Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When using kex: 'diffie-hellman-group-exchange-sha256','diffie-hellman-group-exchange-sha1', do not show up in actual server kex list #608

Closed
developer94404 opened this issue Sep 1, 2017 · 9 comments
Closed

When using kex: 'diffie-hellman-group-exchange-sha256','diffie-hellman-group-exchange-sha1', do not show up in actual server kex list #608

developer94404 opened this issue Sep 1, 2017 · 9 comments

Comments

@developer94404
Copy link

Hi,

For what it's worth, I'm running your library in docker and built off of docker's node 7.6 image.

The issue / question is:
When I put the two kex: 'diffie-hellman-group-exchange-sha256','diffie-hellman-group-exchange-sha1' in the custom kex list, and enable the server's debug: console.log mode, I do not see those two listed in the server's kex list.

Ones that do appear when I put them in the custom kex list:
''diffie-hellman-group1-sha1"
'ecdh-sha2-nistp256','ecdh-sha2-nistp384','ecdh-sha2-nistp521','diffie-hellman-group14-sha1' (the default ones)

Have I made a user error with the 'diffie-hellman-group-exchange-sha256','diffie-hellman-group-exchange-sha1' kex's ? Or is there an issue causing them to not be used / show up in the server's kex list ?

Thanks!
@mscdex
Copy link
Owner

mscdex commented Sep 1, 2017
edited
Loading

Group exchange is not supported yet for ssh.Server instances because it more or less requires some more infrastructure for the best security.

For example, OpenSSH keeps some pre-computed primes around in a flat file (/etc/ssh/moduli) that it uses when performing group-exchange-based key exchanges (to avoid heavy computation per connection). These primes are typically refreshed at some interval in the background. However, if this file isn't accessible or does not contain any primes, then OpenSSH will use some fixed, static primes compiled into the OpenSSH binary.

ssh2-streams could go the route of adding at least the fixed primes, but I'm not sure how beneficial/secure that really is since I would guess for most OpenSSH installations, /etc/ssh/moduli is usable and thus OpenSSH would typically not ever use the fixed primes.

@developer94404
Copy link
Author

Ah, that makes alot of sense now. Thanks for kindly explaining the issue. I believe this can be closed, then.

@xMarkusSpringerx
Copy link

@mscdex is 'diffie-hellman-group-exchange-sha256' already supported? Do you have any info about this?

@mscdex
Copy link
Owner

mscdex commented Jul 10, 2019

@xMarkusSpringerx The lists of supported algorithms are listed in the readme.

@xMarkusSpringerx
Copy link 

new ssh2.Server({
    hostKeys: [fs.readFileSync(hostKey)],
    algorithms: {
        kex: ['diffie-hellman-group-exchange-sha256', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group14-sha1'],
        cipher: ['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm', '[email protected]', 'aes256-gcm', '[email protected]', 'aes256-cbc', 'aes192-cbc', 'aes128-cbc']
    }
}, (client: Connection, info: ClientInfo) => {

@mscdex this is weird. I added those keys to my ssh server config.
But still my server doesn't provide the diffie-hellman-group-exchange-sha256 key. Do you know what could be the issue here?

PORT     STATE SERVICE VERSION
8022/tcp open  ssh     (protocol 2.0)
| fingerprint-strings:
|   NULL:
|_    SSH-2.0-ssh2js0.4.4srv
| ssh2-enum-algos:
|   kex_algorithms: (4)
|       ecdh-sha2-nistp256
|       ecdh-sha2-nistp384
|       ecdh-sha2-nistp521
|       diffie-hellman-group14-sha1
|   server_host_key_algorithms: (1)
|       ssh-rsa
|   encryption_algorithms: (10)
|       aes128-ctr
|       aes192-ctr
|       aes256-ctr
|       aes128-gcm
|       [email protected]
|       aes256-gcm
|       [email protected]
|       aes256-cbc
|       aes192-cbc
|       aes128-cbc
|   mac_algorithms: (3)
|       hmac-sha2-256
|       hmac-sha2-512
|       hmac-sha1
|   compression_algorithms: (3)
|       none
|       [email protected]
|_      zlib

@mscdex
Copy link
Owner

mscdex commented Jul 11, 2019

Ah, it's not supported for servers because additional infrastructure (typically outside of node) would be required.

@xMarkusSpringerx
Copy link

xMarkusSpringerx commented Jul 11, 2019
edited
Loading

Ah okay thx @mscdex, but in theory it's doable? If yes do you have any documentation for it? Some firewalls mark the ecdh-sha2-nistp... algos as secure but with a possible NSA backdoor. So I'm just curious if there is a solution for it.

Sent with GitHawk

@mscdex
Copy link
Owner

mscdex commented Jul 11, 2019
edited
Loading

It's not really feasible without additional infrastructure outside of node and without comprising the security of the algorithm.

At this stage it'd be better to support something like curve25519, but node core needs to support it first.

@xMarkusSpringerx
Copy link

Thx for this info. I really appreciate it :) Let's see how long it'll take for node to implement it.

Sent with GitHawk

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mscdex @xMarkusSpringerx @developer94404