Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Net::SSH::Exception: could not settle on encryption_client algorithm in latest release (v3) #111

Open
baburdick opened this issue May 15, 2020 · 4 comments
Open

Net::SSH::Exception: could not settle on encryption_client algorithm in latest release (v3) #111

baburdick opened this issue May 15, 2020 · 4 comments

Comments

@baburdick
Copy link

baburdick commented May 15, 2020
edited
Loading 

E, [2020-05-14T18:50:10.101974 #6474] ERROR -- : Net::SSH::Exception: could not settle on encryption_client algorithm
Server encryption_client preferences: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc
Client encryption_client preferences: aes256-ctr,aes192-ctr,aes128-ctr
/usr/local/rvm/gems/ruby-2.4.6@my_service/gems/net-ssh-6.0.2/lib/net/ssh/transport/algorithms.rb:394:in `negotiate'
/usr/local/rvm/gems/ruby-2.4.6@my_service/gems/net-ssh-6.0.2/lib/net/ssh/transport/algorithms.rb:369:in `negotiate_algorithms'
/usr/local/rvm/gems/ruby-2.4.6@my_service/gems/net-ssh-6.0.2/lib/net/ssh/transport/algorithms.rb:245:in `proceed!'
/usr/local/rvm/gems/ruby-2.4.6@my_service/gems/net-ssh-6.0.2/lib/net/ssh/transport/algorithms.rb:185:in `accept_kexinit'
/usr/local/rvm/gems/ruby-2.4.6@my_service/gems/net-ssh-6.0.2/lib/net/ssh/transport/session.rb:210:in `block in poll_message'
/usr/local/rvm/gems/ruby-2.4.6@my_service/gems/net-ssh-6.0.2/lib/net/ssh/transport/session.rb:190:in `loop'
/usr/local/rvm/gems/ruby-2.4.6@my_service/gems/net-ssh-6.0.2/lib/net/ssh/transport/session.rb:190:in `poll_message'
/usr/local/rvm/gems/ruby-2.4.6@my_service/gems/net-ssh-6.0.2/lib/net/ssh/transport/session.rb:225:in `block in wait'
/usr/local/rvm/gems/ruby-2.4.6@my_service/gems/net-ssh-6.0.2/lib/net/ssh/transport/session.rb:223:in `loop'
/usr/local/rvm/gems/ruby-2.4.6@my_service/gems/net-ssh-6.0.2/lib/net/ssh/transport/session.rb:223:in `wait'
/usr/local/rvm/gems/ruby-2.4.6@my_service/gems/net-ssh-6.0.2/lib/net/ssh/transport/session.rb:90:in `initialize'
/usr/local/rvm/gems/ruby-2.4.6@my_service/gems/net-ssh-6.0.2/lib/net/ssh.rb:251:in `new'
/usr/local/rvm/gems/ruby-2.4.6@my_service/gems/net-ssh-6.0.2/lib/net/ssh.rb:251:in `start'
/usr/local/rvm/gems/ruby-2.4.6@my_service/gems/net-sftp-3.0.0/lib/net/sftp.rb:36:in `start'

Rolling back to v2.1.2 restores functionality.
@baburdick
Copy link
Author

It looks like some of these should be acceptable until net-ssh v7. But the client is defaulting to the three remaining secure ciphers.

How do I tell the client in v3 to include aes256-cbc,aes128-cbc in its preferences?

@fakefarm
Copy link

I'm here for the same reason.

   Net::SSH::Exception:
       could not settle on encryption_client algorithm
       Server encryption_client preferences: 3des-cbc,aes256-cbc,aes128-cbc
       Client encryption_client preferences: aes256-ctr,aes192-ctr,aes128-ctr

@fakefarm
Copy link

Solved over here: net-ssh/net-ssh#780

@baburdick
Copy link
Author

That's "a" solution. But it seems fairly coarse. No way to more tightly control which algorithms you're willing to use? A badly configured server could default to a truly poor algorithm. Unless I'm misconceiving of this, some are much more easily exploitable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@baburdick @fakefarm