Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KEX diffie-hellman-group-exchange-sha1 isn't offered for Cisco #1235

Open
Kurtas opened this issue Nov 14, 2022 · 4 comments
Open

KEX diffie-hellman-group-exchange-sha1 isn't offered for Cisco #1235

Kurtas opened this issue Nov 14, 2022 · 4 comments

Comments

@Kurtas
Copy link

Kurtas commented Nov 14, 2022

Hello,

I have configured almost all KEX's algorithms, see the list

    kex: [
      'ecdh-sha2-nistp256',
      'ecdh-sha2-nistp384',
      'ecdh-sha2-nistp521',
      'diffie-hellman-group-exchange-sha1',
      'diffie-hellman-group-exchange-sha256',
      'diffie-hellman-group1-sha1',
      'diffie-hellman-group14-sha1',
      'diffie-hellman-group14-sha256',
      'diffie-hellman-group15-sha512',
      'diffie-hellman-group16-sha512',
      'diffie-hellman-group17-sha512',
      'diffie-hellman-group18-sha512',
    ],

But when I'm trying to connect to Cisco then the diffie-hellman-group-exchange-sha1 is never offered and I'm not able to connect there, see

2022-11-02T16:41:15.194Z - debug: Custom crypto binding not available
2022-11-02T16:41:15.195Z - debug: Local ident: 'SSH-2.0-ssh2js1.10.0'
2022-11-02T16:41:15.195Z - debug: Client: Trying 149.196.174.121 on port 22 ...
2022-11-02T16:41:15.318Z - debug: Socket connected
2022-11-02T16:41:15.445Z - debug: Remote ident: 'SSH-2.0-Cisco-1.25'
2022-11-02T16:41:15.445Z - debug: Outbound: Sending KEXINIT
2022-11-02T16:41:15.446Z - debug: Inbound: Handshake in progress
2022-11-02T16:41:15.446Z - debug: Handshake: (local) KEX method: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
2022-11-02T16:41:15.446Z - debug: Handshake: (remote) KEX method: diffie-hellman-group-exchange-sha1
2022-11-02T16:41:15.447Z - debug: Handshake: No matching key exchange algorithm
2022-11-02T16:41:15.447Z - debug: Outbound: Sending DISCONNECT (3)
2022-11-02T16:41:15.448Z - debug: Outbound: Sending DISCONNECT (11)
2022-11-02T16:41:15.469Z - info: Awaiting connectionEndedPromise...
2022-11-02T16:41:15.672Z - debug: Socket ended
2022-11-02T16:41:15.672Z - debug: Socket closed
2022-11-02T16:41:15.673Z - info: SocketClosedPromise finished.

But it is offered for SSH-2.0-ROSSSH - Mikrotik device

2022-11-11T08:35:24.580Z - debug: Remote ident: 'SSH-2.0-ROSSSH'
2022-11-11T08:35:24.580Z - debug: Outbound: Sending KEXINIT
2022-11-11T08:35:24.582Z - debug: Inbound: Handshake in progress
2022-11-11T08:35:24.582Z - debug: Handshake: (local) KEX method: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
2022-11-11T08:35:24.582Z - debug: Handshake: (remote) KEX method: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
2022-11-11T08:35:24.582Z - debug: Handshake: KEX algorithm: diffie-hellman-group-exchange-sha1

So the question is why all configured algorithms are not always offered to all devices?
The last version ssh2 (1.11.0) is used

Thanks
@mscdex
Copy link
Owner

mscdex commented Nov 14, 2022

Some SSH implementations are known to be buggy in different ways. In the case of Cisco's implementation, it has a problem with exchanging large diffie-hellman parameters, so we currently disable the group exchange in that case.

It appears OpenSSH is simply capping the number of requested bits (to 4096) when connecting to a Cisco SSH server, so I suppose we could do the same instead of removing the algorithm outright if it proves to work reliably. Unfortunately I don't have any Cisco equipment to test against to verify that that will be the case.

@Kurtas
Copy link
Author

Kurtas commented Nov 14, 2022

I can test changes across a lot of vendors not only Cisco in our network, will that help?

@petercrocker
Copy link

I'm happy to test this as well on various Cisco implementations: IOS, IOS-XE, NX-OS. This changed has caused it to fail on our Cisco boxes, so happy to do any verification asap so we can get it included again!

@roman-kaspar
Copy link

Please see pull request #1243 which is removing the BAD_DHGEX compatibility flag.

The changes were tested on affected Cisco 1.25 box (and also on other 370 boxes with various SSH implementations in our lab).

Thanks!

@mscdex mscdex mentioned this issue Dec 7, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mscdex @Kurtas @roman-kaspar @petercrocker