[Wireshark-bugs] [Bug 16700] New: Wireshark connect to linux ssh server failed due to "no match for method kex algos"

Tue, 14 Jul 2020 20:30:49 -0700 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16700

            Bug ID: 16700
           Summary: Wireshark connect to linux ssh server failed due to
                    "no match for method kex algos"
           Product: Wireshark
           Version: 3.2.4
          Hardware: x86
                OS: Windows 10
            Status: UNCONFIRMED
          Severity: Major
          Priority: Low
         Component: Translations
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: joseph.wan...@gmail.com
  Target Milestone: ---

Build Information:
Version 3.2.4 (v3.2.4-0-g893b5a5e1e3e) 
Copyright 1998-2020 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<https://www.gnu.org/licenses/gpl-2.0.html> This is free software; see the
source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
Compiled (64-bit) with Qt 5.12.8, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic
updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled
resampler), with SBC, with SpanDSP, with bcg729. 
Running on 64-bit Windows 10 (1909), build 18363, with Intel(R) Core(TM)
i5-4690 CPU @ 3.50GHz (with SSE4.2), with 16323 MB of physical memory, with
locale Chinese (Simplified)_China.1252, with light display mode, without HiDPI,
with Npcap version 0.9993, based on libpcap version 1.9.1, with GnuTLS 3.6.3,
with Gcrypt 1.8.3, with brotli 1.0.2, without AirPcap, binary plugins supported
(19 loaded). Built using Microsoft Visual Studio 2019 (VC++ 14.25, build
28614). 
Wireshark is Open Source Software released under the GNU General Public
License. 
Check the man page and https://www.wireshark.org for more information. 
--
Hello, folks!
  I am using the sshdump to capture the traffic from my linux server, at first
it is good with the sshd default configuration. Today I changed the sshd config
file, to make it only support secure key exchanges:

#Key Exchange Kex
#Only secure  key exchanges are configured
KexAlgorithms
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521


  Then use the wireshark to connect the linux server failed, it said:

Error by extcap pipe: 
** (sshdump.exe:28632): WARNING **: Error creating connection.

** (sshdump.exe:28632): WARNING **: Connection error: kex error : no match for
method kex algos: server
[diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521],
client [diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]


  I saw the wireshark use libssh-0.7.3, does it only supports
diffie-hellman-group14-sha1,diffie-hellman-group1-sha1. I google it, looks like
they are not safe, so is there configuration that wireshark can support other
KexAlgorithms ?
Thank you.


  And here is the sshd log:

Jul 15 11:14:22 joseph-VirtualBox sshd[13698]: debug3: fd 5 is not O_NONBLOCK
Jul 15 11:14:22 joseph-VirtualBox sshd[13698]: debug1: Forked child 13718.
Jul 15 11:14:22 joseph-VirtualBox sshd[13698]: debug3: send_rexec_state:
entering fd = 8 config len 467
Jul 15 11:14:22 joseph-VirtualBox sshd[13698]: debug3: ssh_msg_send: type 0
Jul 15 11:14:22 joseph-VirtualBox sshd[13698]: debug3: send_rexec_state: done
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug3: oom_adjust_restore
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug1: Set
/proc/self/oom_score_adj to 0
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug1: rexec start in 5 out 5
newsock 5 pipe 7 sock 8
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug1: inetd sockets after
dupping: 3, 3
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: Connection from 192.168.56.1
port 58848 on 192.168.56.101 port 22
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug1: Client protocol version
2.0; client software version libssh-0.7.3
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug1: no match: libssh-0.7.3
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug1: Local version string
SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug2: fd 3 setting O_NONBLOCK
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug3: ssh_sandbox_init:
preparing seccomp filter sandbox
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug2: Network child is on pid
13719
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug3: preauth child monitor
started
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug3: privsep user:group
122:65534 [preauth]
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug1: permanently_set_uid:
122/65534 [preauth]
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug3: ssh_sandbox_child:
setting PR_SET_NO_NEW_PRIVS [preauth]
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug3: ssh_sandbox_child:
attaching seccomp filter program [preauth]
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug1: list_hostkey_types:
ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug3: send packet: type 20
[preauth]
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug1: SSH2_MSG_KEXINIT sent
[preauth]
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: Connection closed by
192.168.56.1 port 58848 [preauth]
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug1: do_cleanup [preauth]
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug3: PAM:
sshpam_thread_cleanup entering [preauth]
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug1: monitor_read_log: child
log fd closed
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug3: mm_request_receive
entering
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug1: do_cleanup
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug3: PAM:
sshpam_thread_cleanup entering
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug1: Killing privsep child
13719
Jul 15 11:14:22 joseph-VirtualBox sshd[13718]: debug1: audit_event: unhandled
event 12

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to