[X2Go-Dev] Bug#1373: kex error : no match for method mac algo

Danie de Jager danie.dejager at striata.com
Mon Feb 18 10:07:37 CET 2019 

Package: client

The client does not support chacha20 as I get this error when I try to
connect to the X2Go server. I did harden my SSH configuration as guided by
Mozzila
https://infosec.mozilla.org/guidelines/openssh

When I use defaults it works fine. It seems that the library used by X2Go
is missing some newer methods.

Config:
server ssh config:
KexAlgorithms curve25519-sha256 at libssh.org
,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305 at openssh.com,aes256-gcm at openssh.com,
aes128-gcm at openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,
umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128 at openssh.com

Client sshd config:
Client using default sshd config

or

HashKnownHosts yes
HostKeyAlgorithms ssh-ed25519-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ssh-rsa,
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
ecdsa-sha2-nistp384-cert-v01 at openssh.com,
ecdsa-sha2-nistp256-cert-v01 at openssh.com
,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
KexAlgorithms curve25519-sha256 at libssh.org
,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,
umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128 at openssh.com
Ciphers chacha20-poly1305 at openssh.com,aes256-gcm at openssh.com,
aes128-gcm at openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

Error:
"kex error : no match for method mac algo client->server: server [
hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,
umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128 at openssh.com],
client [hmac-sha1]"

or sometimes

"crypt_set_algorithms2: no crypto algorithm function found for
chacha20-poly1305 at openssh.com"

Let me know if I can provide more information.

Regards,
*Danie de Jager*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20190218/ba6daf89/attachment.html>

More information about the x2go-dev mailing list