x/crypto/ssh: [email protected] is now curve25519-sha256

[pasupuletisrinath]

What version of Go are you using (go version)?

$ go version
go version go1.14 windows/amd64

Does this issue reproduce with the latest release?

I didnt try with the latest version. As this is in production cannot suggest our team to update go version

What operating system and processor architecture are you using (go env)?

go env Output

$ go env
set GO111MODULE=

set GOARCH=amd64

set GOBIN=

set GOCACHE=D:\Users\srinathp\AppData\Local\go-build

set GOENV=D:\Users\srinathp\AppData\Roaming\go\env

set GOEXE=.exe

set GOFLAGS=

set GOHOSTARCH=amd64

set GOHOSTOS=windows

set GOINSECURE=

set GONOPROXY=

set GONOSUMDB=

set GOOS=windows

set GOPATH=D:\Users\srinathp\workspace\trax\go

set GOPRIVATE=

set GOPROXY=https://proxy.golang.org,direct

set GOROOT=c:\go

set GOSUMDB=sum.golang.org

set GOTMPDIR=

set GOTOOLDIR=c:\go\pkg\tool\windows_amd64

set GCCGO=gccgo

set AR=ar

set CC=gcc

set CXX=g++

set CGO_ENABLED=1

set GOMOD=

set CGO_CFLAGS=-g -O2

set CGO_CPPFLAGS=

set CGO_CXXFLAGS=-g -O2

set CGO_FFLAGS=-g -O2

set CGO_LDFLAGS=-g -O2

set PKG_CONFIG=pkg-config

set GOGCCFLAGS=-m64 -mthreads -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=D:\Users\srinathp\AppData\Local\Temp\go-build360633286=/tmp/go-build -gno-record-gcc-switches

What did you do?

var sshConfig ssh.Config
sshConfig.SetDefaults()
sshConfig.Ciphers = append(sshConfig.Ciphers, "aes256-cbc")
// Define the Client Config as:
config := &ssh.ClientConfig{
	Config: sshConfig,
	User:   remoteUser,
	Auth: []ssh.AuthMethod{
		ssh.PublicKeys(key),
	},
	HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}

client, err := ssh.Dial("tcp", fmt.Sprintf("%s:%s", remoteHost, remoteSSHPort), config)
if err != nil {
	errMsg := fmt.Sprintf("Error connecting to client: %s", err.Error())
	return nil, errors.New(errMsg)
}

What did you expect to see?

I expect to upload file to ssh server.

What did you see instead?

ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [[email protected] ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1], server offered: [diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256 [email protected] curve25519-sha256]

[ALTree]

I didnt try with the latest version. As this is in production cannot suggest our team to update go version

Go 1.14 is no longer supported, so even if this was an actual bug, you wouldn't benefit from an hypothetical fix, as the patch would be merged into 1.16 and 1.17 at best (the latest two Go versions are supported).

[pasupuletisrinath]

are there any stronger cipher that are supported in that package?

[mknyszek]

CC @FiloSottile @katiehockman @rolandshoemaker via https://dev.golang.org/owners

[gopherbot]

Timed out in state WaitingForInfo. Closing.

(I am just a bot, though. Please speak up if this is a mistake or you have the requested information.)

[FiloSottile]

Hmm, looks like curve25519-sha256 graduated from [email protected] and we did not keep up.

[fev0ks]

Is there any WA to use kexAlgoCurve25519SHA256 as "curve25519-sha256" ?
I think fix is not too difficult if algorithms are the same for "curve25519-sha256" and "[email protected]"

update
385394: crypto/ssh: Add additional kex algorithm support | https://go-review.googlesource.com/c/crypto/+/385394

[gopherbot]

Change https://go.dev/cl/385394 mentions this issue: crypto/ssh: support new curve25519-sha256 kex name