Bundled SSH unable to negotiate modern ciphers? #1723

dominic-p · 2018-06-13T19:59:30Z

I was not able to find an open or closed issue matching what I'm seeing

Setup

Which version of Git for Windows are you using? Is it 32-bit or 64-bit?

$ git --version --build-options

git version 2.17.1.windows.2
cpu: x86_64
built from commit: a60968cf435951d9411fc0f980a2e362d5cccea2
sizeof-long: 4

Which version of Windows are you running? Vista, 7, 8, 10? Is it 32-bit or 64-bit?

$ cmd.exe /c ver

Microsoft Windows [Version 10.0.17134.112]

What options did you set as part of the installation? Or did you choose the
defaults?

# One of the following:
> type "C:\Program Files\Git\etc\install-options.txt"
> type "C:\Program Files (x86)\Git\etc\install-options.txt"
> type "%USERPROFILE%\AppData\Local\Programs\Git\etc\install-options.txt"
$ cat /etc/install-options.txt

Editor Option: VIM
Path Option: Cmd
SSH Option: OpenSSH
CURL Option: OpenSSL
CRLF Option: LFOnly
Bash Terminal Option: ConHost
Performance Tweaks FSCache: Enabled
Use Credential Manager: Disabled
Enable Symlinks: Disabled

Any other interesting things about your environment that might be related
to the issue you're seeing?

I'm trying to use Git with SourceTree which does not respect the GIT_SSH environment variable. So, I'm forced to use the ssh client bundled with Git. See this post.

This issue appeared after I updated Git recently. I was able to connect to the same server without issue before. Sorry, I don't have the old version number I was using handy.

Details

Which terminal/shell are you running Git from? e.g Bash/CMD/PowerShell/other

CMD

What commands did you run to trigger this issue? If you can provide a
Minimal, Complete, and Verifiable example
this will help us understand the issue.

"C:\Program Files\Git\usr\bin\ssh.exe" example.com

What did you expect to occur after running these commands?

SSH should connect to the server and ask for my credentials.

What actually happened instead?

SSH fails to connect with a "No matching cipher found" error. The server is configured to only use a limited set of modern ciphers. I don't have trouble connecting to this same server with other OpenSSH clients on Windows (Cygwin) or Linux. But, when I try to use the client bundled with Git as shown above it fails to connect with:

Unable to negotiate with [IP] port 22: no matching cipher found. Their offer: [email protected],[email protected],[email protected]

But, when I run: "C:\Program Files\Git\usr\bin\ssh.exe" -Q cipher

I get:

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
[email protected]
aes128-ctr
aes192-ctr
aes256-ctr
[email protected]
[email protected]
[email protected]

So, the bundled SSH at least advertises support for the ciphers the server is offering leaving me totally stumped? Is anyone else seeing this behavior?

If the problem was occurring with a specific repository, can you provide the
URL to that repository to help us with testing?

This is a private repo that I can't share the URL of publicly. But, if someone wants to talk to me directly, I can share it for testing.

The text was updated successfully, but these errors were encountered:

dscho · 2018-06-16T04:30:11Z

Are you sure that the bundled ssh.exe is used at all?

dominic-p · 2018-06-17T04:10:00Z

As sure as I can be. You can see from the OP that in my testing I'm using the full path to the bundled ssh.exe.

I'm seeing the same error messages in sourcetree as I see from the cmd terminal. Also, when I tried switching out the ssh.exe binary bundled with git with one from cygwin I get a different error in sourcetree.

dscho · 2018-06-17T05:44:01Z

Okay. Have you tried with ssh -v -v -v -v -v -v <user@host> yet?

dominic-p · 2018-06-18T17:23:34Z

Good idea. Here's what I get when I try to connect with verbosity turned all the way up. I don't really understand SSH well enough to know if there's anything useful in here:

"C:\Program Files\Git\usr\bin\ssh.exe" -vvvvvv [email protected]

OpenSSH_7.7p1, OpenSSL 1.0.2o  27 Mar 2018
debug1: Reading configuration data /c/Users/user/.ssh/config
debug1: /c/Users/user/.ssh/config line 1: Applying options for example.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "example.com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to example.com [[IP]] port 22.
debug1: Connection established.
debug1: identity file /c/Users/user/.ssh/user-priv-key type 0
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/user/.ssh/user-priv-key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to example.com:22 as 'user'
debug3: put_host_port: [example.com]:22
debug3: hostkeys_foreach: reading file "/c/Users/user/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /c/Users/user/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from [example.com]:22
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],[email protected],[email protected]
debug2: ciphers stoc: [email protected],[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
debug2: MACs stoc: [email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
Unable to negotiate with [IP] port 22: no matching cipher found. Their offer: [email protected],[email protected],[email protected]

drizzd · 2018-06-19T20:04:07Z

I can reproduce this:

$ ssh-keygen -A
$ /usr/bin/sshd.exe -o [email protected],[email protected],[email protected]
$ ssh localhost
Could not create directory '/Users/drizzd/.ssh'.
Unable to negotiate with ::1 port 22: no matching cipher found. Their offer: [email protected],[email protected],[email protected]

It is also curious that while ssh -Q cipher lists the required ciphers, openssl enc --help [1] does not.

