Page MenuHomePhabricator

ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value
Open, Needs TriagePublic

Description

Hi,

Since i migrated libssh 0.7.5 to 0.9.x, i have that issue.

Debug with libssh 0.7.5 working:

[2020/07/07 15:31:41.352164, 2] ssh_connect:  libssh 0.7.5 (c) 2003-2014 Aris Adamantiadis, Andreas Schneider, and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_noop
[2020/07/07 15:31:41.352245, 3] getai:  host 168.162.35.117 matches an IP address
[2020/07/07 15:31:41.352397, 2] ssh_socket_connect:  Nonblocking connection socket: 4
[2020/07/07 15:31:41.352424, 2] ssh_connect:  Socket connecting, now waiting for the callbacks to work
[2020/07/07 15:31:41.352432, 3] ssh_connect:  Actual timeout : 5000
[2020/07/07 15:31:41.364007, 3] ssh_socket_pollcallback:  Received POLLOUT in connecting state
[2020/07/07 15:31:41.364034, 1] socket_callback_connected:  Socket connection callback: 1 (0)
[2020/07/07 15:31:41.364077, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
[2020/07/07 15:31:41.378525, 3] callback_receive_banner:  Received banner: SSH-2.0-srtSSHServer_11.00
[2020/07/07 15:31:41.378554, 1] ssh_client_connection_callback:  SSH server banner: SSH-2.0-srtSSHServer_11.00
[2020/07/07 15:31:41.378563, 1] ssh_analyze_banner:  Analyzing banner: SSH-2.0-srtSSHServer_11.00
[2020/07/07 15:31:41.426373, 3] ssh_packet_socket_callback:  packet: read type 20 [len=508,padding=11,comp=496,payload=496]
[2020/07/07 15:31:41.426401, 3] ssh_packet_process:  Dispatching handler for packet type 20
[2020/07/07 15:31:41.426447, 4] ssh_list_kex:  kex algos: diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha512@ssh.com,diffie-hellman-group16-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
[2020/07/07 15:31:41.426467, 4] ssh_list_kex:  server host key algo: ssh-rsa
[2020/07/07 15:31:41.426477, 4] ssh_list_kex:  encryption client->server: 3des-cbc,aes128-cbc,aes256-cbc,blowfish-cbc,cast128-cbc
[2020/07/07 15:31:41.426486, 4] ssh_list_kex:  encryption server->client: 3des-cbc,aes128-cbc,aes256-cbc,blowfish-cbc,cast128-cbc
[2020/07/07 15:31:41.426496, 4] ssh_list_kex:  mac algo client->server: hmac-sha1
[2020/07/07 15:31:41.426506, 4] ssh_list_kex:  mac algo server->client: hmac-sha1
[2020/07/07 15:31:41.426515, 4] ssh_list_kex:  compression algo client->server: none
[2020/07/07 15:31:41.426525, 4] ssh_list_kex:  compression algo server->client: none
[2020/07/07 15:31:41.426535, 4] ssh_list_kex:  languages client->server:
[2020/07/07 15:31:41.426544, 4] ssh_list_kex:  languages server->client:
[2020/07/07 15:31:41.426694, 3] ssh_knownhosts_algorithms:  server 168.162.35.117:2223 has ssh-rsa in known_hosts
[2020/07/07 15:31:41.426724, 3] ssh_client_select_hostkeys:  Changing host key method to "ssh-rsa"
[2020/07/07 15:31:41.426749, 4] ssh_list_kex:  kex algos: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
[2020/07/07 15:31:41.426757, 4] ssh_list_kex:  server host key algo: ssh-rsa
[2020/07/07 15:31:41.426764, 4] ssh_list_kex:  encryption client->server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc
