Giter VIP home page Giter VIP logo

sshpoc's Introduction

sshpoc

This demonstrates issues connecting to Go x/crypto/ssh servers using OpenSSH client.

On certain versions, the SSH client, when using an RSA identity, in the absence of server extension indicating otherwise will select handshake algorithms that the Go x/crypto/ssh server does not support.

The tracking issue for Go is golang/go#49952.

Known affected versions

  • Debian Sid OpenSSH_9.0p1 Debian-1+b2, OpenSSL 3.0.5 5 Jul 2022
  • Ubuntu Jammy OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
  • Fedora 36 OpenSSH_8.8p1, OpenSSL 3.0.5 5 Jul 2022
  • macOS Ventura

Known unaffected versions

  • macOS Monterey OpenSSH_8.6p1, LibreSSL 3.3.6

Running

You need Go 1.17 or newer to build this package.

To test your version of ssh, run: go run .

sshpoc's People

Contributors

asymmetricia avatar pdbogen avatar vielmetti avatar

Stargazers

avatar

Watchers

avatar

Forkers

vielmetti

sshpoc's Issues

minimum go version needed

Ran this on my Raspberry Pi running this:

> cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

and got these results

> go run .
go: downloading golang.org/x/crypto v0.1.0
# golang.org/x/crypto/ssh
/home/emv/go/pkg/mod/golang.org/x/[email protected]/ssh/cipher.go:499:13: undefined: io.Discard
/home/emv/go/pkg/mod/golang.org/x/[email protected]/ssh/session.go:508:14: undefined: io.Discard
/home/emv/go/pkg/mod/golang.org/x/[email protected]/ssh/session.go:521:14: undefined: io.Discard
note: module requires Go 1.17

I'll install a suitably current Go next.

successful run report, Raspberry Pi (linux/arm64) running Debian 10

Run results:

> ~/go/bin/go1.19.3 run .   
2022/11/02 13:14:47 OpenSSH_7.9p1 Debian-10+deb10u2+rpt1, OpenSSL 1.1.1n  15 Mar 2022
2022/11/02 13:14:47 ✅ connection succeeded with key id_rsa_client
2022/11/02 13:14:47 ✅ connection succeeded with key id_ed25519_client

As noted in #2 I had to pick up a newer version of Go to make it build.

unclear results on macOS 12.6 Monterey / Apple M1

I got these results testing on my Mac, and I'm not sure how to interpret the results.

./test.sh
go: downloading golang.org/x/crypto v0.1.0
go: downloading golang.org/x/sys v0.1.0
2022/10/31 17:12:57 failed to handshake: read tcp [::1]:2022->[::1]:55724: read: connection reset by peer
exit status 1

report: Fedora 36 linux/arm64 "connection failed with key id_rsa_client"

Fedora 36 runs the test with this output:

[emv@lima-fedora sshpoc]$ go run .
go: downloading golang.org/x/crypto v0.1.0
2022/11/03 01:50:36 OpenSSH_8.8p1, OpenSSL 3.0.5 5 Jul 2022
2022/11/03 01:50:36 ⛔ connection failed with key id_rsa_client
2022/11/03 01:50:36 ⛔ debug1: send_pubkey_test: no mutual signature algorithm
2022/11/03 01:50:36 ✅ connection succeeded with key id_ed25519_client

System identification:

[emv@lima-fedora sshpoc]$ cat /etc/os-release
NAME="Fedora Linux"
VERSION="36 (Cloud Edition)"
ID=fedora
VERSION_ID=36
VERSION_CODENAME=""
PLATFORM_ID="platform:f36"
PRETTY_NAME="Fedora Linux 36 (Cloud Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:36"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f36/system-administrators-guide/"
SUPPORT_URL="https://ask.fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=36
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=36
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Cloud Edition"
VARIANT_ID=cloud

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.