[1] https://security.stackexchange.com/a/30345

drizzd · 2018-06-19T20:45:42Z

The problem goes away for me if I comment out this line in /etc/ssh/ssh_config:

#Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc

dominic-p · 2018-06-19T21:21:24Z

@drizzd you are genius! Commenting that line solves the problem for me too.

I didn't even think that there would be a hard coded cipher list in the ssh_config file.

Git-for-Windows re-enables CBC ciphers by uncommenting the Ciphers option in ssh_config and appending ",aes256-cbc,aes192-cbc" [*1*]. This inadvertently disables GCM ciphers and Chacha20 [*2*]. Instead of relying on the contents of the default ssh_config, a better solution would be an option to retrieve a list of default ciphers from ssh. Currently, it is only possible to print a list of available ciphers using `ssh -Q cipher`, but this includes ciphers which are not offered by default. [*1*] git-for-windows/build-extra@b46fba6 [*2*] git-for-windows/git#1723

These are offered by ssh by default, but they are not included in the default list of Ciphers in ssh_config. Closes git-for-windows/git#1723.

These are offered by ssh by default, but they are not included in the default list of Ciphers in ssh_config. Instead of setting the entire list of ciphers, selectively re-enable the CBC ciphers using the "Cipher +somecipher" notation. Closes git-for-windows/git#1723.

Instead of setting the entire list of ciphers in git-extra, selectively re-enable the CBC ciphers using the "Cipher +somecipher" notation. Closes git-for-windows/git#1723.

Instead of setting the entire list of ciphers in git-extra, selectively re-enable the CBC ciphers using the "Cipher +somecipher" notation. Closes git-for-windows/git#1723. Signed-off-by: Clemens Buchacher <[email protected]>

These are offered by ssh by default, but they are not included in the default list of Ciphers in ssh_config. Instead of setting the entire list of ciphers, selectively re-enable the CBC ciphers using the "Cipher +somecipher" notation. Closes git-for-windows/git#1723. Signed-off-by: Clemens Buchacher <[email protected]>

drizzd mentioned this issue Jun 19, 2018

update default Ciphers config openssh/openssh-portable#94

Closed

drizzd pushed a commit to drizzd/build-extra that referenced this issue Jun 19, 2018

enable GCM and Chacha20 ciphers

99cd21d

These are offered by ssh by default, but they are not included in the default list of Ciphers in ssh_config. Closes git-for-windows/git#1723.

drizzd mentioned this issue Jun 19, 2018

enable GCM and Chacha20 ciphers git-for-windows/build-extra#191

Closed

drizzd mentioned this issue Jun 20, 2018

enable GCM and Chacha20 ciphers git-for-windows/build-extra#192

Merged

drizzd added a commit to drizzd/MSYS2-packages that referenced this issue Jun 21, 2018

enable CBC ciphers

58677a1

Instead of setting the entire list of ciphers in git-extra, selectively re-enable the CBC ciphers using the "Cipher +somecipher" notation. Closes git-for-windows/git#1723.

drizzd mentioned this issue Jun 21, 2018

enable CBC ciphers git-for-windows/MSYS2-packages#24

Closed

dscho closed this as completed in git-for-windows/build-extra#192 Jul 3, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bundled SSH unable to negotiate modern ciphers? #1723

Bundled SSH unable to negotiate modern ciphers? #1723

dominic-p commented Jun 13, 2018

dscho commented Jun 16, 2018

dominic-p commented Jun 17, 2018

dscho commented Jun 17, 2018

dominic-p commented Jun 18, 2018

drizzd commented Jun 19, 2018

drizzd commented Jun 19, 2018

dominic-p commented Jun 19, 2018

Bundled SSH unable to negotiate modern ciphers? #1723

Bundled SSH unable to negotiate modern ciphers? #1723

Comments

dominic-p commented Jun 13, 2018

Setup

Details

dscho commented Jun 16, 2018

dominic-p commented Jun 17, 2018

dscho commented Jun 17, 2018

dominic-p commented Jun 18, 2018

drizzd commented Jun 19, 2018

drizzd commented Jun 19, 2018

dominic-p commented Jun 19, 2018