Skip to content
This repository has been archived by the owner on Jan 7, 2025. It is now read-only.

support stronger ssh key exchange algorithm #29

Open
aspiers opened this issue Dec 23, 2016 · 2 comments
Open

support stronger ssh key exchange algorithm #29

aspiers opened this issue Dec 23, 2016 · 2 comments
Labels
enhancement

Comments

@aspiers
Copy link

aspiers commented Dec 23, 2016

I guess that this is an issue not with SyncOrg itself, but with whatever library it uses for ssh, but I'll report it here as a starting point:

My server had

KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256

in /etc/ssh/sshd_config on account of this advice, but that prevents SyncOrg from connecting, resulting in messages like:

sshd[1216]: fatal: Unable to negotiate with [IP address] port 43420: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]

It would be nice if it could support at least one of the two recommended algorithms above.
@hammerandtongs
Copy link

The upstream ssh library is

http://www.jcraft.com/jsch/

From there -

"""Key exchange: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521"""

So perhaps your fallback kex isn't happening?

@sleep-walker
Copy link

I have the same issue as @aspiers.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@aspiers @sleep-walker @hammerandtongs @wizmer