[2020/07/07 15:31:41.426771, 4] ssh_list_kex:  encryption server->client: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc
[2020/07/07 15:31:41.426779, 4] ssh_list_kex:  mac algo client->server: hmac-sha2-256,hmac-sha2-512,hmac-sha1
[2020/07/07 15:31:41.426786, 4] ssh_list_kex:  mac algo server->client: hmac-sha2-256,hmac-sha2-512,hmac-sha1
[2020/07/07 15:31:41.426794, 4] ssh_list_kex:  compression algo client->server: none
[2020/07/07 15:31:41.426803, 4] ssh_list_kex:  compression algo server->client: none
[2020/07/07 15:31:41.426811, 4] ssh_list_kex:  languages client->server:
[2020/07/07 15:31:41.426817, 4] ssh_list_kex:  languages server->client:
[2020/07/07 15:31:41.426858, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
[2020/07/07 15:31:41.426867, 3] packet_send2:  packet: wrote [len=436,padding=8,comp=427,payload=427]
[2020/07/07 15:31:41.429026, 3] packet_send2:  packet: wrote [len=268,padding=6,comp=261,payload=261]
[2020/07/07 15:31:41.429059, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
[2020/07/07 15:31:41.505266, 3] ssh_packet_socket_callback:  packet: read type 31 [len=572,padding=10,comp=561,payload=561]
[2020/07/07 15:31:41.505317, 3] ssh_packet_process:  Dispatching handler for packet type 31
[2020/07/07 15:31:41.505329, 2] ssh_packet_dh_reply:  Received SSH_KEXDH_REPLY
[2020/07/07 15:31:41.508223, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
[2020/07/07 15:31:41.508257, 3] packet_send2:  packet: wrote [len=12,padding=10,comp=1,payload=1]
[2020/07/07 15:31:41.508265, 2] ssh_client_dh_reply:  SSH_MSG_NEWKEYS sent
[2020/07/07 15:31:41.508273, 3] ssh_packet_socket_callback:  Processing 16 bytes left in socket buffer
[2020/07/07 15:31:41.508283, 3] ssh_packet_socket_callback:  packet: read type 21 [len=12,padding=10,comp=1,payload=1]
[2020/07/07 15:31:41.508292, 3] ssh_packet_process:  Dispatching handler for packet type 21
[2020/07/07 15:31:41.508312, 2] ssh_packet_newkeys:  Received SSH_MSG_NEWKEYS
[2020/07/07 15:31:41.508376, 3] crypt_set_algorithms2:  Set output algorithm to aes256-cbc
[2020/07/07 15:31:41.508390, 3] crypt_set_algorithms2:  Set HMAC output algorithm to hmac-sha1
[2020/07/07 15:31:41.508399, 3] crypt_set_algorithms2:  Set input algorithm to aes256-cbc
[2020/07/07 15:31:41.508409, 3] crypt_set_algorithms2:  Set HMAC output algorithm to hmac-sha1
[2020/07/07 15:31:41.508486, 4] ssh_pki_signature_verify_blob:  Going to verify a ssh-rsa type signature
[2020/07/07 15:31:41.508561, 2] ssh_packet_newkeys:  Signature verified and valid
[2020/07/07 15:31:41.508571, 3] ssh_connect:  current state : 7
[2020/07/07 15:31:41.508803, 3] ssh_userauth_publickey_auto:  Trying to authenticate with /root/.ssh/id_ed25519
[2020/07/07 15:31:41.508920, 4] ssh_pki_import_pubkey_file:  Error opening /root/.ssh/id_ed25519.pub: No such file or directory
[2020/07/07 15:31:41.508935, 4] ssh_pki_import_privkey_file:  Error opening /root/.ssh/id_ed25519: No such file or directory
[2020/07/07 15:31:41.508943, 3] ssh_userauth_publickey_auto:  Private key /root/.ssh/id_ed25519 doesn't exist.
