Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSH: unable to connect to ssh server using kex algorithm diffie-hellman-group1-sha1 #8840

Closed
Clem-Fern opened this issue Aug 16, 2023 · 8 comments
Labels

Comments

@Clem-Fern
Copy link
Contributor

Clem-Fern commented Aug 16, 2023

Version: nightly (since 2f1c388, electron version update to 25.x.x) (since 555d3c8, ssh2 version update to 1.14.0)
Platform: tested on Windows, Linux
Plugins: none

Describe the problem:
Since this commit 2f1c388 (electron version update to 25.x.x) 555d3c8 (ssh2 version update to 1.14.0), I'm not able to connect to Cisco device using kex algorithm diffie-hellman-group1-sha1.

 SSH  Connecting to x.x.x.x
 SSH   !  Agent auth selected, but no running agent is detected
 X  Unknown DH group

No error in Tabby's log.
Logs I collected on Cisco side:

2986948: Aug 16 11:56:58.211: SSH1: starting SSH control process
2986949: Aug 16 11:56:58.211: SSH1: sent protocol version id SSH-2.0-Cisco-1.25
2986950: Aug 16 11:56:58.216: SSH1: protocol version id is - SSH-2.0-ssh2js1.14.0
2986951: Aug 16 11:56:58.216: SSH2 1: kexinit sent: encryption algo = aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
2986952: Aug 16 11:56:58.216: SSH2 1: kexinit sent: mac algo = hmac-sha1,hmac-sha1-96
2986953: Aug 16 11:56:58.216: SSH2 1: send:packet of  length 368 (length also includes padlen of 5)
2986954: Aug 16 11:56:58.217: SSH2 1: SSH2_MSG_KEXINIT sent
2986955: Aug 16 11:56:58.220: SSH2 1: ssh_receive: 536 bytes received
2986956: Aug 16 11:56:58.220: SSH2 1: input: total packet length of 1344 bytes
2986957: Aug 16 11:56:58.220: SSH2 1: partial packet length(block size)8 bytes,needed 1336 bytes,maclen 0
2986958: Aug 16 11:56:58.220: SSH2 1: ssh_receive: 536 bytes received
2986959: Aug 16 11:56:58.220: SSH2 1: partial packet length(block size)8 bytes,needed 1336 bytes,maclen 0
2986960: Aug 16 11:56:58.220: SSH2 1: ssh_receive: 272 bytes received
2986961: Aug 16 11:56:58.220: SSH2 1: partial packet length(block size)8 bytes,needed 1336 bytes, maclen 0
2986962: Aug 16 11:56:58.220: SSH2 1: input: padlength 11 bytes
2986963: Aug 16 11:56:58.220: SSH2 1: SSH2_MSG_KEXINIT received
2986964: Aug 16 11:56:58.220: SSH2 1: kex: client->server enc:3des-cbc mac:hmac-sha1
2986965: Aug 16 11:56:58.220: SSH2 1: kex: server->client enc:3des-cbc mac:hmac-sha1
2986966: Aug 16 11:56:58.220: SSH2 1: Using kex_algo = diffie-hellman-group1-sha1
2986967: Aug 16 11:56:58.228: SSH2 1: expecting SSH2_MSG_KEXDH_INIT
2986968: Aug 16 11:56:58.244: SSH2 1: SSH ERROR closing the connection
2986969: Aug 16 11:56:58.244: SSH2 1: send:packet of  length 72 (length also includes padlen of 7)
2986970: Aug 16 11:56:58.245: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from x.x.x.x
2986971: Aug 16 11:56:58.341: SSH1: Session disconnected - error 0x00

To Reproduce:

  1. Setup a Cisco switch/router which offer diffie-hellman-group1-sha1 kex algorithm (tested on Cisco IOS 12.2(55)SE10 & IOS-XE 03.06.05.E version)
  2. Try to connect to the device with tabby
  3. You should notice the error sent above

I didn't have the time to test connection with diffie-hellman-group1-sha1 kex on other ssh server than Cisco yet. I also take a quick view on ssh2 issues but didn't found any which could be related to this problem. I will try to do more tests and collect more info in the next few days.

@Clem-Fern
Copy link
Contributor Author

Clem-Fern commented Aug 16, 2023

Just tested with SSH-2.0-OpenSSH_9.3p2 Debian-1, same problem.

