[X2Go-Dev] Bug#1373: Bug#1373: kex error : no match for method mac algo

Danie de Jager danie.dejager at striata.com
Mon Feb 18 12:24:37 CET 2019


Thanks for your input. Maybe the client ships in a way where it is compiled
to only support MACs of
hmac-sha1-etm at openssh.com,hmac-sha1

When I add these to my server I can SSH to it and see remote screen with
X2GO client. If I change the server's SSHD config and remove the 2 sha1
MACs I can still shh to the server but X2Go client stops working. To get
the libssh updated for my OS won't necissarily allow the client to use it
if the client was statically compiled using an older version.

On Mon, 18 Feb 2019 at 12:22, Antenore <antenore at simbiosi.org> wrote:

> Package: client
>
> Hi Daniel,
>
> I'm just a reader, but X2GO uses libssh, that support the Kex you are
> using, so first of all, you have to install an updated version of libssh
> and eventually check if it has been compiled with the support of these
> algorithms.
>
> Normally, I think, on the X2GO side there is nothing more to do.
>
> Have a look here:
>
> https://www.libssh.org/features/
>
> On 18 February 2019 10:07:37 CET, Danie de Jager <
> danie.dejager at striata.com> wrote:
> >Package: client
> >
> >The client does not support chacha20 as I get this error when I try to
> >connect to the X2Go server. I did harden my SSH configuration as guided
> >by
> >Mozzila
> >https://infosec.mozilla.org/guidelines/openssh
> >
> >When I use defaults it works fine. It seems that the library used by
> >X2Go
> >is missing some newer methods.
> >
> >Config:
> >server ssh config:
> >KexAlgorithms curve25519-sha256 at libssh.org
>
> >,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
> >Ciphers chacha20-poly1305 at openssh.com,aes256-gcm at openssh.com,
> >aes128-gcm at openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
> >MACs hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,
> >umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128 at openssh.com
> >
> >Client sshd config:
> >Client using default sshd config
> >
> >or
> >
> >HashKnownHosts yes
> >HostKeyAlgorithms ssh-ed25519-cert-v01 at openssh.com,
> >ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ssh-rsa,
> >ecdsa-sha2-nistp521-cert-v01 at openssh.com,
> >ecdsa-sha2-nistp384-cert-v01 at openssh.com,
> >ecdsa-sha2-nistp256-cert-v01 at openssh.com
> >,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
> >KexAlgorithms curve25519-sha256 at libssh.org
>
> >,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
> >MACs hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,
> >umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128 at openssh.com
> >Ciphers chacha20-poly1305 at openssh.com,aes256-gcm at openssh.com,
> >aes128-gcm at openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
> >
> >Error:
> >"kex error : no match for method mac algo client->server: server [
> >hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,
> >umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128 at openssh.com
> ],
> >client [hmac-sha1]"
> >
> >or sometimes
> >
> >"crypt_set_algorithms2: no crypto algorithm function found for
> >chacha20-poly1305 at openssh.com"
> >
> >Let me know if I can provide more information.
> >
> >Regards,
> >*Danie de Jager*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20190218/cf8fed3d/attachment.html>


More information about the x2go-dev mailing list