[2020/07/07 15:31:41.508950, 3] ssh_userauth_publickey_auto:  Trying to authenticate with /root/.ssh/id_ecdsa
[2020/07/07 15:31:41.508968, 4] ssh_pki_import_pubkey_file:  Error opening /root/.ssh/id_ecdsa.pub: No such file or directory
[2020/07/07 15:31:41.508982, 4] ssh_pki_import_privkey_file:  Error opening /root/.ssh/id_ecdsa: No such file or directory
[2020/07/07 15:31:41.508992, 3] ssh_userauth_publickey_auto:  Private key /root/.ssh/id_ecdsa doesn't exist.
[2020/07/07 15:31:41.509002, 3] ssh_userauth_publickey_auto:  Trying to authenticate with /root/.ssh/id_rsa
[2020/07/07 15:31:41.509015, 4] ssh_pki_import_pubkey_file:  Error opening /root/.ssh/id_rsa.pub: No such file or directory
[2020/07/07 15:31:41.509028, 4] ssh_pki_import_privkey_file:  Error opening /root/.ssh/id_rsa: No such file or directory
[2020/07/07 15:31:41.509038, 3] ssh_userauth_publickey_auto:  Private key /root/.ssh/id_rsa doesn't exist.
[2020/07/07 15:31:41.509047, 3] ssh_userauth_publickey_auto:  Trying to authenticate with /root/.ssh/id_dsa
[2020/07/07 15:31:41.509060, 4] ssh_pki_import_pubkey_file:  Error opening /root/.ssh/id_dsa.pub: No such file or directory
[2020/07/07 15:31:41.509073, 4] ssh_pki_import_privkey_file:  Error opening /root/.ssh/id_dsa: No such file or directory
[2020/07/07 15:31:41.509083, 3] ssh_userauth_publickey_auto:  Private key /root/.ssh/id_dsa doesn't exist.
[2020/07/07 15:31:41.509093, 3] ssh_userauth_publickey_auto:  Trying to authenticate with /root/.ssh/identity
[2020/07/07 15:31:41.509116, 4] ssh_pki_import_pubkey_file:  Error opening /root/.ssh/identity.pub: No such file or directory
[2020/07/07 15:31:41.509130, 4] ssh_pki_import_privkey_file:  Error opening /root/.ssh/identity: No such file or directory
[2020/07/07 15:31:41.509140, 3] ssh_userauth_publickey_auto:  Private key /root/.ssh/identity doesn't exist.
[2020/07/07 15:31:41.509149, 2] ssh_userauth_publickey_auto:  Tried every public key, none matched
[2020/07/07 15:31:41.509228, 3] packet_send2:  packet: wrote [len=28,padding=10,comp=17,payload=17]
[2020/07/07 15:31:41.509238, 3] ssh_service_request:  Sent SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
[2020/07/07 15:31:41.509252, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
[2020/07/07 15:31:41.591770, 3] ssh_packet_socket_callback:  packet: read type 6 [len=28,padding=10,comp=17,payload=17]
[2020/07/07 15:31:41.591809, 3] ssh_packet_process:  Dispatching handler for packet type 6
[2020/07/07 15:31:41.591818, 3] ssh_packet_service_accept:  Received SSH_MSG_SERVICE_ACCEPT
[2020/07/07 15:31:41.591865, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
[2020/07/07 15:31:41.591884, 3] packet_send2:  packet: wrote [len=76,padding=10,comp=65,payload=65]
[2020/07/07 15:31:41.844898, 3] ssh_packet_socket_callback:  packet: read type 52 [len=12,padding=10,comp=1,payload=1]
[2020/07/07 15:31:41.844936, 3] ssh_packet_process:  Dispatching handler for packet type 52
[2020/07/07 15:31:41.844969, 3] ssh_packet_userauth_success:  Authentication successful
[2020/07/07 15:31:41.844977, 4] ssh_packet_userauth_success:  Received SSH_USERAUTH_SUCCESS

