: [email protected]
choose_kex: unsupported KEX method [email protected]
debug2: local client KEXINIT proposal
debug2: KEX algorithms: [email protected]__,curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

Error details

full output:

debug1: CIDR range 192.168.1.181
debug1: CIDR expand: address 192.168.1.181
debug2: fd 3 setting O_NONBLOCK
debug3: conalloc: oname 192.168.1.181 kt 2
debug2: fd 4 setting O_NONBLOCK
debug3: conalloc: oname 192.168.1.181 kt 4
debug2: fd 5 setting O_NONBLOCK
debug3: conalloc: oname 192.168.1.181 kt 8
debug2: fd 6 setting O_NONBLOCK
debug3: conalloc: oname 192.168.1.181 kt 32
debug2: fd 7 setting O_NONBLOCK
debug3: conalloc: oname 192.168.1.181 kt 64
debug1: compat_banner: match: OpenSSH_8.9 pat OpenSSH* compat 0x04000000
# 192.168.1.181:22 SSH-2.0-OpenSSH_8.9
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: [email protected],curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,[email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: hmac-sha2-512,hmac-sha2-256
debug2: MACs stoc: hmac-sha2-512,hmac-sha2-256
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
choose_kex: unsupported KEX method [email protected]
debug1: compat_banner: match: OpenSSH_8.9 pat OpenSSH* compat 0x04000000

Environment data

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.3.6
PSEdition                      Core
GitCommitId                    7.3.6
OS                             Microsoft Windows 10.0.22621
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Version

9.2p1

Visuals

No response

[AndrewSav]

Having the same issue with v9.4.0.0p1-Beta

[brainos233]

sntrup761x25519 needs variable length arrays, see https://github.com/PowerShell/openssh-portable/blob/59aba65cf2e2f423c09d12ad825c3b32a11f408f/defines.h#L942

#if defined(VARIABLE_LENGTH_ARRAYS) && defined(VARIABLE_DECLARATION_AFTER_CODE)
# define USE_SNTRUP761X25519 1
#endif

But msvc does not support variable length arrays 😕

[AndrewSav]

If it's not supported it should not be proposed?

[triatic]

I came across this issue when testing 9.5p1. I suppose I'll just go back to using 8.1p1 which is bundled with Windows 10.