X2Go Bug report logs - #1373
kex error : no match for method mac algo

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Danie de Jager <danie.dejager@striata.com>

Date: Mon, 18 Feb 2019 09:10:02 UTC

Severity: normal

Merged with 1374

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to x2go-dev@lists.x2go.org, owner@bugs.x2go.org:
Bug#1373; Package client. (Mon, 18 Feb 2019 09:10:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Danie de Jager <danie.dejager@striata.com>:
New Bug report received and forwarded. Copy sent to owner@bugs.x2go.org. (Mon, 18 Feb 2019 09:10:02 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.x2go.org (full text, mbox):

From: Danie de Jager <danie.dejager@striata.com>
To: submit@bugs.x2go.org
Subject: Re: kex error : no match for method mac algo
Date: Mon, 18 Feb 2019 11:07:37 +0200
[Message part 1 (text/plain, inline)]
Package: client

The client does not support chacha20 as I get this error when I try to
connect to the X2Go server. I did harden my SSH configuration as guided by
Mozzila
https://infosec.mozilla.org/guidelines/openssh

When I use defaults it works fine. It seems that the library used by X2Go
is missing some newer methods.

Config:
server ssh config:
KexAlgorithms curve25519-sha256@libssh.org
,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,
aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

Client sshd config:
Client using default sshd config

or

HashKnownHosts yes
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,
ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp256-cert-v01@openssh.com
,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
KexAlgorithms curve25519-sha256@libssh.org
,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,
aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

Error:
"kex error : no match for method mac algo client->server: server [
hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com],
client [hmac-sha1]"

or sometimes

"crypt_set_algorithms2: no crypto algorithm function found for
chacha20-poly1305@openssh.com"

Let me know if I can provide more information.

Regards,
*Danie de Jager*
[Message part 2 (text/html, inline)]

Information forwarded to x2go-dev@lists.x2go.org, owner@bugs.x2go.org:
Bug#1373; Package client. (Mon, 18 Feb 2019 10:25:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Antenore <antenore@simbiosi.org>:
Extra info received and forwarded to list. Copy sent to owner@bugs.x2go.org. (Mon, 18 Feb 2019 10:25:02 GMT) Full text and rfc822 format available.

Message #10 received at 1373@bugs.x2go.org (full text, mbox):

From: Antenore <antenore@simbiosi.org>
To: Danie de Jager <danie.dejager@striata.com>,1373@bugs.x2go.org,submit@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#1373: kex error : no match for method mac algo
Date: Mon, 18 Feb 2019 11:22:16 +0100
Package: client

Hi Daniel,

I'm just a reader, but X2GO uses libssh, that support the Kex you are
using, so first of all, you have to install an updated version of libssh
and eventually check if it has been compiled with the support of these
algorithms.

Normally, I think, on the X2GO side there is nothing more to do.

Have a look here:

https://www.libssh.org/features/

On 18 February 2019 10:07:37 CET, Danie de Jager <danie.dejager@striata.com> wrote:
>Package: client
>
>The client does not support chacha20 as I get this error when I try to
>connect to the X2Go server. I did harden my SSH configuration as guided
>by
>Mozzila
>https://infosec.mozilla.org/guidelines/openssh
>
>When I use defaults it works fine. It seems that the library used by
>X2Go
>is missing some newer methods.
>
>Config:
>server ssh config:
>KexAlgorithms curve25519-sha256@libssh.org
>,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
>Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,
>aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
>MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
>umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
>
>Client sshd config:
>Client using default sshd config
>
>or
>
>HashKnownHosts yes
>HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,
>ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,
>ecdsa-sha2-nistp521-cert-v01@openssh.com,
>ecdsa-sha2-nistp384-cert-v01@openssh.com,
>ecdsa-sha2-nistp256-cert-v01@openssh.com
>,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
>KexAlgorithms curve25519-sha256@libssh.org
>,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
>MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
>umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
>Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,
>aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
>
>Error:
>"kex error : no match for method mac algo client->server: server [
>hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
>umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com],
>client [hmac-sha1]"
>
>or sometimes
>
>"crypt_set_algorithms2: no crypto algorithm function found for
>chacha20-poly1305@openssh.com"
>
>Let me know if I can provide more information.
>
>Regards,
>*Danie de Jager*


Information forwarded to x2go-dev@lists.x2go.org, owner@bugs.x2go.org:
Bug#1373; Package client. (Mon, 18 Feb 2019 11:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Danie de Jager <danie.dejager@striata.com>:
Extra info received and forwarded to list. Copy sent to owner@bugs.x2go.org. (Mon, 18 Feb 2019 11:30:03 GMT) Full text and rfc822 format available.

Message #15 received at 1373@bugs.x2go.org (full text, mbox):

From: Danie de Jager <danie.dejager@striata.com>
To: Antenore <antenore@simbiosi.org>
Cc: 1373@bugs.x2go.org, submit@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#1373: kex error : no match for method mac algo
Date: Mon, 18 Feb 2019 13:24:37 +0200
[Message part 1 (text/plain, inline)]
Thanks for your input. Maybe the client ships in a way where it is compiled
to only support MACs of
hmac-sha1-etm@openssh.com,hmac-sha1

When I add these to my server I can SSH to it and see remote screen with
X2GO client. If I change the server's SSHD config and remove the 2 sha1
MACs I can still shh to the server but X2Go client stops working. To get
the libssh updated for my OS won't necissarily allow the client to use it
if the client was statically compiled using an older version.

