Package: client
The client does not support chacha20 as I get this error when I try to connect to the X2Go server. I did harden my SSH configuration as guided by Mozzila https://infosec.mozilla.org/guidelines/openssh
When I use defaults it works fine. It seems that the library used by X2Go is missing some newer methods.
Config: server ssh config: KexAlgorithms curve25519-sha256@libssh.org ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com, aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Client sshd config: Client using default sshd config
or
HashKnownHosts yes HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa, ecdsa-sha2-nistp521-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com ,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 KexAlgorithms curve25519-sha256@libssh.org ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com, aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
Error: "kex error : no match for method mac algo client->server: server [ hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com], client [hmac-sha1]"
or sometimes
"crypt_set_algorithms2: no crypto algorithm function found for chacha20-poly1305@openssh.com"
Let me know if I can provide more information.
Regards, *Danie de Jager*
Hi Daniel,
I'm just a reader, but X2GO uses libssh, that support the Kex you are using, so first of all, you have to install an updated version of libssh and eventually check if it has been compiled with the support of these algorithms.
Normally, I think, on the X2GO side there is nothing more to do.
Have a look here:
https://www.libssh.org/features/
On Mon, 18 Feb 2019 11:07:37 +0200 Danie de Jager <danie.dejager@striata.com> wrote:
Package: client
The client does not support chacha20 as I get this error when I try to connect to the X2Go server. I did harden my SSH configuration as guided by Mozzila https://infosec.mozilla.org/guidelines/openssh
When I use defaults it works fine. It seems that the library used by X2Go is missing some newer methods.
Config: server ssh config: KexAlgorithms curve25519-sha256@libssh.org ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com, aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Client sshd config: Client using default sshd config
or
HashKnownHosts yes HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa, ecdsa-sha2-nistp521-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com ,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 KexAlgorithms curve25519-sha256@libssh.org ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com, aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
Error: "kex error : no match for method mac algo client->server: server [ hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com], client [hmac-sha1]"
or sometimes
"crypt_set_algorithms2: no crypto algorithm function found for chacha20-poly1305@openssh.com"
Let me know if I can provide more information.
Regards, *Danie de Jager*
Package: client
Hi Daniel,
I'm just a reader, but X2GO uses libssh, that support the Kex you are using, so first of all, you have to install an updated version of libssh and eventually check if it has been compiled with the support of these algorithms.
Normally, I think, on the X2GO side there is nothing more to do.
Have a look here:
https://www.libssh.org/features/
On 18 February 2019 10:07:37 CET, Danie de Jager <danie.dejager@striata.com> wrote:
Package: client
The client does not support chacha20 as I get this error when I try to connect to the X2Go server. I did harden my SSH configuration as guided by Mozzila https://infosec.mozilla.org/guidelines/openssh
When I use defaults it works fine. It seems that the library used by X2Go is missing some newer methods.
Config: server ssh config: KexAlgorithms curve25519-sha256@libssh.org ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com, aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Client sshd config: Client using default sshd config
or
HashKnownHosts yes HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa, ecdsa-sha2-nistp521-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com ,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 KexAlgorithms curve25519-sha256@libssh.org ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com, aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
Error: "kex error : no match for method mac algo client->server: server [ hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com], client [hmac-sha1]"
or sometimes
"crypt_set_algorithms2: no crypto algorithm function found for chacha20-poly1305@openssh.com"
Let me know if I can provide more information.
Regards, *Danie de Jager*
Thanks for your input. Maybe the client ships in a way where it is compiled to only support MACs of hmac-sha1-etm@openssh.com,hmac-sha1
When I add these to my server I can SSH to it and see remote screen with X2GO client. If I change the server's SSHD config and remove the 2 sha1 MACs I can still shh to the server but X2Go client stops working. To get the libssh updated for my OS won't necissarily allow the client to use it if the client was statically compiled using an older version.
On Mon, 18 Feb 2019 at 12:22, Antenore <antenore@simbiosi.org> wrote:
Package: client
Hi Daniel,
I'm just a reader, but X2GO uses libssh, that support the Kex you are using, so first of all, you have to install an updated version of libssh and eventually check if it has been compiled with the support of these algorithms.
Normally, I think, on the X2GO side there is nothing more to do.
Have a look here:
https://www.libssh.org/features/
On 18 February 2019 10:07:37 CET, Danie de Jager < danie.dejager@striata.com> wrote:
Package: client
The client does not support chacha20 as I get this error when I try to connect to the X2Go server. I did harden my SSH configuration as guided by Mozzila https://infosec.mozilla.org/guidelines/openssh
When I use defaults it works fine. It seems that the library used by X2Go is missing some newer methods.
Config: server ssh config: KexAlgorithms curve25519-sha256@libssh.org
,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com, aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Client sshd config: Client using default sshd config
or
HashKnownHosts yes HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa, ecdsa-sha2-nistp521-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com ,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 KexAlgorithms curve25519-sha256@libssh.org
,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com, aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
Error: "kex error : no match for method mac algo client->server: server [ hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com ], client [hmac-sha1]"
or sometimes
"crypt_set_algorithms2: no crypto algorithm function found for chacha20-poly1305@openssh.com"
Let me know if I can provide more information.
Regards, *Danie de Jager*
Control: reassign -1 x2goclient Control: forcemerge #1374 -1
On Mo 18 Feb 2019 10:07:37 CET, Danie de Jager wrote:
Package: client
The client does not support chacha20 as I get this error when I try to connect to the X2Go server. I did harden my SSH configuration as guided by Mozzila https://infosec.mozilla.org/guidelines/openssh
When I use defaults it works fine. It seems that the library used by X2Go is missing some newer methods.
[...]
Doing some bts major domo work...
DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Processing control commands:
reassign -1 x2goclient Bug #1373 [client] kex error : no match for method mac algo Warning: Unknown package 'client' Bug reassigned from package 'client' to 'x2goclient'. Ignoring request to alter found versions of bug #1373 to the same values previously set Ignoring request to alter fixed versions of bug #1373 to the same values previously set forcemerge #1374 -1 Bug #1374 [client] [X2Go-Dev] Bug#1373: kex error : no match for method mac algo Warning: Unknown package 'client' Unable to merge bugs because: package of #1373 is 'x2goclient' not 'client' Failed to forcibly merge 1374: Did not alter merged bugs. Debbugs::Control::set_merged("transcript", GLOB(0x306fdc8), "requester", "Mike Gabriel <mike.gabriel\@das-netzwerkteam.de>", "request_addr", "1373-submit\@bugs.x2go.org", "request_msgid", "<20190218203655.Horde.ZxHTyiUkDbzxblMamIGj2JK\@mail.das-netzwe"..., "request_subject", ...) called at /usr/share/perl5/Debbugs/Control/Service.pm line 552 eval {...} called at /usr/share/perl5/Debbugs/Control/Service.pm line 551 Debbugs::Control::Service::control_line("line", "forcemerge #1374 -1", "clonebugs", HASH(0x2ffc1f0), "limit", HASH(0x2fbae18), "common_control_options", ARRAY(0x2fbaea8), "errors", ...) called at /usr/lib/debbugs/process line 1039
-- 1373: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1373 1374: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1374 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems