Package: client
Hi Daniel,
I'm just a reader, but X2GO uses libssh, that support the Kex you are using, so first of all, you have to install an updated version of libssh and eventually check if it has been compiled with the support of these algorithms.
Normally, I think, on the X2GO side there is nothing more to do.
Have a look here:
https://www.libssh.org/features/
On 18 February 2019 10:07:37 CET, Danie de Jager <danie.dejager@striata.com> wrote:
Package: client
The client does not support chacha20 as I get this error when I try to connect to the X2Go server. I did harden my SSH configuration as guided by Mozzila https://infosec.mozilla.org/guidelines/openssh
When I use defaults it works fine. It seems that the library used by X2Go is missing some newer methods.
Config: server ssh config: KexAlgorithms curve25519-sha256@libssh.org ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com, aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Client sshd config: Client using default sshd config
or
HashKnownHosts yes HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa, ecdsa-sha2-nistp521-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com ,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 KexAlgorithms curve25519-sha256@libssh.org ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com, aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
Error: "kex error : no match for method mac algo client->server: server [ hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com], client [hmac-sha1]"
or sometimes
"crypt_set_algorithms2: no crypto algorithm function found for chacha20-poly1305@openssh.com"
Let me know if I can provide more information.
Regards, *Danie de Jager*