wolfProvider
wolfProvider copied to clipboard
wolfSSL
Problems with WolfSSL and OpenSSH via WolfProvider
Hello, We are experiencing issues with WolfSSL, WolfProvider when using OpenSSH.
Versions:
OpenSSH: 10.0p2 WolfProvider: master@ddcae30eb670c79baf1afe11466cafc7aa43483c WolfSSL: Custom (zip provided by WolfSSL) 5.6.4 OpenSSL: 3.0.12
We are using WolfSSL via WolfProvider for OpenSSL to communicate with OpenSSH.
WolfSSL configure/build params:
CPPFLAGS: "-DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DECC_MIN_KEY_SZ=192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER -DWOLFSSL_RSA_KEY_CHECK -DWOLFSSL_DH_EXTRA -DECC_CACHE_CURVE -DHAVE_AES_DECRYPT" Conf params: "--enable-fips=v5 --enable-cmac --enable-keygen --enable-sha --enable-aesctr --enable-aesccm --enable-aescfb --enable-aesgcm --enable-x963kdf --enable-certgen --enable-aeskeywrap --enable-enckeys --enable-curve25519 --enable-curve448 --enable-ed25519 --enable-sha224 --enable-sha3 --enable-pwdbased --enable-certreq --enable-certext --enable-opensslcoexist --enable-aesgcm-stream"
There are also extra CPPFLAGS and CFLAGS used for WOLFCRYPT_FIPS_CORE_HASH_VALUE and SIZEOF_LONG_LONG for FIPS selftest.
WolfProvider configure/build flags:
CPPFLAGS: "-I${RECIPE_SYSROOT}/usr/include -I${WORKDIR}/git/include" Conf params: "--with-openssl=${RECIPE_SYSROOT}/usr --with-wolfssl=${RECIPE_SYSROOT}/usr"
CFLAGS: "-DWOLFSSL_SHA224 -DWOLFSSL_SHA3 -DHAVE_CURVE25519 -DHAVE_CURVE25519_KEY_IMPORT -DHAVE_CURVE25519_KEY_EXPORT -DHAVE_ED25519 -DHAVE_ED25519_KEY_IMPORT -DHAVE_ED25519_KEY_EXPORT -DHAVE_CURVE448 -DWOLFSSL_DH_EXTRA -DWOLFSSL_SHA512 -DHAVE_FIPS -DHAVE_FIPS_VERSION=5 -DHAVE_FFDHE_Q -DHAVE_AESGCM -DHAVE_AES_ECB -DHAVE_AESCCM -DHAVE_ECC -DHAVE_ECC_DHE -DHAVE_ALL_CURVES -DHAVE_ECC_SIGN -DHAVE_ECC_VERIFY"
We are not always using WolfProvider and WolfSSL. We only enable them in OpenSSL once FIPS mode is enabled on device (we edit OpenSSL config, and reboot the device).
Now the problem was only noticed (it existed before) once we updated to OpenSSH10.0p2. The problem started because in OpenSSH10.0p2 they started to default to AES-GCM cipher algorithms instead of AES-CTR if GCM ciphers were provided as available. If we try to connect to device running fips mode using aes-128/256-ctr ciphers connection works normally. But if we leave the default behaviour the connection fails. There is also a problem with using "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521" kex algorithms in OpenSSH (before 10.0p2 this was not happening). With kex that problem happens no matter which cipher we use.
