Package: libssh-4 Version: 0.9.4-1 Severity: normal
Dear Maintainer, it seems that libssh is unable to correctly parse /etc/ssh/ssh_config when using the officially supported negative syntax (prepending a dash to the algorithm list) at least for KexAlgorithms. The first algo, the one prefixed with the dash, gets totally ignored, and the following algos are interpreted as the assertive syntax was used: the outcome is that only excluded algos are tried. I ran into this issue by trying to connect to a remote host using KDE Plasma's SFTP kioslave (/usr/lib/x86_64-linux-gnu/qt5/plugins/kf5/kio/sftp.so), which depends on libssh.so.4: "kex error : no match for method kex algos: server [curve25519-sha256,curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256], client [ecdh-sha2-nistp384,ecdh-sha2-nistp521]" The 'client' kexes appearing in the error message were explicitly excluded along with ecdh-sha2-nistp256 (first in the list, with dash prepended) in /etc/ssh/ssh_config. Changing the config file to assertive syntax solved the issue. Thanks -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing'), (500, 'proposed-updates'), (500, 'oldstable-proposed-updates'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.6.18-xanmod1 (SMP w/4 CPU cores; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=it (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libssh-4 depends on: ii libc6 2.30-8 ii libgssapi-krb5-2 1.17-7 ii libssl1.1 1.1.1g-1 ii zlib1g 1:1.2.11.dfsg-2 libssh-4 recommends no packages. libssh-4 suggests no packages. -- no debconf information