Hello
I am trying to enable all supported key exchange methods, ciphers and HMACs to
handle connecting to some truly ancient servers. The setup code is:
ssh_session session = ssh_new();
fprintf(stderr, "SETTING KEYEX %s\n", ALL_KEYEX_METHODS);
if(ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, ALL_KEYEX_METHODS) < 0) {
fprintf(stderr, "FAILED TO SET KEYEX\n");
}
fprintf(stderr, "SETTING CIPHERS %s\n", ALL_CIPHERS);
if(ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, ALL_CIPHERS) < 0) {
fprintf(stderr, "FAILED TO SET CIPHERS\n");
}
fprintf(stderr, "SETTING HMACS %s\n", ALL_HMACS);
if(ssh_options_set(session, SSH_OPTIONS_HMAC_C_S, ALL_HMACS) < 0) {
fprintf(stderr, "FAILED TO SET HMACS\n");
}
Where the ALL_* values are constants defining all the supports things (see
below)
When I run the code my connection fails. The output is:
SETTING KEYEX
curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
SETTING CIPHERS
chacha20-poly1305,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
SETTING HMACS
hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1
ERROR: failed to connect: kex error : no match for method kex algos: server
[diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1], client
[curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
(code 2)
So the ssh_options_set() calls aren't failing but the values don't seem to have
been applied as the client keyex list doesn't include the diffie-helman SHA1
methods that I set?
What am I doing wrong here?
Adam
