Comments (9)
jeroen
commented on August 17, 2024
Which server are you connecting to? Is this a really old OS?
The ssh package uses libssh which is a different from what is used by your local git/ssh commands. I think it ssh-rsa is not the same as ssh-rsa, you specifically need the sha2 version.
from ssh.
D3SL
commented on August 17, 2024
Hi Jeroen. As I said in the first line of my post:
When trying to connect to a CentOS machine from Windows I receive the following error...
CentOS7 is not the newest operating system but it hasn't reached end of life yet and is still supported. Additionally this is a new error, I've been using this package for some time without issue.
from ssh.
D3SL
commented on August 17, 2024
Centos7 is not end of life yet, it is still supported. And as I said I've been using this package for some time now without issue, I've just noticed it now after having recently updated R and all packages.
from ssh.
jeroen
commented on August 17, 2024
CentOS7 is not the newest operating system but it hasn't reached end of life yet and is still supported. Additionally this is a new error, I've been using this package for some time without issue.
Yes I suspect libssh has disabled the unsafe algorithms in a recent update. I'll try to find a workaround for you.
from ssh.
D3SL
commented on August 17, 2024
I think the issue is something else. I just checked with ssh -vv on the destination machines and these servers should absolutely support newer safer algorithms., at least if I'm reading this correctly. For some reason libssh from windows 10 to Centos7 can't seem to see these supported algorithms though:
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,[email protected]
debug2: kex_parse_kexinit: hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96
debug2: kex_parse_kexinit: hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,[email protected],[email protected],[email protected],[email protected]
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,[email protected],[email protected],[email protected],[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
and another machine:
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: [email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc
from ssh.
jeroen
commented on August 17, 2024
So at what version of updating the R package did this problem start appearing?
from ssh.
D3SL
commented on August 17, 2024
On windows I've got the R package v0.9.1 linking to libssh 0.10.5, and currently working in an ubuntu docker container I have R package version 0.8.2 linking to lissh 0.9.6.
For some reason R-ssh 0.9.1 and libssh 0.10.5 is seeing only ssh-rsa and ssh-dss on the target machine, even though it reports the following algorithms which overlap with the list given by R-ssh on my windows machine:
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
rsa-sha2-256
rsa-sha2-512
ssh-ed25519
[email protected]
For thoroughness here is a verbose output from R on the working ubuntu docker container:
ssh_connect: libssh 0.9.6 (c) 2003-2021 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_pthread
ssh_socket_connect: Nonblocking connection socket: 3
ssh_connect: Socket connecting, now waiting for the callbacks to work
socket_callback_connected: Socket connection callback: 1 (0)
ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_5.3
ssh_analyze_banner: Analyzing banner: SSH-2.0-OpenSSH_5.3
ssh_analyze_banner: We are talking to an OpenSSH client version: 5.3 (50300)
ssh_known_hosts_read_entries: Failed to open the known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory
ssh_kex_select_methods: Negotiated diffie-hellman-group-exchange-sha256,ssh-rsa,aes256-ctr,aes256-ctr,hmac-sha2-256,hmac-sha2-256,none,none,,
ssh_packet_client_dhgex_group: SSH_MSG_KEX_DH_GEX_GROUP received
ssh_packet_client_dhgex_reply: SSH_MSG_KEX_DH_GEX_REPLY received
ssh_init_rekey_state: Set rekey after 4294967296 blocks
ssh_init_rekey_state: Set rekey after 4294967296 blocks
ssh_packet_client_dhgex_reply: SSH_MSG_NEWKEYS sent
ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
ssh_packet_newkeys: Signature verified and valid
Found known server key: XXXXX
ssh_packet_userauth_failure: Access denied for 'none'. Authentication that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
ssh_packet_userauth_failure: Access denied for 'none'. Authentication that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
ssh_pki_import_pubkey_file: Error opening /root/.ssh/id_ed25519.pub: No such file or directory
ssh_pki_import_privkey_file: Error opening /root/.ssh/id_ed25519: No such file or directory
ssh_pki_import_pubkey_file: Error opening /root/.ssh/id_ecdsa.pub: No such file or directory
ssh_pki_import_privkey_file: Error opening /root/.ssh/id_ecdsa: No such file or directory
ssh_pki_import_pubkey_file: Error opening /root/.ssh/id_rsa.pub: No such file or directory
ssh_pki_import_privkey_file: Error opening /root/.ssh/id_rsa: No such file or directory
ssh_pki_import_pubkey_file: Error opening /root/.ssh/id_dsa.pub: No such file or directory
ssh_pki_import_privkey_file: Error opening /root/.ssh/id_dsa: No such file or directory
ssh_userauth_publickey_auto: Tried every public key, none matched
from ssh.
jeroen
commented on August 17, 2024
Does the verbose output on Windows show any hints why other methods are not considered?
from ssh.
D3SL
commented on August 17, 2024
Here's the verbose output of my win10 computer with the latest R package trying to connect to the same remote as the previous log.
ssh_pki_import_privkey_base64: Trying to decode privkey passphrase=false
ssh_pki_openssh_import: Opening OpenSSH private key: ciphername: none, kdf: none, nkeys: 1
ssh_config_parse_line: Unsupported option: AddKeysToAgent, line: 5
ssh_connect: libssh 0.10.5 (c) 2003-2023 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_pthread
ssh_socket_connect: Nonblocking connection socket: 32740
ssh_connect: Socket connecting, now waiting for the callbacks to work
socket_callback_connected: Socket connection callback: 1 (0)
ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_5.3
ssh_analyze_banner: Analyzing banner: SSH-2.0-OpenSSH_5.3
ssh_analyze_banner: We are talking to an OpenSSH server version: 5.3 (50300)
ssh_known_hosts_read_entries: Failed to open the known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory
ssh_kex_select_methods: kex error : no match for method server host key algo: server [ssh-rsa,ssh-dss], client [rsa-sha2-512,rsa-sha2-256,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,[email protected],[email protected]]
Error: libssh failure at 'connect': kex error : no match for method server host key algo: server [ssh-rsa,ssh-dss], client [rsa-sha2-512,rsa-sha2-256,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,[email protected],[email protected]]
from ssh.
Related Issues (20)
- problem using scp on a complete folder tree
- Package installation onto Docker HOT 1
- SSH failing to open Known host file HOT 1
- ssh_tunnel to localhost.run
- Error when using scp_upload() & scp_download on some SFTPs
- SSH session automatically disconnects after parallel programming
- cannot scp_upload from Windows to Windows HOT 1
- cannot use wildcards with scp_download
- Problems wit large files with scp_download
- Make SSH tunnel to query a remote redshift database in R HOT 1
- switch user using sudo failing HOT 1
- ssh-agent not being found HOT 1
- Feature Request: `ssh_info()` works on disconnected sessions
- SSH_AUTH_METHOD_PASSWORD does not seem to be working
- scp_upload problem in newest verision HOT 1
- Could add function support SSH without password HOT 1
- How do I preserve the mode permission of a file with scp_upload HOT 1
- scp_upload and scp_download fail for UNC paths without permission on root directory
- Uploading large files using scp_upload() causes RStudio session crash
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ssh.