Debug not working with libssh 0.9.x:

[2020/07/07 15:25:55.558060, 3] ssh_config_parse_file:  Reading configuration data from /etc/ssh/ssh_config
[2020/07/07 15:25:55.558192, 2] ssh_config_parse_line:  Unapplicable option: ForwardX11Trusted, line: 63
[2020/07/07 15:25:55.558205, 2] ssh_config_parse_line:  Unapplicable option: SendEnv, line: 65
[2020/07/07 15:25:55.558214, 2] ssh_config_parse_line:  Unapplicable option: SendEnv, line: 66
[2020/07/07 15:25:55.558222, 2] ssh_config_parse_line:  Unapplicable option: SendEnv, line: 67
[2020/07/07 15:25:55.558245, 2] ssh_connect:  libssh 0.9.3 (c) 2003-2019 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_pthread
[2020/07/07 15:25:55.558263, 3] getai:  host 168.162.35.117 matches an IP address
[2020/07/07 15:25:55.558409, 2] ssh_socket_connect:  Nonblocking connection socket: 4
[2020/07/07 15:25:55.558421, 2] ssh_connect:  Socket connecting, now waiting for the callbacks to work
[2020/07/07 15:25:55.558432, 3] ssh_connect:  Actual timeout : 5000
[2020/07/07 15:25:55.569926, 4] ssh_socket_pollcallback:  Poll callback on socket 4 (POLLOUT ), out buffer 0
[2020/07/07 15:25:55.569963, 3] ssh_socket_pollcallback:  Received POLLOUT in connecting state
[2020/07/07 15:25:55.569980, 1] socket_callback_connected:  Socket connection callback: 1 (0)
[2020/07/07 15:25:55.570023, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
[2020/07/07 15:25:55.570038, 4] ssh_socket_pollcallback:  Poll callback on socket 4 (POLLOUT ), out buffer 0
[2020/07/07 15:25:55.584552, 4] ssh_socket_pollcallback:  Poll callback on socket 4 (POLLIN ), out buffer 0
[2020/07/07 15:25:55.584596, 3] callback_receive_banner:  Received banner: SSH-2.0-srtSSHServer_11.00
[2020/07/07 15:25:55.584604, 2] ssh_client_connection_callback:  SSH server banner: SSH-2.0-srtSSHServer_11.00
[2020/07/07 15:25:55.584612, 2] ssh_analyze_banner:  Analyzing banner: SSH-2.0-srtSSHServer_11.00
[2020/07/07 15:25:55.584773, 3] ssh_client_select_hostkeys:  Order of wanted host keys: "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss"
[2020/07/07 15:25:55.585027, 1] ssh_known_hosts_read_entries:  Failed to open the known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory
[2020/07/07 15:25:55.585057, 3] ssh_client_select_hostkeys:  Algorithms found in known_hosts files: "rsa-sha2-512,rsa-sha2-256,ssh-rsa"
[2020/07/07 15:25:55.585075, 3] ssh_client_select_hostkeys:  Changing host key method to "rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-dss"
[2020/07/07 15:25:55.585091, 4] ssh_list_kex:  kex algos: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
[2020/07/07 15:25:55.585103, 4] ssh_list_kex:  server host key algo: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-dss
[2020/07/07 15:25:55.585111, 4] ssh_list_kex:  encryption client->server: aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
[2020/07/07 15:25:55.585119, 4] ssh_list_kex:  encryption server->client: aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
[2020/07/07 15:25:55.585126, 4] ssh_list_kex:  mac algo client->server: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[2020/07/07 15:25:55.585134, 4] ssh_list_kex:  mac algo server->client: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[2020/07/07 15:25:55.585141, 4] ssh_list_kex:  compression algo client->server: none
[2020/07/07 15:25:55.585149, 4] ssh_list_kex:  compression algo server->client: none
