connectbot icon indicating copy to clipboard operation
connectbot copied to clipboard

Published 20 hours ago verified publisher icon connectbot

Can't connect to Tiny SSH Server

Open robinx999 opened this issue 5 years ago • 4 comments

Bug description

Can't connect to Tiny SSH Server On Android Side: Error Key exchange was not finished, connection is closed. Cannot negotiate, proposals do not match. On Server Side: tinysshd: C9jP74r2: info: connection from 192.168.0.19:48492 {main_tinysshd.c:106} tinysshd: C9jP74r2: fatal: unable to receive kex-message (protocol error){main_tinysshd.c:148}

Steps to reproduce

  1. Start Tiny SSH Server tcpserver -HRDl0 0.0.0.0 1122 /usr/sbin/tinysshd -v /etc/tinyssh/sshkeydir
  2. Try to Connect

Expected behavior

Working connection, OpenSSH can connect to that server without Problems

Android device

  • Device: HTC U11 Life
  • OS: Android 9
  • ConnectBot Version: 1.9.6 (Latest Playstore Version)

Server information

  • OS: Arch Linux
  • SSH Software and Version: tinyssh-20190101-2
  • Pubkeys used (if applicable): Ed25519

Additional context

Tiny SSH ist mainly used for Remote Unlocking a luks crypt root device https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Remote_unlocking_(hooks:_netconf,_dropbear,_tinyssh,_ppp) But tiny ssh does not seem to work at all even when started localy like described above

robinx999 avatar Mar 07 '20 10:03 robinx999

Tiny SSH only accepts [email protected] as the cipher which ConnectBot doesn't currently support. It looks like they used to have support for other ciphers until recently. I would recommend switching to Dropbear until we can support [email protected].

It's currently blocked by https://github.com/google/tink/issues/416

kruton avatar Sep 21 '20 16:09 kruton

Thanks a lot for the update. Unfortunately Dropbear also has a lot of problems like mentioned in the wiki. At the moment I SSH into a Pi and unlock the other machine from there I don't realy like it but it works. I realy hope that this problem will be resolved at some point, not sure why google seems to have a problem there. Not rearly sure what I should hope for. Maybe Tiny SSH is used more so that there will be some pressure on google to implement the necessary 'fixes', or that Tiny SSH implements additional Ciphers. Tiny SSH also mention a second one but I assume that is even more unlikley https://tinyssh.org/ Postquantum crypto: [email protected], [email protected]

Well in the mean time I first SSH into my Pi

robinx999 avatar Sep 21 '20 17:09 robinx999

Any news on that?

As a workaround I can recommend Termix.

marek22k avatar Jan 02 '23 01:01 marek22k