openssl
openssl copied to clipboard
net-ssh fails under version 3.0.0 of the library when trying to connect to a server using an rsa host key
If I understand it correctly, version 3.0.0, when compiled against an openssl 1.1 library is supposed to work as before,
Unfortunately it can not connect to host that use an RSA host key:
. /net-ssh-test some-host-using-an-rsa-host-key
D, [2022-01-04T10:39:43.730661 #62362] DEBUG -- net.ssh.transport.session[53c]: establishing connection to some-host-using-an-rsa-host-key
D, [2022-01-04T10:39:43.784954 #62362] DEBUG -- net.ssh.transport.session[53c]: connection established
I, [2022-01-04T10:39:43.785162 #62362] INFO -- net.ssh.transport.server_version[550]: negotiating protocol version
D, [2022-01-04T10:39:43.785239 #62362] DEBUG -- net.ssh.transport.server_version[550]: local is `SSH-2.0-Ruby/Net::SSH_6.1.0 x86_64-darwin21'
D, [2022-01-04T10:39:43.816831 #62362] DEBUG -- net.ssh.transport.server_version[550]: remote is `SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3'
I, [2022-01-04T10:39:43.832333 #62362] INFO -- net.ssh.transport.algorithms[564]: sending KEXINIT
D, [2022-01-04T10:39:43.832609 #62362] DEBUG -- socket[578]: queueing packet nr 0 type 20 len 748
D, [2022-01-04T10:39:43.832688 #62362] DEBUG -- socket[578]: sent 752 bytes
D, [2022-01-04T10:39:43.837431 #62362] DEBUG -- socket[578]: read 400 bytes
D, [2022-01-04T10:39:43.837495 #62362] DEBUG -- socket[578]: received packet nr 0 type 20 len 396
I, [2022-01-04T10:39:43.837541 #62362] INFO -- net.ssh.transport.algorithms[564]: got KEXINIT from server
I, [2022-01-04T10:39:43.837599 #62362] INFO -- net.ssh.transport.algorithms[564]: negotiating algorithms
D, [2022-01-04T10:39:43.837673 #62362] DEBUG -- net.ssh.transport.algorithms[564]: negotiated:
* kex: diffie-hellman-group-exchange-sha256
* host_key: ssh-rsa
* encryption_server: aes256-ctr
* encryption_client: aes256-ctr
* hmac_client: hmac-sha2-512
* hmac_server: hmac-sha2-512
* compression_client: none
* compression_server: none
* language_client:
* language_server:
D, [2022-01-04T10:39:43.837700 #62362] DEBUG -- net.ssh.transport.algorithms[564]: exchanging keys
D, [2022-01-04T10:39:43.837792 #62362] DEBUG -- socket[578]: queueing packet nr 1 type 34 len 20
D, [2022-01-04T10:39:43.837829 #62362] DEBUG -- socket[578]: sent 24 bytes
D, [2022-01-04T10:39:43.885406 #62362] DEBUG -- socket[578]: read 280 bytes
D, [2022-01-04T10:39:43.885566 #62362] DEBUG -- socket[578]: received packet nr 1 type 31 len 276
D, [2022-01-04T10:39:43.892059 #62362] DEBUG -- socket[578]: queueing packet nr 2 type 32 len 268
D, [2022-01-04T10:39:43.892124 #62362] DEBUG -- socket[578]: sent 272 bytes
D, [2022-01-04T10:39:43.921702 #62362] DEBUG -- socket[578]: read 1104 bytes
D, [2022-01-04T10:39:43.921972 #62362] DEBUG -- socket[578]: received packet nr 2 type 33 len 1084
/Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/kex/abstract.rb:101:in `verify_signature': could not verify server signature (Net::SSH::Exception)
from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/kex/abstract.rb:50:in `exchange_keys'
from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/algorithms.rb:445:in `exchange_keys'
from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/algorithms.rb:245:in `proceed!'
from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/algorithms.rb:184:in `accept_kexinit'
from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:210:in `block in poll_message'
from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:190:in `loop'
from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:190:in `poll_message'
from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:225:in `block in wait'
from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:223:in `loop'
from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:223:in `wait'
from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:90:in `initialize'
from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh.rb:251:in `new'
from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh.rb:251:in `start'
from ./net-ssh-test:10:in `<main>'
from ./net-ssh-test:10:in `<main>'
Here's the test script:
Net::SSH.start(ARGV[0], nil, :verbose => :debug) do |ssh|
puts ssh.exec!("pwd")
end
Running the same command using version 2.2.1 of the gem works fine.
Have the same problem but with Ed25519 key: Ed25519::VerifyError: signature verification failed!
. Using openssl 2.2.1 fixes the issue as well.
You just have to add the gem x25519
to your Gemfile as explained here : https://github.com/net-ssh/net-ssh#key-exchange