Some logs: SSH client (OpenSSH10.0p2):
ssh -vvv admin@::
debug1: OpenSSH_10.0p2, OpenSSL 3.0.12 24 Oct 2023
debug3: Running on Linux 5.4.134-iproc #1 PREEMPT Wed Jul 21 01:56:14 UTC 2021 armv7l
debug3: Started with: ssh -vvv admin@::
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: include /etc/ssh/ssh_config.d/*.conf matched no files
debug2: resolve_canonicalize: hostname :: is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/root/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/root/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to :: [::] port 22.
debug3: set_sock_tos: set socket 3 IPV6_TCLASS 0x48
debug1: Connection established.
debug1: identity file /home/root/.ssh/id_rsa type -1
debug1: identity file /home/root/.ssh/id_rsa-cert type -1
debug1: identity file /home/root/.ssh/id_ecdsa type -1
debug1: identity file /home/root/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/root/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/root/.ssh/id_ed25519 type -1
debug1: identity file /home/root/.ssh/id_ed25519-cert type -1
debug1: identity file /home/root/.ssh/id_ed25519_sk type -1
debug1: identity file /home/root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/root/.ssh/id_xmss type -1
debug1: identity file /home/root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_10.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_10.0
debug1: compat_banner: match: OpenSSH_10.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to :::22 as 'admin'
debug3: record_hostkey: found key type ED25519 in file /home/root/.ssh/known_hosts:1
debug3: record_hostkey: found key type RSA in file /home/root/.ssh/known_hosts:2
debug3: record_hostkey: found key type ECDSA in file /home/root/.ssh/known_hosts:3
debug3: load_hostkeys_file: loaded 3 keys from ::
debug1: load_hostkeys: fopen /home/root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type [email protected], using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,[email protected],curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,[email protected]
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: [email protected],[email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc: [email protected],[email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,[email protected]
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,[email protected],aes256-ctr,[email protected]
debug2: ciphers stoc: aes128-ctr,[email protected],aes256-ctr,[email protected]
debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: kex_choose_conf: will use strict KEX ordering
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by ::1 port 22
Python 3.13.3 with paramiko 3.4.0:
DEB [20250513-02:40:54.602] thr=1 paramiko.transport: starting thread (client mode): 0xa1187620
DEB [20250513-02:40:54.603] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_3.4.0
DEB [20250513-02:40:54.700] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_10.0
INF [20250513-02:40:54.701] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_10.0)
DEB [20250513-02:40:54.743] thr=1 paramiko.transport: === Key exchange possibilities ===
DEB [20250513-02:40:54.744] thr=1 paramiko.transport: kex algos: curve25519-sha256, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, ext-info-s, [email protected]
DEB [20250513-02:40:54.744] thr=1 paramiko.transport: server key: rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp256, ssh-ed25519
DEB [20250513-02:40:54.744] thr=1 paramiko.transport: client encrypt: aes128-ctr, [email protected], aes256-ctr, [email protected]
DEB [20250513-02:40:54.744] thr=1 paramiko.transport: server encrypt: aes128-ctr, [email protected], aes256-ctr, [email protected]
DEB [20250513-02:40:54.744] thr=1 paramiko.transport: client mac: hmac-sha2-256, hmac-sha2-512
DEB [20250513-02:40:54.744] thr=1 paramiko.transport: server mac: hmac-sha2-256, hmac-sha2-512
DEB [20250513-02:40:54.744] thr=1 paramiko.transport: client compress: none, [email protected]
DEB [20250513-02:40:54.744] thr=1 paramiko.transport: server compress: none, [email protected]
DEB [20250513-02:40:54.744] thr=1 paramiko.transport: client lang: <none>
DEB [20250513-02:40:54.744] thr=1 paramiko.transport: server lang: <none>
DEB [20250513-02:40:54.744] thr=1 paramiko.transport: kex follows: False