[2020/07/07 15:25:55.585159, 4] ssh_list_kex:  languages client->server:
[2020/07/07 15:25:55.585167, 4] ssh_list_kex:  languages server->client:
[2020/07/07 15:25:55.585219, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
[2020/07/07 15:25:55.585230, 3] packet_send2:  packet: wrote [type=20, len=972, padding_size=6, comp=965, payload=965]
[2020/07/07 15:25:55.585239, 3] ssh_send_kex:  SSH_MSG_KEXINIT sent
[2020/07/07 15:25:55.585251, 4] ssh_socket_pollcallback:  Poll callback on socket 4 (POLLOUT ), out buffer 0
[2020/07/07 15:25:55.585261, 4] ssh_socket_pollcallback:  sending control flow event
[2020/07/07 15:25:55.585272, 4] ssh_packet_socket_controlflow_callback:  sending channel_write_wontblock callback
[2020/07/07 15:25:55.681720, 4] ssh_socket_pollcallback:  Poll callback on socket 4 (POLLIN ), out buffer 0
[2020/07/07 15:25:55.681832, 3] ssh_packet_socket_callback:  packet: read type 20 [len=508,padding=11,comp=496,payload=496]
[2020/07/07 15:25:55.681850, 3] ssh_packet_process:  Dispatching handler for packet type 20
[2020/07/07 15:25:55.681877, 4] ssh_list_kex:  kex algos: diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha512@ssh.com,diffie-hellman-group16-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
[2020/07/07 15:25:55.681889, 4] ssh_list_kex:  server host key algo: ssh-rsa
[2020/07/07 15:25:55.681896, 4] ssh_list_kex:  encryption client->server: 3des-cbc,aes128-cbc,aes256-cbc,blowfish-cbc,cast128-cbc
[2020/07/07 15:25:55.681903, 4] ssh_list_kex:  encryption server->client: 3des-cbc,aes128-cbc,aes256-cbc,blowfish-cbc,cast128-cbc
[2020/07/07 15:25:55.681910, 4] ssh_list_kex:  mac algo client->server: hmac-sha1
[2020/07/07 15:25:55.681917, 4] ssh_list_kex:  mac algo server->client: hmac-sha1
[2020/07/07 15:25:55.681924, 4] ssh_list_kex:  compression algo client->server: none
[2020/07/07 15:25:55.681930, 4] ssh_list_kex:  compression algo server->client: none
[2020/07/07 15:25:55.681937, 4] ssh_list_kex:  languages client->server:
[2020/07/07 15:25:55.681944, 4] ssh_list_kex:  languages server->client:
[2020/07/07 15:25:55.681971, 2] ssh_kex_select_methods:  Negotiated diffie-hellman-group18-sha512,ssh-rsa,aes256-cbc,aes256-cbc,hmac-sha1,hmac-sha1,none,none,,
[2020/07/07 15:25:55.865268, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
[2020/07/07 15:25:55.865315, 3] packet_send2:  packet: wrote [type=30, len=1036, padding_size=5, comp=1030, payload=1030]
[2020/07/07 15:25:55.865332, 4] ssh_socket_pollcallback:  Poll callback on socket 4 (POLLOUT ), out buffer 0
[2020/07/07 15:25:55.865340, 4] ssh_socket_pollcallback:  sending control flow event
[2020/07/07 15:25:55.865348, 4] ssh_packet_socket_controlflow_callback:  sending channel_write_wontblock callback
[2020/07/07 15:25:55.896323, 4] ssh_socket_pollcallback:  Poll callback on socket 4 (POLLIN ), out buffer 0
[2020/07/07 15:25:55.896368, 3] ssh_packet_socket_callback:  packet: read type 1 [len=36,padding=4,comp=31,payload=31]
[2020/07/07 15:25:55.896378, 3] ssh_packet_process:  Dispatching handler for packet type 1
[2020/07/07 15:25:55.896389, 3] ssh_packet_disconnect_callback:  Received SSH_MSG_DISCONNECT 3:invalid DH value
[2020/07/07 15:25:55.896396, 1] ssh_packet_disconnect_callback:  Received SSH_MSG_DISCONNECT: 3:invalid DH value
[2020/07/07 15:25:55.896446, 3] ssh_connect:  current state : 9

