Andrew Engelbrecht wrote: > Someone said they were having trouble ssh'ing to Savannah, and course > they're an Arch user, so likely using SSH 8.8. ; )
Agreed. Very likely. > They did apply the +ssh-rsa trick, but for some reason Savannah > wasn't accepting their key that had been working for a while > already. Likely that was actually a different problem. Since the workaround for it did not work. Or perhaps the workaround was not correctly applied. For example have had one case already where misunderstanding of the "old-host" example name caused the user to use that placeholder string literally instead of using the actual hostname. > They said that once they created an ED25519 key, the could log in. Though undocumented in the OpenSSH 8.8 release notes it seems likely that using an ED25519 user key also enables using an ED25519 host key and thereby avoiding the SHA-1 algorithm in the ssh-rsa host key which is otherwise used by default. There have been several reports that upgrading to ED25519 user keys works. Upgrading to an ED25519 user key is definitely a good upgrade all around. I think we should be recommending that for people who wish to move forward. [[ I still don't have an OpenSSH 8.8 client system of my own to try experiments with and therefore am just working based upon reports from others. ]] > It's possible that their SSH authorized keys list on Savannah was > changed at some point, and they forgot? Historically users have had a variety of problems. There are an infinite number of ways for things to fail. But there is only one way for things to work correctly. Trying to guess why something has failed without any information is a gamble at best. Other users have successfully applied the +ssh-rsa workaround and it has worked. The release notes document it. If that did not work then the problem must be something else. > In any case, they requested that we update the following page with info > about acceptable ciphers: > > https://savannah.gnu.org/maintenance/SshAccess/ Thanks for the nudge to do this. I have updated that page with information concerning this issue. > I don't think it's super urgent, but it might be nice to add a list to that > page. I hope that I sent this to the right list. I'm likely not subscribed, > so please CC me on any replies. OpenSSH does not make this information trivially available to the user! And I should just stop the email here but... You asked! And so here is actually a way to get this information. :-) I would "ssh -vv git.savannah.gnu.org" and then look through the verbose information provided there. That's always going to be the correct information about what is happening. That going to be the easier way to figure out what is happening. And it is mostly incomprehensible to mere mortals reading it. For example. rwp@angst:~$ ssh -vv git.savannah.gnu.org debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-cdebug2: host key algorithms: ssh-rsa-cert-...@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: ciphers stoc: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: MACs ctos: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,z...@openssh.com,zlib debug2: compression stoc: none,z...@openssh.com,zlib debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellma$-group14-sha1,diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-c$c,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-c$c,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: MACs ctos: hmac-md5-...@openssh.com,hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-ripemd160-e$m...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openss$.com,hmac-sha1-96,hmac-md5-96 debug2: MACs stoc: hmac-md5-...@openssh.com,hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-ripemd160-e$m...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openss$.com,hmac-sha1-96,hmac-md5-96 debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-rsa SHA256:FYkx0iik+iBeCLRzvUyUSTRT98TEBBJoYuQsTXbyGL8 debug1: Host 'git.savannah.gnu.org' is known and matches the RSA host key. debug1: Found key in /home/rwp/.ssh/known_hosts:154 There you go! All of the information is right there. But does it help? :-) In this case everything is working okay. But in the case of a misalignment between client and server it would have error messages indicating the problems. It *is* actually possible to probe remote systems using nmap and have nmap since version r20844 provide this information too. rwp@angst:~$ nmap --script ssh2-enum-algos -sV -p 22 git.savannah.gnu.org Starting Nmap 7.40 ( https://nmap.org ) at 2021-10-10 14:52 MDT Nmap scan report for git.savannah.gnu.org (209.51.188.201) Host is up (0.075s latency). Other addresses for git.savannah.gnu.org (not scanned): 2001:470:142:5::201 rDNS record for 209.51.188.201: vcs0.savannah.gnu.org PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1p1 (protocol 2.0; Trisquel 7.0) | ssh2-enum-algos: | kex_algorithms: (8) | curve25519-sha...@libssh.org | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 | ecdh-sha2-nistp521 | diffie-hellman-group-exchange-sha256 | diffie-hellman-group-exchange-sha1 | diffie-hellman-group14-sha1 | diffie-hellman-group1-sha1 | server_host_key_algorithms: (4) | ssh-rsa | ssh-dss | ecdsa-sha2-nistp256 | ssh-ed25519 | encryption_algorithms: (16) | aes128-ctr | aes192-ctr | aes256-ctr | arcfour256 | arcfour128 | aes128-...@openssh.com | aes256-...@openssh.com | chacha20-poly1...@openssh.com | aes128-cbc | 3des-cbc | blowfish-cbc | cast128-cbc | aes192-cbc | aes256-cbc | arcfour | rijndael-...@lysator.liu.se | mac_algorithms: (19) | hmac-md5-...@openssh.com | hmac-sha1-...@openssh.com | umac-64-...@openssh.com | umac-128-...@openssh.com | hmac-sha2-256-...@openssh.com | hmac-sha2-512-...@openssh.com | hmac-ripemd160-...@openssh.com | hmac-sha1-96-...@openssh.com | hmac-md5-96-...@openssh.com | hmac-md5 | hmac-sha1 | umac...@openssh.com | umac-...@openssh.com | hmac-sha2-256 | hmac-sha2-512 | hmac-ripemd160 | hmac-ripemd...@openssh.com | hmac-sha1-96 | hmac-md5-96 | compression_algorithms: (2) | none |_ z...@openssh.com Service Info: OS: Linux; CPE: cpe:/o:trisquel_project:trisquel_gnu%2flinux:7.0 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 4.66 seconds Couple that with using ssh -Q query to ask the client what it supports. This ssh -Q option is available since version 6.3. rwp@angst:~$ for q in cipher cipher-auth mac kex key key-cert key-plain protocol-version; do echo $q; ssh -Q $q | sed 's/^/ /'; done cipher 3des-cbc blowfish-cbc cast128-cbc arcfour arcfour128 arcfour256 aes128-cbc aes192-cbc aes256-cbc rijndael-...@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr aes128-...@openssh.com aes256-...@openssh.com chacha20-poly1...@openssh.com cipher-auth aes128-...@openssh.com aes256-...@openssh.com chacha20-poly1...@openssh.com mac hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-md5 hmac-md5-96 hmac-ripemd160 hmac-ripemd...@openssh.com umac...@openssh.com umac-...@openssh.com hmac-sha1-...@openssh.com hmac-sha1-96-...@openssh.com hmac-sha2-256-...@openssh.com hmac-sha2-512-...@openssh.com hmac-md5-...@openssh.com hmac-md5-96-...@openssh.com hmac-ripemd160-...@openssh.com umac-64-...@openssh.com umac-128-...@openssh.com kex diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha256 curve25519-sha...@libssh.org key ssh-ed25519 ssh-ed25519-cert-...@openssh.com ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-rsa-cert-...@openssh.com ssh-dss-cert-...@openssh.com ecdsa-sha2-nistp256-cert-...@openssh.com ecdsa-sha2-nistp384-cert-...@openssh.com ecdsa-sha2-nistp521-cert-...@openssh.com key-cert ssh-ed25519-cert-...@openssh.com ssh-rsa-cert-...@openssh.com ssh-dss-cert-...@openssh.com ecdsa-sha2-nistp256-cert-...@openssh.com ecdsa-sha2-nistp384-cert-...@openssh.com ecdsa-sha2-nistp521-cert-...@openssh.com key-plain ssh-ed25519 ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 protocol-version 2 And then between those two things the user can see what lines up as shared available algorithms and what does not. Bob
