Giter VIP home page Giter VIP logo

Comments (11)

jeroen avatar jeroen commented on July 17, 2024

What does that option do? Are you enabling insecure ciphers? I think you need to fix this on the server side...

from ssh.

MarkEdmondson1234 avatar MarkEdmondson1234 commented on July 17, 2024

Ironically this is the first time I've seen this and its for a bank :) Ok I can ask them to update but is there any way for the R library ssh to add parameters to the SSH command to cover occasions where the server can't be fixed?

from ssh.

jeroen avatar jeroen commented on July 17, 2024

@cryptomilk is there a way to enable legacy algorithms in libssh ?

from ssh.

cryptomilk avatar cryptomilk commented on July 17, 2024

DSS is still supported. Which version of libssh is that and more logging is needed ...

from ssh.

jeroen avatar jeroen commented on July 17, 2024

This is likely 0.8.3 on MacOS. @MarkEdmondson1234 please include your ssh::libssh_version() and sessionInfo() and also try increasing your verbose parameter to get more info.

from ssh.

MarkEdmondson1234 avatar MarkEdmondson1234 commented on July 17, 2024

Will do, its a work laptop so will send it next week.

from ssh.

MarkEdmondson1234 avatar MarkEdmondson1234 commented on July 17, 2024

There is another issue with active connections that I will wait to be resolved before creating the new logs, but the versioning info is below:

ssh::libssh_version()
[1] "0.8.3"
> library(ssh)
Warning message:
package ‘ssh’ was built under R version 3.4.4 
> sessionInfo()
R version 3.4.1 (2017-06-30)
Platform: x86_64-apple-darwin15.6.0 (64-bit)
Running under: macOS  10.14

Matrix products: default
BLAS: /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
LAPACK: /Library/Frameworks/R.framework/Versions/3.4/Resources/lib/libRlapack.dylib

locale:
[1] en_US.UTF-8/en_US.UTF-8/en_US.UTF-8/C/en_US.UTF-8/en_US.UTF-8

attached base packages:
[1] stats     graphics  grDevices utils     datasets  methods   base     

other attached packages:
[1] ssh_0.3

loaded via a namespace (and not attached):
[1] compiler_3.4.1 tools_3.4.1    yaml_2.2.0

from ssh.

MarkEdmondson1234 avatar MarkEdmondson1234 commented on July 17, 2024

Hello, I'm back now with more complete logs. I can get a little further connecting via bash SSH although still not a full connection.