I cannot update the distant server. Is it a bug of libssh ? Maybe i can force Ciphers/... to make it working like before (0.7.5) ?

Event Timeline

qgarnier created this task.Jul 7 2020, 3:42 PM
Jakuje added a subscriber: Jakuje.Jul 7 2020, 5:02 PM

This is an issue of key exchange, not ciphres. The original trace is using probably diffie-hellman-group14-sha1 and the new one diffie-hellman-group18-sha512. The error invalid DH value comes from the server so I would suggest continuing some investigation there, figuring out what it does not like on the provided DH value.

You can indeed workaround it by selecting different key exchange method, for example diffie-hellman-group14-sha1, which is still supported by both peers, but it is based on SHA1, which is no recommended for foreseeable future.

Okay. So i cannot change the server (update or settings). I will try to force 'diffie-hellman-group14-sha1'. Thanks!

With following in ssh_config for my host, it's working:
Host 192.168.xxx.xxx

KexAlgorithms diffie-hellman-group1-sha1
Jakuje added a comment.Jul 8 2020, 8:00 AM

Thanks for confirmation. Even though you can not change the server settings, there might be something useful in the logs pointing out what is the issue. It could be bug in srtSSHServer implementation or libssh implementation of the new diffie-hellman-group18-sha512 so it is worth investigating.

Does the OpenSSH connection with this key exchange method work? What is the output of following (assuming you have openssh installed):

ssh -vvv -oKexAlgorithms=diffie-hellman-group18-sha512 192.168.xxx.xxx

Here the debug. It seems OpenSSH has the same issue.

ssh -vvv -oKexAlgorithms=diffie-hellman-group18-sha512 168.162.xx.xxx -p 2223
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "168.162.xx.xxx" port 2223
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 168.162.xx.xxx [168.162.xx.xxx] port 2223.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/centreon-engine/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/centreon-engine/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/centreon-engine/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/centreon-engine/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/centreon-engine/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/centreon-engine/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/centreon-engine/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/centreon-engine/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version srtSSHServer_11.00
debug1: no match: srtSSHServer_11.00
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 168.162.xx.xxx:2223 as 'centreon-engine'
debug3: put_host_port: [168.162.xx.xxx]:2223
debug3: hostkeys_foreach: reading file "/var/lib/centreon-engine/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /var/lib/centreon-engine/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from [168.162.xx.xxx]:2223
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group18-sha512,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha512@ssh.com,diffie-hellman-group16-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: 3des-cbc,aes128-cbc,aes256-cbc,blowfish-cbc,cast128-cbc
debug2: ciphers stoc: 3des-cbc,aes128-cbc,aes256-cbc,blowfish-cbc,cast128-cbc
debug2: MACs ctos: hmac-sha1
debug2: MACs stoc: hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group18-sha512
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha1 compression: none
debug1: kex: diffie-hellman-group18-sha512 need=20 dh_need=20
debug1: kex: diffie-hellman-group18-sha512 need=20 dh_need=20
debug1: sending SSH2_MSG_KEXDH_INIT
debug2: bits set: 4024/8192
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug3: receive packet: type 1
Received disconnect from 168.162.xx.xxx port 2223:3: invalid DH value
Disconnected from 168.162.xx.xxx port 2223

We test interoperability with OpenSSH so our implementation is compatible with OpenSSH one. So either we both are wrong or the srtSSHServer_11.00 is wrong. I would recommend you either check the server side for more logs or errors and/or contact the vendor/support of the server that you have this issue. It should be trivial for them to reproduce/debug the issue as libssh and openssh are opensource and they can reliably reproduce the issue. From just this log, we can hardly guess what the blackbox server does not like on this key exchange method implementation.

Jakuje added a project: Restricted Project.Jul 15 2020, 9:04 PM