DEB [20250513-02:40:54.744] thr=1 paramiko.transport: === Key exchange agreements ===
DEB [20250513-02:40:54.744] thr=1 paramiko.transport: Strict kex mode: True
DEB [20250513-02:40:54.744] thr=1 paramiko.transport: Kex: ecdh-sha2-nistp256
DEB [20250513-02:40:54.745] thr=1 paramiko.transport: HostKey: ssh-ed25519
DEB [20250513-02:40:54.745] thr=1 paramiko.transport: Cipher: aes128-ctr
DEB [20250513-02:40:54.745] thr=1 paramiko.transport: MAC: hmac-sha2-256
DEB [20250513-02:40:54.745] thr=1 paramiko.transport: Compression: none
DEB [20250513-02:40:54.745] thr=1 paramiko.transport: === End of kex handshake ===
DEB [20250513-02:40:54.763] thr=1 paramiko.transport: EOF in transport thread
DEB [20250513-02:57:51.662] thr=1 paramiko.transport: starting thread (client mode): 0x1785f620
DEB [20250513-02:57:51.663] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_3.4.0
DEB [20250513-02:57:51.781] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_10.0
INF [20250513-02:57:51.782] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_10.0)
DEB [20250513-02:57:51.828] thr=1 paramiko.transport: === Key exchange possibilities ===
DEB [20250513-02:57:51.828] thr=1 paramiko.transport: kex algos: curve25519-sha256, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, ext-info-s, [email protected]
DEB [20250513-02:57:51.829] thr=1 paramiko.transport: server key: rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp256, ssh-ed25519
DEB [20250513-02:57:51.829] thr=1 paramiko.transport: client encrypt: aes128-ctr, [email protected], aes256-ctr, [email protected]
DEB [20250513-02:57:51.829] thr=1 paramiko.transport: server encrypt: aes128-ctr, [email protected], aes256-ctr, [email protected]
DEB [20250513-02:57:51.829] thr=1 paramiko.transport: client mac: hmac-sha2-256, hmac-sha2-512
DEB [20250513-02:57:51.829] thr=1 paramiko.transport: server mac: hmac-sha2-256, hmac-sha2-512
DEB [20250513-02:57:51.829] thr=1 paramiko.transport: client compress: none, [email protected]
DEB [20250513-02:57:51.829] thr=1 paramiko.transport: server compress: none, [email protected]
DEB [20250513-02:57:51.829] thr=1 paramiko.transport: client lang: <none>
DEB [20250513-02:57:51.829] thr=1 paramiko.transport: server lang: <none>
DEB [20250513-02:57:51.830] thr=1 paramiko.transport: kex follows: False
DEB [20250513-02:57:51.830] thr=1 paramiko.transport: === Key exchange agreements ===
DEB [20250513-02:57:51.830] thr=1 paramiko.transport: Strict kex mode: True
DEB [20250513-02:57:51.830] thr=1 paramiko.transport: Kex: ecdh-sha2-nistp256
DEB [20250513-02:57:51.830] thr=1 paramiko.transport: HostKey: ssh-ed25519
DEB [20250513-02:57:51.830] thr=1 paramiko.transport: Cipher: aes128-ctr
DEB [20250513-02:57:51.830] thr=1 paramiko.transport: MAC: hmac-sha2-256
DEB [20250513-02:57:51.830] thr=1 paramiko.transport: Compression: none
DEB [20250513-02:57:51.830] thr=1 paramiko.transport: === End of kex handshake ===
DEB [20250513-02:57:51.841] thr=1 paramiko.transport: EOF in transport thread
DEB [20250513-06:52:36.435] thr=1 paramiko.transport: starting thread (client mode): 0x65bf620
DEB [20250513-06:52:36.436] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_3.4.0
DEB [20250513-06:52:36.530] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_10.0
INF [20250513-06:52:36.530] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_10.0)
DEB [20250513-06:52:36.575] thr=1 paramiko.transport: === Key exchange possibilities ===
DEB [20250513-06:52:36.575] thr=1 paramiko.transport: kex algos: curve25519-sha256, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, ext-info-s, [email protected]
DEB [20250513-06:52:36.575] thr=1 paramiko.transport: server key: rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp256, ssh-ed25519
DEB [20250513-06:52:36.575] thr=1 paramiko.transport: client encrypt: aes128-ctr, [email protected], aes256-ctr, [email protected]
DEB [20250513-06:52:36.575] thr=1 paramiko.transport: server encrypt: aes128-ctr, [email protected], aes256-ctr, [email protected]
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: client mac: hmac-sha2-256, hmac-sha2-512
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: server mac: hmac-sha2-256, hmac-sha2-512
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: client compress: none, [email protected]