On Mon, 18 Feb 2019 at 12:22, Antenore <antenore@simbiosi.org> wrote:

> Package: client
>
> Hi Daniel,
>
> I'm just a reader, but X2GO uses libssh, that support the Kex you are
> using, so first of all, you have to install an updated version of libssh
> and eventually check if it has been compiled with the support of these
> algorithms.
>
> Normally, I think, on the X2GO side there is nothing more to do.
>
> Have a look here:
>
> https://www.libssh.org/features/
>
> On 18 February 2019 10:07:37 CET, Danie de Jager <
> danie.dejager@striata.com> wrote:
> >Package: client
> >
> >The client does not support chacha20 as I get this error when I try to
> >connect to the X2Go server. I did harden my SSH configuration as guided
> >by
> >Mozzila
> >https://infosec.mozilla.org/guidelines/openssh
> >
> >When I use defaults it works fine. It seems that the library used by
> >X2Go
> >is missing some newer methods.
> >
> >Config:
> >server ssh config:
> >KexAlgorithms curve25519-sha256@libssh.org
>
> >,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
> >Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,
> >aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
> >MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
> >umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
> >
> >Client sshd config:
> >Client using default sshd config
> >
> >or
> >
> >HashKnownHosts yes
> >HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,
> >ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,
> >ecdsa-sha2-nistp521-cert-v01@openssh.com,
> >ecdsa-sha2-nistp384-cert-v01@openssh.com,
> >ecdsa-sha2-nistp256-cert-v01@openssh.com
> >,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
> >KexAlgorithms curve25519-sha256@libssh.org
>
> >,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
> >MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
> >umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
> >Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,
> >aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
> >
> >Error:
> >"kex error : no match for method mac algo client->server: server [
> >hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
> >umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
> ],
> >client [hmac-sha1]"
> >
> >or sometimes
> >
> >"crypt_set_algorithms2: no crypto algorithm function found for
> >chacha20-poly1305@openssh.com"
> >
> >Let me know if I can provide more information.
> >
> >Regards,
> >*Danie de Jager*
>
[Message part 2 (text/html, inline)]

Information forwarded to x2go-dev@lists.x2go.org, owner@bugs.x2go.org:
Bug#1373; Package client. (Mon, 18 Feb 2019 11:55:01 GMT) Full text and rfc822 format available.

Acknowledgement sent to Antenore Gatta <antenore@simbiosi.org>:
Extra info received and forwarded to list. Copy sent to owner@bugs.x2go.org. (Mon, 18 Feb 2019 11:55:02 GMT) Full text and rfc822 format available.

Message #20 received at 1373@bugs.x2go.org (full text, mbox):

From: Antenore Gatta <antenore@simbiosi.org>
To: 1373@bugs.x2go.org, submit@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#1373: kex error : no match for method mac algo
Date: Mon, 18 Feb 2019 10:24:41 +0100
Hi Daniel,

I'm just a reader, but X2GO uses libssh, that support the Kex you are
using, so first of all, you have to install an updated version of libssh
and eventually check if it has been compiled with the support of these
algorithms.

Normally, I think, on the X2GO side there is nothing more to do.

Have a look here:

https://www.libssh.org/features/


On Mon, 18 Feb 2019 11:07:37 +0200
Danie de Jager <danie.dejager@striata.com> wrote:

> Package: client
> 
> The client does not support chacha20 as I get this error when I try to
> connect to the X2Go server. I did harden my SSH configuration as
> guided by Mozzila
> https://infosec.mozilla.org/guidelines/openssh
> 
> When I use defaults it works fine. It seems that the library used by
> X2Go is missing some newer methods.
> 
> Config:
> server ssh config:
> KexAlgorithms curve25519-sha256@libssh.org
> ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
> Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,
> aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
> MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
> umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
> 
> Client sshd config:
> Client using default sshd config
> 
> or
> 
> HashKnownHosts yes
> HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,
> ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,
> ecdsa-sha2-nistp521-cert-v01@openssh.com,
> ecdsa-sha2-nistp384-cert-v01@openssh.com,
> ecdsa-sha2-nistp256-cert-v01@openssh.com
> ,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
> KexAlgorithms curve25519-sha256@libssh.org
> ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
> MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
> umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
> Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,
> aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
> 
> Error:
> "kex error : no match for method mac algo client->server: server [
> hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
> umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com],
> client [hmac-sha1]"
> 
> or sometimes
> 
> "crypt_set_algorithms2: no crypto algorithm function found for
> chacha20-poly1305@openssh.com"
> 
> Let me know if I can provide more information.
> 
> Regards,
> *Danie de Jager*


Information forwarded to x2go-dev@lists.x2go.org, owner@bugs.x2go.org:
Bug#1373; Package client. (Mon, 18 Feb 2019 20:40:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to owner@bugs.x2go.org. (Mon, 18 Feb 2019 20:40:03 GMT) Full text and rfc822 format available.

Message #25 received at 1373@bugs.x2go.org (full text, mbox):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 1373@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#1373: kex error : no match for method mac algo
Date: Mon, 18 Feb 2019 20:36:55 +0000
[Message part 1 (text/plain, inline)]
Control: reassign -1 x2goclient
Control: forcemerge #1374 -1

On  Mo 18 Feb 2019 10:07:37 CET, Danie de Jager wrote:

> Package: client
>
> The client does not support chacha20 as I get this error when I try to
> connect to the X2Go server. I did harden my SSH configuration as guided by
> Mozzila
> https://infosec.mozilla.org/guidelines/openssh
>
> When I use defaults it works fine. It seems that the library used by X2Go
> is missing some newer methods.

> [...]

Doing some bts major domo work...

Mike
-- 

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

[Message part 2 (application/pgp-signature, inline)]

Bug reassigned from package 'client' to 'x2goclient'. Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to 1373-submit@bugs.x2go.org. (Mon, 18 Feb 2019 20:40:04 GMT) Full text and rfc822 format available.

Merged 1373 1374 Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Mon, 18 Feb 2019 20:55:01 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sat Mar 23 11:51:44 2019; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.