ssh2 icon indicating copy to clipboard operation
ssh2 copied to clipboard

Published 20 hours ago verified publisher icon mscdex

KEX diffie-hellman-group-exchange-sha1 isn't offered for Cisco

Open Kurtas opened this issue 3 years ago • 4 comments
trafficstars

Hello,

I have configured almost all KEX's algorithms, see the list

    kex: [
      'ecdh-sha2-nistp256',
      'ecdh-sha2-nistp384',
      'ecdh-sha2-nistp521',
      'diffie-hellman-group-exchange-sha1',
      'diffie-hellman-group-exchange-sha256',
      'diffie-hellman-group1-sha1',
      'diffie-hellman-group14-sha1',
      'diffie-hellman-group14-sha256',
      'diffie-hellman-group15-sha512',
      'diffie-hellman-group16-sha512',
      'diffie-hellman-group17-sha512',
      'diffie-hellman-group18-sha512',
    ],

But when I'm trying to connect to Cisco then the diffie-hellman-group-exchange-sha1 is never offered and I'm not able to connect there, see

2022-11-02T16:41:15.194Z - debug: Custom crypto binding not available
2022-11-02T16:41:15.195Z - debug: Local ident: 'SSH-2.0-ssh2js1.10.0'
2022-11-02T16:41:15.195Z - debug: Client: Trying 149.196.174.121 on port 22 ...
2022-11-02T16:41:15.318Z - debug: Socket connected
2022-11-02T16:41:15.445Z - debug: Remote ident: 'SSH-2.0-Cisco-1.25'
2022-11-02T16:41:15.445Z - debug: Outbound: Sending KEXINIT
2022-11-02T16:41:15.446Z - debug: Inbound: Handshake in progress
2022-11-02T16:41:15.446Z - debug: Handshake: (local) KEX method: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
2022-11-02T16:41:15.446Z - debug: Handshake: (remote) KEX method: diffie-hellman-group-exchange-sha1
2022-11-02T16:41:15.447Z - debug: Handshake: No matching key exchange algorithm
2022-11-02T16:41:15.447Z - debug: Outbound: Sending DISCONNECT (3)
2022-11-02T16:41:15.448Z - debug: Outbound: Sending DISCONNECT (11)
2022-11-02T16:41:15.469Z - info: Awaiting connectionEndedPromise...
2022-11-02T16:41:15.672Z - debug: Socket ended
2022-11-02T16:41:15.672Z - debug: Socket closed
2022-11-02T16:41:15.673Z - info: SocketClosedPromise finished.

But it is offered for SSH-2.0-ROSSSH - Mikrotik device

2022-11-11T08:35:24.580Z - debug: Remote ident: 'SSH-2.0-ROSSSH'
2022-11-11T08:35:24.580Z - debug: Outbound: Sending KEXINIT
2022-11-11T08:35:24.582Z - debug: Inbound: Handshake in progress
2022-11-11T08:35:24.582Z - debug: Handshake: (local) KEX method: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
2022-11-11T08:35:24.582Z - debug: Handshake: (remote) KEX method: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
2022-11-11T08:35:24.582Z - debug: Handshake: KEX algorithm: diffie-hellman-group-exchange-sha1

So the question is why all configured algorithms are not always offered to all devices? The last version ssh2 (1.11.0) is used

Thanks

Kurtas avatar Nov 14 '22 08:11 Kurtas

Some SSH implementations are known to be buggy in different ways. In the case of Cisco's implementation, it has a problem with exchanging large diffie-hellman parameters, so we currently disable the group exchange in that case.

It appears OpenSSH is simply capping the number of requested bits (to 4096) when connecting to a Cisco SSH server, so I suppose we could do the same instead of removing the algorithm outright if it proves to work reliably. Unfortunately I don't have any Cisco equipment to test against to verify that that will be the case.

mscdex avatar Nov 14 '22 11:11 mscdex

I can test changes across a lot of vendors not only Cisco in our network, will that help?

Kurtas avatar Nov 14 '22 16:11 Kurtas

I'm happy to test this as well on various Cisco implementations: IOS, IOS-XE, NX-OS. This changed has caused it to fail on our Cisco boxes, so happy to do any verification asap so we can get it included again!

petercrocker avatar Nov 23 '22 13:11 petercrocker

Please see pull request https://github.com/mscdex/ssh2/pull/1243 which is removing the BAD_DHGEX compatibility flag.

The changes were tested on affected Cisco 1.25 box (and also on other 370 boxes with various SSH implementations in our lab).

Thanks!

roman-kaspar avatar Dec 06 '22 21:12 roman-kaspar