session <- ssh_connect("[email protected]",
+                        keyfile = "id_rsa_me", verbose = 4)
ssh_connect: libssh 0.8.3 (c) 2003-2018 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_pthread
getai: host 123.456.789.101 matches an IP address
ssh_socket_connect: Nonblocking connection socket: 29
ssh_connect: Socket connecting, now waiting for the callbacks to work
ssh_connect: Actual timeout : 10000
ssh_socket_pollcallback: Poll callback on socket 29 (POLLOUT ), out buffer 0
ssh_socket_pollcallback: Received POLLOUT in connecting state
socket_callback_connected: Socket connection callback: 1 (0)
ssh_socket_unbuffered_write: Enabling POLLOUT for socket
ssh_socket_pollcallback: Poll callback on socket 29 (POLLOUT ), out buffer 0
ssh_socket_pollcallback: Poll callback on socket 29 (POLLIN ), out buffer 0
callback_receive_banner: Received banner: SSH-2.0-srtSSHServer_11.00
ssh_client_connection_callback: SSH server banner: SSH-2.0-srtSSHServer_11.00
ssh_analyze_banner: Analyzing banner: SSH-2.0-srtSSHServer_11.00
ssh_socket_pollcallback: Poll callback on socket 29 (POLLIN ), out buffer 0
ssh_packet_socket_callback: packet: read type 20 [len=628,padding=9,comp=618,payload=618]
ssh_packet_process: Dispatching handler for packet type 20
ssh_list_kex: kex algos: diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha512@ssh.com,diffie-hellman-group16-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
ssh_list_kex: server host key algo: ssh-rsa
ssh_list_kex: encryption client->server: aes256-cbc,3des-ctr,twofish256-cbc,twofish-cbc,aes128-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,cast128-cbc
ssh_list_kex: encryption server->client: aes256-cbc,3des-ctr,twofish256-cbc,twofish-cbc,aes128-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,cast128-cbc
ssh_list_kex: mac algo client->server: hmac-sha2-512,hmac-sha2-384,hmac-sha2-256,hmac-sha2-224,hmac-md5
ssh_list_kex: mac algo server->client: hmac-sha2-512,hmac-sha2-384,hmac-sha2-256,hmac-sha2-224,hmac-md5
ssh_list_kex: compression algo client->server: none
ssh_list_kex: compression algo server->client: none
ssh_list_kex: languages client->server: 
ssh_list_kex: languages server->client: 
ssh_client_select_hostkeys: No supported kex method for existing key in known_hosts file
ssh_kex_select_methods: Negotiated diffie-hellman-group16-sha512,ssh-rsa,aes256-cbc,aes256-cbc,hmac-sha2-256,hmac-sha2-256,none,none,,
ssh_list_kex: kex algos: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
ssh_list_kex: server host key algo: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss
ssh_list_kex: encryption client->server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc
ssh_list_kex: encryption server->client: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc
ssh_list_kex: mac algo client->server: hmac-sha2-256,hmac-sha2-512,hmac-sha1
ssh_list_kex: mac algo server->client: hmac-sha2-256,hmac-sha2-512,hmac-sha1
ssh_list_kex: compression algo client->server: none
ssh_list_kex: compression algo server->client: none
ssh_list_kex: languages client->server: 
ssh_list_kex: languages server->client: 
ssh_socket_unbuffered_write: Enabling POLLOUT for socket
packet_send2: packet: wrote [len=660,padding=10,comp=649,payload=649]
packet_send2: packet: wrote [len=524,padding=6,comp=517,payload=517]
ssh_socket_pollcallback: Poll callback on socket 29 (POLLOUT ), out buffer 528
ssh_socket_unbuffered_write: Enabling POLLOUT for socket
ssh_socket_pollcallback: Poll callback on socket 29 (POLLOUT ), out buffer 0
ssh_socket_pollcallback: sending control flow event
ssh_packet_socket_controlflow_callback: sending channel_write_wontblock callback
ssh_socket_pollcallback: Poll callback on socket 29 (POLLIN ), out buffer 0
ssh_packet_socket_callback: packet: read type 1 [len=36,padding=4,comp=31,payload=31]
ssh_packet_process: Dispatching handler for packet type 1
ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value
ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT: 3:invalid DH value
ssh_connect: current state : 9
Error: libssh failure at 'connect': Received SSH_MSG_DISCONNECT: 3:invalid DH value

This bash command gets a little further and fails for perhaps a different issue, but I include in case it is the same problem. Changed a few credentials to protect the guilty.

> IIHs-MacBook-Air:example$ scp -oHostKeyAlgorithms=+ssh-dss -i id_rsa_iih -c aes256-cbc -v -o PasswordAuthentication=no -o KbdInteractiveAuthentication=no -o ChallengeResponseAuthentication=no [email protected]:Dynamic_tracking.csv test.csv

Executing: program /usr/bin/ssh host ftp.example.dk, user ME, command scp -v -f Dynamic_tracking.csv
OpenSSH_7.8p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/ME/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to ftp.example.dk port 22.
debug1: Connection established.
debug1: identity file id_rsa_iih type -1
debug1: identity file id_rsa_iih-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
debug1: Remote protocol version 2.0, remote software version srtSSHServer_11.00
debug1: no match: srtSSHServer_11.00
debug1: Authenticating to ftp.example.dk:22 as 'ME'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes256-cbc MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes256-cbc MAC: hmac-sha2-256 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:xxxxxx
debug1: Host 'ftp.example.dk' is known and matches the RSA host key.
debug1: Found key in /Users/ME/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: id_rsa_iih
debug1: Authentication succeeded (publickey).
Authenticated to ftp.myexample.dk ([123.456.789.101]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_CTYPE = en_US.UTF-8
debug1: Sending command: scp -v -f my_file.csv
exec request failed on channel 0

from ssh.

cryptomilk avatar cryptomilk commented on July 17, 2024

That invalid DH value error is strange. What is the error on the server, could you turn on logging there and check? Also could you update to libssh version 0.8.6?

from ssh.

MarkEdmondson1234 avatar MarkEdmondson1234 commented on July 17, 2024

I haven't access to the server but I found a solution by its administrator that said linux can't connect to Windows via scp, so switched to sftp it worked. I thought SFTP used sshunderneath it and I do have to set with the same options to get through authentication.

I guess then I was just trying to put a square peg in a round hole? Wrong tool for the job? If thats the case will close the issue, thanks for your time :)

from ssh.

jeroen avatar jeroen commented on July 17, 2024

Both scp and sftp use ssh but they are different protocols. This sounds like some problem with the windows openssh server. Closing for now unless somebody else runs into this and can provide more detailed information.

from ssh.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.