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: server compress: none, [email protected]
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: client lang: <none>
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: server lang: <none>
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: kex follows: False
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: === Key exchange agreements ===
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: Strict kex mode: True
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: Kex: ecdh-sha2-nistp256
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: HostKey: ssh-ed25519
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: Cipher: aes128-ctr
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: MAC: hmac-sha2-256
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: Compression: none
DEB [20250513-06:52:36.576] thr=1 paramiko.transport: === End of kex handshake ===
DEB [20250513-06:52:36.592] thr=1 paramiko.transport: EOF in transport thread
SSH server (OpenSSH10.0p2): and client (Ubuntu OpenSSH9.6) Server:
2025-05-13T07:04:29.051+00:00 Chassis1 auth.err WTM4800 sshd-session.9755 error: kex_maybe_send_ext_info: send EXT_INFO [preauth]
2025-05-13T07:04:29.051+00:00 Chassis1 auth.info WTM4800 sshd-session.9755 ssh_dispatch_run_fatal: Connection from <client-ip> port 36122: error in libcrypto [preauth]
2025-05-13T07:04:29.051+00:00 Chassis1 auth.err WTM4800 sshd-session.9755 error: kex_maybe_send_ext_info: send EXT_INFO [preauth]
2025-05-13T07:04:29.051+00:00 Chassis1 auth.info WTM4800 sshd-session.9755 ssh_dispatch_run_fatal: Connection from <client-ip> port 36122: error in libcrypto [preauth]```
Client:
```bash
ssh -vvv -c [email protected] admin@<server-ip>
OpenSSH_9.6p1 Ubuntu-3ubuntu13.11, OpenSSL 3.0.13 30 Jan 2024
debug1: Reading configuration data /home/ajarc/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname <server-ip> is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/ajarc/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/ajarc/.ssh/known_hosts2'
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to <server-ip> [<server-ip>] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/ajarc/.ssh/id_rsa type 0
debug1: identity file /home/ajarc/.ssh/id_rsa-cert type -1
debug1: identity file /home/ajarc/.ssh/id_ecdsa type -1
debug1: identity file /home/ajarc/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/ajarc/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/ajarc/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/ajarc/.ssh/id_ed25519 type 3
debug1: identity file /home/ajarc/.ssh/id_ed25519-cert type -1
debug1: identity file /home/ajarc/.ssh/id_ed25519_sk type -1
debug1: identity file /home/ajarc/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/ajarc/.ssh/id_xmss type -1
debug1: identity file /home/ajarc/.ssh/id_xmss-cert type -1
debug1: identity file /home/ajarc/.ssh/id_dsa type -1
debug1: identity file /home/ajarc/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.11
debug1: Remote protocol version 2.0, remote software version OpenSSH_10.0
debug1: compat_banner: match: OpenSSH_10.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 11.214.153.34:22 as 'admin'
debug3: record_hostkey: found key type ED25519 in file /home/ajarc/.ssh/known_hosts:235
debug3: record_hostkey: found key type RSA in file /home/ajarc/.ssh/known_hosts:236
debug3: record_hostkey: found key type ECDSA in file /home/ajarc/.ssh/known_hosts:237
debug3: load_hostkeys_file: loaded 3 keys from <server-ip>
debug1: load_hostkeys: fopen /home/ajarc/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type [email protected], using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: [email protected],curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,[email protected]
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: [email protected]
debug2: ciphers stoc: [email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,[email protected]
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,[email protected],aes256-ctr,[email protected]
debug2: ciphers stoc: aes128-ctr,[email protected],aes256-ctr,[email protected]
debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: kex_choose_conf: will use strict KEX ordering
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by <server-ip> port 22
Zendesk ticket: 19884