To Reproduce:

  1. Add new line KexAlgorithms diffie-hellman-group1-sha1 to your /etc/ssh/sshd_config file
  2. Try to connect to the server with Tabby (with diffie-hellman-group1-sha1 in Profile > Ciphers > Key exchange of course)
  3. Receving : X Unknown DH group

Sadly, it seems to be a Tabby issue. I tried to connect to my openssh server with the snippet bellow in a freshly created node project and I didn't encountered any error:

const { Client } = require('ssh2');
const { createDiffieHellmanGroup } = require('crypto')

const algo = {
    kex: ['diffie-hellman-group1-sha1'],
}

try {
    createDiffieHellmanGroup('modp2');
    console.log('DH modp2 OK')
} catch (error) {
    console.log('DH modp2 NOK')
    console.log(error)
}
//console: DH modp2 OK

const conn = new Client();
conn.on('ready', () => {
    console.log('Client :: ready');
    conn.exec('uptime', (err, stream) => {
        if (err) throw err;
        stream.on('close', (code, signal) => {
            console.log('Stream :: close :: code: ' + code + ', signal: ' + signal);
            conn.end();
        }).on('data', (data) => {
            console.log('STDOUT: ' + data);
        }).stderr.on('data', (data) => {
            console.log('STDERR: ' + data);
        });
    });
}).connect({
    host: 'localhost',
    port: 22,
    username: 'clem',
    password: 'clem',
    algorithms: algo,
    debug(information) {
        console.debug(information)
    },
});

If I understand well, this error is returned by the function createDiffieHellmanGroup from the crypto module. This function is called by ssh2 on client key exchange with the group name modp2 (group name corresponding to diffie-hellman-group1-sha1). I was thinking about some deprecated key algo in my node version. But all my tests were done with node v18.17.1 and we can see that modp2 group does exist:

https://github.com/nodejs/node/blob/2e414d5d1082233c3516fca923fe351d5186c80e/src/crypto/crypto_dh.cc#L217-L252

@Clem-Fern Clem-Fern changed the title SSH: Not able to connect to Cisco Device (kex algorithm diffie-hellman-group1-sha1) SSH: Not able to connect to ssh server using kex algorithm diffie-hellman-group1-sha1 Aug 16, 2023
@Clem-Fern Clem-Fern changed the title SSH: Not able to connect to ssh server using kex algorithm diffie-hellman-group1-sha1 SSH: unable to connect to ssh server using kex algorithm diffie-hellman-group1-sha1 Aug 16, 2023
@Clem-Fern
Copy link
Contributor Author

I apologize, I was clearly inexact about the faulty commit...
This problem is caused by updating electron version in 2f1c388. It has in fact nothing to do with ssh2.

With the PR #8707, electron version was updated from the major release 22.x.x to 25.x.x. The node version used by electron was bumped from node v16 to v18 between these two electron releases (cf. electron-timelines)

In node v18, a part of the crypto DH module was rewrite to now use MODP groups from OpenSSL helper functions instead of getting them from a header file in the crypto module itself (cf. nodejs/node#43896).
As electron uses BoringSSL and BoringSSL does not give helper functions for modp1/modp2, electron provides a patch which, among other things, removes the reference to theses groups from the crypto module. (cf. corresponding patch file, electron chore: upgrade to Node.js v18 electron/electron#35999)

@@ -219,8 +214,10 @@ typedef BignumPointer (*StandardizedGroupInstantiator)();
 inline StandardizedGroupInstantiator FindDiffieHellmanGroup(const char* name) {
 #define V(n, p)                                                                \
   if (StringEqualNoCase(name, n)) return InstantiateStandardizedGroup<p>
+#ifndef OPENSSL_IS_BORINGSSL
   V("modp1", BN_get_rfc2409_prime_768);
   V("modp2", BN_get_rfc2409_prime_1024); // -> modp2 used by diffie-hellman-group1-sha1
+#endif
   V("modp5", BN_get_rfc3526_prime_1536);
   V("modp14", BN_get_rfc3526_prime_2048);
   V("modp15", BN_get_rfc3526_prime_3072);

What I describe above is the only thing I found which could explain the encountered problem with diffie-hellman-group1-sha1 on tabby. I tried to add as much information as possible but this is a bit out of my league, hope I'm not wrong ^^'

@Eugeny
Copy link
Owner

Eugeny commented Aug 20, 2023

Dang, this looks really bad for switch admins. I don't see any way to work around this without switching the ssh implementation :(

@Clem-Fern
Copy link
Contributor Author

Could it be possible to build Tabby against a custom electron repo?
Theoretically, we could add the BN_get_rfc2409_prime_1024 constant directly in the electron patch. Based on the commit history, this part concerned in this patch does not seem to change a lot except on node major release change.

It's really not the greatest solution, but it could be a mid-term work around to give a bit more of time to think about a definitive solution.

@Eugeny
Copy link
Owner

Eugeny commented Aug 21, 2023

Getting an own electron fork going and working with electron-builder would be hell, but I've at least filed a ticket with a possible solution: electron/electron#39603

@Clem-Fern
Copy link
Contributor Author

Oh great ! Thank's :D
I hope that electron team will be receptive about this

@Clem-Fern
Copy link
Contributor Author

Arf.... I just saw electron answer :/

@Eugeny Eugeny closed this as completed in f963167 Aug 25, 2023
@Clem-Fern
Copy link
Contributor Author

Thank you so much, this issue was really a hard blow and an absolute nightmare for me <3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants