From danie.dejager@striata.com  Mon Feb 18 10:08:14 2019
Received: (at submit) by bugs.x2go.org; 18 Feb 2019 09:08:16 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,URIBL_BLOCKED autolearn=ham
	autolearn_force=no version=3.4.2
Received: from localhost (localhost [127.0.0.1])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id DD9915DAF2
	for <submit@bugs.x2go.org>; Mon, 18 Feb 2019 10:08:14 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de
Received: from ymir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 1k7l5WNRC3dq for <submit@bugs.x2go.org>;
	Mon, 18 Feb 2019 10:08:05 +0100 (CET)
Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 8AF8F5DAF1
	for <submit@bugs.x2go.org>; Mon, 18 Feb 2019 10:08:05 +0100 (CET)
Received: by mail-yb1-xb2a.google.com with SMTP id j62so6502595ybb.1
        for <submit@bugs.x2go.org>; Mon, 18 Feb 2019 01:08:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=striata.com; s=google2;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=NDq1RQlJryjKiBvpR2ZInkZM25Xn8rA+0PwZRzsZqes=;
        b=eZw2okzfr9tB9dtWopCg0BGFVvFZxEzkaWaqZu1glOtjmOxndD2DevwtJWCIkCGi6C
         8Lhbzb8A3wFbOAIIz2QsUpzoLe7itcCUYT7bQs2k6IcuVXJy2Z1bYKt/kYru36YcKiwy
         ELWa/KbIaPvvARCKKic6pGSEDrVVji5RgJijNPS+mH1NXedMVSWfsjFrIAuSQ+nErINB
         6OoLjOOtBqS2IJr8Bmp/uwLAELUqTYlNjYPdV2VaM6YIePEgXF14WTiSkq+e8tUJi2ka
         9dH67+TlE3PiT7N26WBdc7UcscplaN6TtCgrEYMapBcP6Y3YsEWhvqu2nSCtA6Dc95fP
         R6Ig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=NDq1RQlJryjKiBvpR2ZInkZM25Xn8rA+0PwZRzsZqes=;
        b=IDixsCAfPK295F2xAjQpJnHjSwOi5lzSekro1ntp0xvCtEHb9I2IX04aUM+SbhmTsF
         ilFdIInkrSBSqxuXrEUbY+F6T4cBiZy98bJk9Zh08MUNWtxnEaFVM6iFvLEpJiqUMT9N
         pdcOfmhqY+sqSo5Nv3RrTSJq0e/7hpz+PjZc/BXu5ITIZwJpIWtR69B7vtH8O1Wdt64i
         C6rCOpWYlbyZ+0MXSROxMTI4ruXvlXM7cT7XweSfZ889D/9A2AznVsS1c8bnnlml3L8v
         5+oNw9N5nFhkMS+is88A0wOMhxxptNEebr7rbgHFSOgtNps1xlL1zH/B3imLJwwp5XzR
         i1bA==
X-Gm-Message-State: AHQUAubxHu1j+fK+ew5tBHrTf7Ir/uwFyqiZmxTUHbkqcBlT3p6Vtk0v
	7jd3sMYqOig0wM2I0ja7CbQoV/LazopJB3j9TYKM1xbWHCRyCA==
X-Google-Smtp-Source: AHgI3IapbvjGcnhxMWKg+wQ++WTAYQxYY0g2mmbrLMtCl84i0ialCcrBwqfcQU/LFy7LitUR5dqXujGLQk7U398M1BE=
X-Received: by 2002:a5b:98c:: with SMTP id c12mr17864155ybq.280.1550480883650;
 Mon, 18 Feb 2019 01:08:03 -0800 (PST)
MIME-Version: 1.0
References: <CAC6Wms4dZ5ruZiSw7MFB1scoD=V2sEjeSHmdgZk1e9rWVaK9tw@mail.gmail.com>
In-Reply-To: <CAC6Wms4dZ5ruZiSw7MFB1scoD=V2sEjeSHmdgZk1e9rWVaK9tw@mail.gmail.com>
From: Danie de Jager <danie.dejager@striata.com>
Date: Mon, 18 Feb 2019 11:07:37 +0200
Message-ID: <CAC6Wms7es6nynsT0Vj-_sNyAbT14RCSBs6Fb91NRLeMcy5QAhQ@mail.gmail.com>
Subject: Re: kex error : no match for method mac algo
To: submit@bugs.x2go.org
Content-Type: multipart/alternative; boundary="0000000000004d2cc9058227763d"

--0000000000004d2cc9058227763d
Content-Type: text/plain; charset="UTF-8"

Package: client

The client does not support chacha20 as I get this error when I try to
connect to the X2Go server. I did harden my SSH configuration as guided by
Mozzila
https://infosec.mozilla.org/guidelines/openssh

When I use defaults it works fine. It seems that the library used by X2Go
is missing some newer methods.

Config:
server ssh config:
KexAlgorithms curve25519-sha256@libssh.org
,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,
aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

Client sshd config:
Client using default sshd config

or

HashKnownHosts yes
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,
ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp256-cert-v01@openssh.com
,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
KexAlgorithms curve25519-sha256@libssh.org
,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,
aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

Error:
"kex error : no match for method mac algo client->server: server [
hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,
umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com],
client [hmac-sha1]"

or sometimes

"crypt_set_algorithms2: no crypto algorithm function found for
chacha20-poly1305@openssh.com"

Let me know if I can provide more information.

Regards,
*Danie de Jager*

--0000000000004d2cc9058227763d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,he=
lvetica,sans-serif;color:rgb(68,68,68)">Package: client<span class=3D"gmail=
_default"></span></div><div class=3D"gmail_default" style=3D"font-family:ar=
ial,helvetica,sans-serif;color:rgb(68,68,68)"><span class=3D"gmail_default"=
><br></span></div><div class=3D"gmail_default" style=3D"font-family:arial,h=
elvetica,sans-serif;color:rgb(68,68,68)">The client does not support chacha=
20 as I get this error when I try to connect to the X2Go server. I did hard=
en my SSH configuration as guided by Mozzila</div><div><font color=3D"#4444=
44" face=3D"arial, helvetica, sans-serif"><a href=3D"https://infosec.mozill=
a.org/guidelines/openssh" target=3D"_blank">https://infosec.mozilla.org/gui=
delines/openssh</a></font><br></div><div><font color=3D"#444444" face=3D"ar=
ial, helvetica, sans-serif"><br></font></div><div><font color=3D"#444444" f=
ace=3D"arial, helvetica, sans-serif">When I use defaults it works fine. It =
seems that the library=C2=A0used by X2Go is missing some newer methods.</fo=
nt></div><div style=3D"color:rgb(68,68,68)"><font face=3D"monospace, monosp=
ace"><br></font></div><div style=3D"color:rgb(68,68,68)"><font face=3D"mono=
space, monospace">Config:</font></div><div style=3D"color:rgb(68,68,68)"><f=
ont face=3D"monospace, monospace">server ssh config:</font></div><div style=
=3D"color:rgb(68,68,68)"><div dir=3D"ltr" style=3D"color:rgb(34,34,34)"><fo=
nt color=3D"#444444" face=3D"monospace, monospace"><span class=3D"gmail_def=
ault"></span>KexAlgorithms=C2=A0<a href=3D"mailto:curve25519-sha256@libssh.=
org" target=3D"_blank">curve25519-sha256@libssh.org</a>,ecdh-sha2-nistp521,=
ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256<=
/font></div><div dir=3D"ltr" style=3D"color:rgb(34,34,34)"><font face=3D"mo=
nospace, monospace"><span style=3D"color:rgb(68,68,68)">Ciphers=C2=A0<a hre=
f=3D"mailto:chacha20-poly1305@openssh.com" target=3D"_blank">chacha20-poly1=
305@openssh.com</a>,<a href=3D"mailto:aes256-gcm@openssh.com" target=3D"_bl=
ank">aes256-gcm@openssh.com</a>,<a href=3D"mailto:aes128-gcm@openssh.com" t=
arget=3D"_blank">aes128-gcm@openssh.com</a>,aes256-ctr,aes192-ctr,aes128-ct=
r</span><br></font></div><div dir=3D"ltr" style=3D"color:rgb(34,34,34)"><fo=
nt face=3D"monospace, monospace"><span style=3D"color:rgb(68,68,68)">MACs=
=C2=A0<a href=3D"mailto:hmac-sha2-512-etm@openssh.com" target=3D"_blank">hm=
ac-sha2-512-etm@openssh.com</a>,<a href=3D"mailto:hmac-sha2-256-etm@openssh=
.com" target=3D"_blank">hmac-sha2-256-etm@openssh.com</a>,<a href=3D"mailto=
:umac-128-etm@openssh.com" target=3D"_blank">umac-128-etm@openssh.com</a>,h=
mac-sha2-512,hmac-sha2-256,<a href=3D"mailto:umac-128@openssh.com" target=
=3D"_blank">umac-128@openssh.com</a></span></font></div><div dir=3D"ltr" st=
yle=3D"color:rgb(34,34,34)"><table cellspacing=3D"0" cellpadding=3D"0" bord=
er=3D"0" style=3D"font-size:12.8px"><tbody><tr><td><table cellspacing=3D"0"=
 cellpadding=3D"0" border=3D"0"><tbody><tr><td height=3D"15"><div dir=3D"lt=
r"><div style=3D"font-family:arial,helvetica,sans-serif;font-size:small;col=
or:rgb(68,68,68)"><br></div><div style=3D"font-family:arial,helvetica,sans-=
serif;font-size:small;color:rgb(68,68,68)">Client=C2=A0<span style=3D"font-=
size:12.8px">sshd config</span>:</div><div style=3D"font-size:small;color:r=
gb(68,68,68)"><span style=3D"font-family:arial,helvetica,sans-serif"></span=
><font face=3D"monospace, monospace">Client using default sshd config</font=
></div><div style=3D"font-size:small;color:rgb(68,68,68)"><font face=3D"mon=
ospace, monospace"><br></font></div><div style=3D"font-family:arial,helveti=
ca,sans-serif;font-size:small;color:rgb(68,68,68)">or</div><div style=3D"fo=
nt-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><=
br></div><div><div><font color=3D"#444444" size=3D"2" face=3D"monospace, mo=
nospace">HashKnownHosts yes</font></div><div><font color=3D"#444444" size=
=3D"2" face=3D"monospace, monospace">HostKeyAlgorithms=C2=A0<a href=3D"mail=
to:ssh-ed25519-cert-v01@openssh.com" target=3D"_blank">ssh-ed25519-cert-v01=
@openssh.com</a>,<a href=3D"mailto:ssh-rsa-cert-v01@openssh.com" target=3D"=
_blank">ssh-rsa-cert-v01@openssh.com</a>,ssh-ed25519,ssh-rsa,<a href=3D"mai=
lto:ecdsa-sha2-nistp521-cert-v01@openssh.com" target=3D"_blank">ecdsa-sha2-=
nistp521-cert-v01@openssh.com</a>,<a href=3D"mailto:ecdsa-sha2-nistp384-cer=
t-v01@openssh.com" target=3D"_blank">ecdsa-sha2-nistp384-cert-v01@openssh.c=
om</a>,<a href=3D"mailto:ecdsa-sha2-nistp256-cert-v01@openssh.com" target=
=3D"_blank">ecdsa-sha2-nistp256-cert-v01@openssh.com</a>,ecdsa-sha2-nistp52=
1,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256</font></div><div><span style=3D"c=
olor:rgb(68,68,68);font-family:monospace,monospace;font-size:small">KexAlgo=
rithms=C2=A0<a href=3D"mailto:curve25519-sha256@libssh.org" target=3D"_blan=
k">curve25519-sha256@libssh.org</a>,ecdh-sha2-nistp521,ecdh-sha2-nistp384,e=
cdh-sha2-nistp256,diffie-hellman-group-exchange-sha256</span><br></div><div=
><font color=3D"#444444" size=3D"2" face=3D"monospace, monospace">MACs=C2=
=A0<a href=3D"mailto:hmac-sha2-512-etm@openssh.com" target=3D"_blank">hmac-=
sha2-512-etm@openssh.com</a>,<a href=3D"mailto:hmac-sha2-256-etm@openssh.co=
m" target=3D"_blank">hmac-sha2-256-etm@openssh.com</a>,<a href=3D"mailto:um=
ac-128-etm@openssh.com" target=3D"_blank">umac-128-etm@openssh.com</a>,hmac=
-sha2-512,hmac-sha2-256,<a href=3D"mailto:umac-128@openssh.com" target=3D"_=
blank">umac-128@openssh.com</a></font></div><div><font color=3D"#444444" si=
ze=3D"2" face=3D"monospace, monospace">Ciphers=C2=A0<a href=3D"mailto:chach=
a20-poly1305@openssh.com" target=3D"_blank">chacha20-poly1305@openssh.com</=
a>,<a href=3D"mailto:aes256-gcm@openssh.com" target=3D"_blank">aes256-gcm@o=
penssh.com</a>,<a href=3D"mailto:aes128-gcm@openssh.com" target=3D"_blank">=
aes128-gcm@openssh.com</a>,aes256-ctr,aes192-ctr,aes128-ctr</font></div></d=
iv><br></div><div dir=3D"ltr" style=3D"font-family:Arial,Helvetica,sans-ser=
if;font-size:small"><div style=3D"font-family:arial,helvetica,sans-serif;co=
lor:rgb(68,68,68)">Error:</div></div><font face=3D"monospace, monospace"><s=
pan class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif=
;color:rgb(68,68,68)">&quot;</span>kex error : no match for method mac algo=
 client-&gt;server: server [<a href=3D"mailto:hmac-sha2-512-etm@openssh.com=
" target=3D"_blank">hmac-sha2-512-etm@openssh.com</a>,<a href=3D"mailto:hma=
c-sha2-256-etm@openssh.com" target=3D"_blank">hmac-sha2-256-etm@openssh.com=
</a>,<a href=3D"mailto:umac-128-etm@openssh.com" target=3D"_blank">umac-128=
-etm@openssh.com</a>,hmac-sha2-512,hmac-sha2-256,<a href=3D"mailto:umac-128=
@openssh.com" target=3D"_blank">umac-128@openssh.com</a>], client [hmac-sha=
1]<span class=3D"gmail_default" style=3D"color:rgb(68,68,68)">&quot;</span>=
</font><br><br>or sometimes<br><div style=3D"font-family:Arial,Helvetica,sa=
ns-serif;font-size:small;color:rgb(68,68,68)"><div dir=3D"ltr" style=3D"col=
or:rgb(34,34,34)"><br></div></div><div style=3D"font-family:Arial,Helvetica=
,sans-serif;font-size:small;color:rgb(68,68,68)"><font face=3D"monospace, m=
onospace">&quot;<span style=3D"white-space:pre-wrap;color:rgb(34,34,34)">cr=
ypt_set_algorithms2: no crypto algorithm function found for <a href=3D"mail=
to:chacha20-poly1305@openssh.com" target=3D"_blank">chacha20-poly1305@opens=
sh.com</a>&quot;</span></font></div><div style=3D"font-family:Arial,Helveti=
ca,sans-serif;font-size:small"><div dir=3D"ltr" class=3D"gmail-m_1067984671=
072771653gmail_signature"><div dir=3D"ltr"><br class=3D"gmail-m_10679846710=
72771653gmail-Apple-interchange-newline"></div><div dir=3D"ltr">Let me know=
 if I can provide more information.</div></div></div><br><font face=3D"aria=
l, helvetica, sans-serif">Regards,</font></td></tr><tr><td style=3D"height:=
15px"><font face=3D"Arial,sans-serif" color=3D"#092C74" style=3D"font-size:=
12px;color:rgb(9,44,116)"><b>Danie=C2=A0de Jager</b></font></td></tr></tbod=
y></table></td></tr></tbody></table></div></div><div class=3D"gmail_default=
" style=3D"font-family:arial,helvetica,sans-serif;color:rgb(68,68,68)"></di=
v></div>

--0000000000004d2cc9058227763d--