syncorg icon indicating copy to clipboard operation
syncorg copied to clipboard

Published 20 hours ago verified publisher icon wizmer

support stronger ssh key exchange algorithm

Open aspiers opened this issue 8 years ago • 2 comments
trafficstars

I guess that this is an issue not with SyncOrg itself, but with whatever library it uses for ssh, but I'll report it here as a starting point:

My server had

KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256

in /etc/ssh/sshd_config on account of this advice, but that prevents SyncOrg from connecting, resulting in messages like:

sshd[1216]: fatal: Unable to negotiate with [IP address] port 43420: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]

It would be nice if it could support at least one of the two recommended algorithms above.

aspiers avatar Dec 23 '16 23:12 aspiers

The upstream ssh library is

http://www.jcraft.com/jsch/

From there -

"""Key exchange: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521"""

So perhaps your fallback kex isn't happening?

hammerandtongs avatar Jan 24 '17 15:01 hammerandtongs

I have the same issue as @aspiers.

sleep-walker avatar Jul 12 '17 14:07 sleep-walker