openssl icon indicating copy to clipboard operation
openssl copied to clipboard

Published 20 hours ago verified publisher icon ruby

net-ssh fails under version 3.0.0 of the library when trying to connect to a server using an rsa host key

Open skaes opened this issue 2 years ago • 2 comments

If I understand it correctly, version 3.0.0, when compiled against an openssl 1.1 library is supposed to work as before,

Unfortunately it can not connect to host that use an RSA host key:

. /net-ssh-test some-host-using-an-rsa-host-key
D, [2022-01-04T10:39:43.730661 #62362] DEBUG -- net.ssh.transport.session[53c]: establishing connection to some-host-using-an-rsa-host-key
D, [2022-01-04T10:39:43.784954 #62362] DEBUG -- net.ssh.transport.session[53c]: connection established
I, [2022-01-04T10:39:43.785162 #62362]  INFO -- net.ssh.transport.server_version[550]: negotiating protocol version
D, [2022-01-04T10:39:43.785239 #62362] DEBUG -- net.ssh.transport.server_version[550]: local is `SSH-2.0-Ruby/Net::SSH_6.1.0 x86_64-darwin21'
D, [2022-01-04T10:39:43.816831 #62362] DEBUG -- net.ssh.transport.server_version[550]: remote is `SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3'
I, [2022-01-04T10:39:43.832333 #62362]  INFO -- net.ssh.transport.algorithms[564]: sending KEXINIT
D, [2022-01-04T10:39:43.832609 #62362] DEBUG -- socket[578]: queueing packet nr 0 type 20 len 748
D, [2022-01-04T10:39:43.832688 #62362] DEBUG -- socket[578]: sent 752 bytes
D, [2022-01-04T10:39:43.837431 #62362] DEBUG -- socket[578]: read 400 bytes
D, [2022-01-04T10:39:43.837495 #62362] DEBUG -- socket[578]: received packet nr 0 type 20 len 396
I, [2022-01-04T10:39:43.837541 #62362]  INFO -- net.ssh.transport.algorithms[564]: got KEXINIT from server
I, [2022-01-04T10:39:43.837599 #62362]  INFO -- net.ssh.transport.algorithms[564]: negotiating algorithms
D, [2022-01-04T10:39:43.837673 #62362] DEBUG -- net.ssh.transport.algorithms[564]: negotiated:
* kex: diffie-hellman-group-exchange-sha256
* host_key: ssh-rsa
* encryption_server: aes256-ctr
* encryption_client: aes256-ctr
* hmac_client: hmac-sha2-512
* hmac_server: hmac-sha2-512
* compression_client: none
* compression_server: none
* language_client: 
* language_server: 
D, [2022-01-04T10:39:43.837700 #62362] DEBUG -- net.ssh.transport.algorithms[564]: exchanging keys
D, [2022-01-04T10:39:43.837792 #62362] DEBUG -- socket[578]: queueing packet nr 1 type 34 len 20
D, [2022-01-04T10:39:43.837829 #62362] DEBUG -- socket[578]: sent 24 bytes
D, [2022-01-04T10:39:43.885406 #62362] DEBUG -- socket[578]: read 280 bytes
D, [2022-01-04T10:39:43.885566 #62362] DEBUG -- socket[578]: received packet nr 1 type 31 len 276
D, [2022-01-04T10:39:43.892059 #62362] DEBUG -- socket[578]: queueing packet nr 2 type 32 len 268
D, [2022-01-04T10:39:43.892124 #62362] DEBUG -- socket[578]: sent 272 bytes
D, [2022-01-04T10:39:43.921702 #62362] DEBUG -- socket[578]: read 1104 bytes
D, [2022-01-04T10:39:43.921972 #62362] DEBUG -- socket[578]: received packet nr 2 type 33 len 1084
/Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/kex/abstract.rb:101:in `verify_signature': could not verify server signature (Net::SSH::Exception)
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/kex/abstract.rb:50:in `exchange_keys'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/algorithms.rb:445:in `exchange_keys'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/algorithms.rb:245:in `proceed!'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/algorithms.rb:184:in `accept_kexinit'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:210:in `block in poll_message'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:190:in `loop'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:190:in `poll_message'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:225:in `block in wait'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:223:in `loop'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:223:in `wait'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:90:in `initialize'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh.rb:251:in `new'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh.rb:251:in `start'
        from ./net-ssh-test:10:in `<main>'
from ./net-ssh-test:10:in `<main>'

Here's the test script:

Net::SSH.start(ARGV[0], nil, :verbose => :debug) do |ssh|
  puts ssh.exec!("pwd")
end

Running the same command using version 2.2.1 of the gem works fine.

skaes avatar Jan 05 '22 08:01 skaes

Have the same problem but with Ed25519 key: Ed25519::VerifyError: signature verification failed!. Using openssl 2.2.1 fixes the issue as well.

tycooon avatar Jan 12 '22 17:01 tycooon

You just have to add the gem x25519 to your Gemfile as explained here : https://github.com/net-ssh/net-ssh#key-exchange

zedalaye avatar May 11 '22 09:05 zedalaye