KeyExchangeError exception

[belkir]

Bug reports

Steps to reproduce:

1. Example code that produces error:
   Python 3.8.3 (default, Jun 18 2020, 20:51:40)
   [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linux
   Type "help", "copyright", "credits" or "license" for more information.

import socket
from ssh2.session import Session

host = '10.10.11.121'
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((host, 22))
session = Session()
session.handshake(sock)
Traceback (most recent call last):
File "", line 1, in
File "ssh2/session.pyx", line 105, in ssh2.session.Session.handshake
File "ssh2/utils.pyx", line 138, in ssh2.utils.handle_error_codes
ssh2.exceptions.KeyExchangeError

3. ssh -vvv 10.10.11.121

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "10.10.11.121" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.10.11.121 [10.10.11.121] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x60000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.10.11.121:22 as 'root'
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:6
debug3: load_hostkeys: loaded 1 keys from 10.10.11.121
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: [email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: MACs stoc: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group-exchange-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha1 compression: none
debug1: kex: diffie-hellman-group-exchange-sha1 need=20 dh_need=20
debug1: kex: diffie-hellman-group-exchange-sha1 need=20 dh_need=20
debug3: send packet: type 34
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent
debug3: receive packet: type 31
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 2011/4096
debug3: send packet: type 32
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug3: receive packet: type 33
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:CQS0yuck6Ka996k/NVyfvKrHDLi7mMtrRAOmcNdt4cA
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:6
debug3: load_hostkeys: loaded 1 keys from 10.10.11.121
debug1: Host '10.10.11.121' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:6
debug2: bits set: 2048/4096
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /root/.ssh/id_rsa (0x56062f6e25a0)
debug2: key: /root/.ssh/id_dsa ((nil))
debug2: key: /root/.ssh/id_ecdsa ((nil))
debug2: key: /root/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,keyboard-interactive,password
debug3: start over, passed a different list publickey,keyboard-interactive,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,keyboard-interactive,password
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1

Additional info: [libssh2 version 0.23.0, RHEL7]

Hi!
Getting a KeyExchangeError while connecting to old Cisco router.
Any ideas how to fix that?

[pkittenis]

Would need a libssh2 trace to say what the issue is. Would think the server is using a configuration libssh2 does not support.

[belkir]

Would need a libssh2 trace to say what the issue is. Would think the server is using a configuration libssh2 does not support.

Ok, how I can trace libssh2 connection?

[belkir]

Additional info:
debug from Cisco Router:

Nov 17 06:38:21.592: SSH3: starting SSH control process
Nov 17 06:38:21.592: SSH3: sent protocol version id SSH-2.0-Cisco-1.25
Nov 17 06:38:21.636: SSH3: protocol version id is - SSH-2.0-libssh2_1.9.0_DEV
Nov 17 06:38:21.640: SSH2 3: SSH2_MSG_KEXINIT sent
Nov 17 06:38:21.640: SSH2 3: SSH2_MSG_KEXINIT received
Nov 17 06:38:21.640: SSH2:kex: client->server enc:aes256-cbc mac:hmac-sha1
Nov 17 06:38:21.640: SSH2:kex: server->client enc:aes256-cbc mac:hmac-sha1
Nov 17 06:38:21.680: SSH2 3: SSH2_MSG_KEX_DH_GEX_REQUEST received
Nov 17 06:38:21.680: SSH2 3: Range sent by client is - 1024 < 1536 < 2048
Nov 17 06:38:21.680: SSH2 3:  Invalid modulus length
Nov 17 06:38:21.780: SSH3: Session disconnected - error 0x00

[pkittenis]

Tracing functionality is not merged into master yet, will show code to enable libssh2 tracing then. It will also need to be compiled into libssh2.

[pkittenis]

Looking at debug above, looks like method_pref would need to be used to select a different key exchange method. Method pref functions are now implemented - #128

The Openssh client is also using different client key type, might not be related.

[jasonlazo]

If this is an old cisco router is too possible that KexAlghoritms were different to the system default.

take into consideration the next trace:

Nov 17 06:38:21.680: SSH2 3: SSH2_MSG_KEX_DH_GEX_REQUEST received
Nov 17 06:38:21.680: SSH2 3: Range sent by client is - 1024 < 1536 < 2048
Nov 17 06:38:21.680: SSH2 3: Invalid modulus length

[tuxmaster5000]

I have the same error, connecting to an CentOS8 stream system. Normal ssh connection will work.
SSH config of my target:

PORT STATE SERVICE
22/tcp open ssh
| ssh2-enum-algos:
| kex_algorithms: (1)
| [email protected]
| server_host_key_algorithms: (4)
| ssh-rsa
| rsa-sha2-512
| rsa-sha2-256
| ssh-ed25519
| encryption_algorithms: (2)
| [email protected]
| [email protected]
| mac_algorithms: (2)
| [email protected]
| [email protected]
| compression_algorithms: (2)
| none
|_ [email protected]

libssh2: libssh2-1.9.0-7.fc34.x86_64

server log:
no matching cipher found. Their offer: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,[email protected].
se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc,none [preauth]

It looks like libssh2 don't support modern ciphers.

[pkittenis]

Thanks for the feedback.

There is a new version of libssh2 available, will re-test once ssh2-python has been updated.

The above does not appear to be the same issue though.

[tuxmaster5000]

In the meantime, I have switched to ssh-python, which will use libssh instant of libssh2. Here the new ciphers will work.

[pkittenis]

Use the high level clients in parallel-ssh instead of either ssh-python or ssh2-python directly. Unless you are feeling particularly masochistic.

[wfleurant]

if an openssh system, sshd_config can support libssh2 with PubkeyAcceptedKeyTypes and/or HostKeyAlgorithms options filled in. check the manual page first man sshd_config and see re: ssh -Q cipher