Discussion:
[Cryptlib] SSH error with newer Cisco IOS versions
Mathias Spoerr
2016-05-18 06:59:44 UTC
Permalink
Hello,



it seems Cisco changed their SSH implementation recently and now I get
Cryptlib error-code "-41" (No data was read because the remote system closed
the connection (recv() == 0)) when connecting to such a device. Cisco SSH
debug output is as follows:

*May 17 13:46:16.964: SSH1: starting SSH control process

*May 17 13:46:16.964: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

*May 17 13:46:16.967: SSH1: protocol version id is - SSH-2.0-cryptlib

*May 17 13:46:16.967: SSH2 1: kexinit sent: encryption algo =
aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

*May 17 13:46:16.967: SSH2 1: kexinit sent: mac algo =
hmac-sha1,hmac-sha1-96

*May 17 13:46:16.967: SSH2 1: SSH2_MSG_KEXINIT sent

*May 17 13:46:16.972: SSH2 1: SSH2_MSG_KEXINIT received

*May 17 13:46:16.973: SSH2 1: kex: client->server enc:aes128-cbc
mac:hmac-sha1

*May 17 13:46:16.973: SSH2 1: kex: server->client enc:aes128-cbc
mac:hmac-sha1

*May 17 13:46:16.973: %SSH-3-NO_MATCH: No matching kex algorithm found:
client diffie-hellman-group-exchange-sha256 server
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellma
n-group1-sha1

*May 17 13:46:17.072: SSH1: Session disconnected - error 0x00



Which setting on cryptlib side is needed to add the missing DH groups?



Thanks,

Mathias
Peter Gutmann
2016-05-20 04:04:13 UTC
Permalink
Mathias Spoerr <***@spoerr.org> writes:

>Which setting on cryptlib side is needed to add the missing DH groups?

Which side is sending what? It looks from this:

>*May 17 13:46:16.973: %SSH-3-NO_MATCH: No matching kex algorithm found:
>client diffie-hellman-group-exchange-sha256 server diffie-hellman-group-
>exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

like one side only does SHA-1 and the other only does SHA-2. I'm guessing
this:

>*May 17 13:46:16.967: SSH2 1: kexinit sent: mac algo = hmac-sha1,hmac-sha1-96

is the Cisco side since cryptlib doesn't truncate the MAC, but then the
previous line doesn't make sense since cryptlib does both SHA-1 and SHA-2.

Peter.
_______________________________________________
Cryptlib mailing list
***@mbsks.franken.deAdministration via Mail: cryptlib-***@mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to preven
Mathias Spoerr
2016-05-20 11:52:26 UTC
Permalink
Hi Peter,

thank you very much for your answer.
The Cisco box is acting as server and the sent messages are from it. I see
the issue with all cryptlib 3.4 versions...

Thanks,
Mathias

-----Original Message-----
From: Peter Gutmann [mailto:***@cs.auckland.ac.nz]
Sent: Freitag, 20. Mai 2016 06:04
To: Mathias Spoerr <***@spoerr.org>; ***@mbsks.franken.de
Subject: RE: [Cryptlib] SSH error with newer Cisco IOS versions

Mathias Spoerr <***@spoerr.org> writes:

>Which setting on cryptlib side is needed to add the missing DH groups?

Which side is sending what? It looks from this:

>*May 17 13:46:16.973: %SSH-3-NO_MATCH: No matching kex algorithm found:
>client diffie-hellman-group-exchange-sha256 server
>diffie-hellman-group-
>exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

like one side only does SHA-1 and the other only does SHA-2. I'm guessing
this:

>*May 17 13:46:16.967: SSH2 1: kexinit sent: mac algo =
>hmac-sha1,hmac-sha1-96

is the Cisco side since cryptlib doesn't truncate the MAC, but then the
previous line doesn't make sense since cryptlib does both SHA-1 and SHA-2.

Peter.=


_______________________________________________
Cryptlib mailing list
***@mbsks.franken.deAdministration via Mail: cryptlib-***@mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
Peter Gutmann
2016-05-20 23:36:19 UTC
Permalink
Mathias Spoerr <***@spoerr.org> writes:

>The Cisco box is acting as server and the sent messages are from it. I see
>the issue with all cryptlib 3.4 versions...

>*May 17 13:46:16.973: %SSH-3-NO_MATCH: No matching kex algorithm found:
>client diffie-hellman-group-exchange-sha256 server diffie-hellman-group-
>exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

Hmm, so if the Cisco is the server then in this message saying that cryptlib
sent:

diffie-hellman-group-exchange-sha256

and the server only supports:

server diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

That doesn't make sense, cryptlib sends all of those, not just the SHA-2 one
(it prefers SHA-2, but also allows SHA-1 for backwards compatibility). Do you
have a sample Cisco box I can try and handshake with? I don't need an account
or password or anything (disable it, or set it to random noise), just
something I can send a keyex message to to see what it does.

Peter.
_______________________________________________
Cryptlib mailing list
***@mbsks.franken.deAdministration via Mail: cryptlib-***@mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order
Peter Gutmann
2016-05-20 23:48:17 UTC
Permalink
Mathias Spoerr <***@spoerr.org> writes:

>The Cisco box is acting as server and the sent messages are from it. I see
>the issue with all cryptlib 3.4 versions...

I just did a quick bit of googling, looks like there's a whole bunch of Cisco
bugs in this area:

https://supportforums.cisco.com/discussion/12396641/cisco-prime-220-telnetssh-unreachable
https://supportforums.cisco.com/discussion/12051361/cisco-ios-does-not-support-openssh-64
https://bugzilla.redhat.com/show_bug.cgi?id=1026430
http://stackoverflow.com/questions/25341773/cisco-ssh-key-exchange-fails-from-ubuntu-14-04-client-dh-key-range-mismatch
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1318192
http://lists.mindrot.org/pipermail/openssh-bugs/2015-May/014793.html
https://forums.vandyke.com/archive/index.php/t-933.html
https://forums.vandyke.com/showthread.php?t=5508

There seem to be multiple bugs around this, and many SSH vendors are affected.
So it'd be a case of getting access to a Cisco device that does this to see
which random tweak is needed to make it work.

Peter.

_______________________________________________
Cryptlib mailing list
***@mbsks.franken.deAdministration via Mail: cryptlib-***@mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to
Jeffrey Walton
2016-05-21 00:36:49 UTC
Permalink
> I just did a quick bit of googling, looks like there's a whole bunch of Cisco
> bugs in this area:
>
> https://supportforums.cisco.com/discussion/12396641/cisco-prime-220-telnetssh-unreachable
> https://supportforums.cisco.com/discussion/12051361/cisco-ios-does-not-support-openssh-64
> https://bugzilla.redhat.com/show_bug.cgi?id=1026430
> http://stackoverflow.com/questions/25341773/cisco-ssh-key-exchange-fails-from-ubuntu-14-04-client-dh-key-range-mismatch
> https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1318192
> http://lists.mindrot.org/pipermail/openssh-bugs/2015-May/014793.html
> https://forums.vandyke.com/archive/index.php/t-933.html
> https://forums.vandyke.com/showthread.php?t=5508
>
> There seem to be multiple bugs around this, and many SSH vendors are affected.
> So it'd be a case of getting access to a Cisco device that does this to see
> which random tweak is needed to make it work.

Lol... That seems to be about as well reviewed and tested as some of
the software being pushed out at Cupertino.

Does Cisco still force folks to buy maintenance contracts to get bug
fixes for their defective product?

Jeff

_______________________________________________
Cryptlib mailing list
***@mbsks.franken.deAdministration via Mail: cryptlib-***@mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
s
Loading...