From unknown Fri Mar 29 07:15:18 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#1373: [X2Go-Dev] Bug#1373: kex error : no match for method mac algo Reply-To: Antenore , 1373@bugs.x2go.org Resent-From: Antenore Resent-To: x2go-dev@lists.x2go.org Resent-CC: owner@bugs.x2go.org X-Loop: owner@bugs.x2go.org Resent-Date: Mon, 18 Feb 2019 10:25:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 1373 X-X2Go-PR-Package: client X-X2Go-PR-Keywords: Received: via spool by 1373-submit@bugs.x2go.org id=B1373.155048536417994 (code B ref 1373); Mon, 18 Feb 2019 10:25:02 +0000 Received: (at 1373) by bugs.x2go.org; 18 Feb 2019 10:22:44 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 3ED405DAF1 for <1373@bugs.x2go.org>; Mon, 18 Feb 2019 11:22:42 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ctMj9U0QnXrR for <1373@bugs.x2go.org>; Mon, 18 Feb 2019 11:22:28 +0100 (CET) X-Greylist: delayed 1216 seconds by postgrey-1.35 at ymir.das-netzwerkteam.de; Mon, 18 Feb 2019 11:22:24 CET Received: from 1.mo6.mail-out.ovh.net (1.mo6.mail-out.ovh.net [46.105.56.136]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id E12915DAF2 for <1373@bugs.x2go.org>; Mon, 18 Feb 2019 11:22:24 +0100 (CET) Received: from player755.ha.ovh.net (unknown [10.109.146.53]) by mo6.mail-out.ovh.net (Postfix) with ESMTP id A23C81AF985 for <1373@bugs.x2go.org>; Mon, 18 Feb 2019 11:22:23 +0100 (CET) Received: from simbiosi.org (252.234.197.178.dynamic.wless.lssmb00p-cgnat.res.cust.swisscom.ch [178.197.234.252]) (Authenticated sender: antenore@simbiosi.org) by player755.ha.ovh.net (Postfix) with ESMTPSA id 8A23A2E7C0FA; Mon, 18 Feb 2019 10:22:18 +0000 (UTC) Date: Mon, 18 Feb 2019 11:22:16 +0100 User-Agent: K-9 Mail for Android In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable To: Danie de Jager ,1373@bugs.x2go.org,submit@bugs.x2go.org From: Antenore Message-ID: <770B1326-8C3F-418C-9EBF-E2861A673325@simbiosi.org> X-Ovh-Tracer-Id: 9754515321009295622 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedtledrledvgddugeduucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddm Package: client Hi Daniel, I'm just a reader, but X2GO uses libssh, that support the Kex you are using, so first of all, you have to install an updated version of libssh and eventually check if it has been compiled with the support of these algorithms=2E Normally, I think, on the X2GO side there is nothing more to do=2E Have a look here: https://www=2Elibssh=2Eorg/features/ On 18 February 2019 10:07:37 CET, Danie de Jager wrote: >Package: client > >The client does not support chacha20 as I get this error when I try to >connect to the X2Go server=2E I did harden my SSH configuration as guided >by >Mozzila >https://infosec=2Emozilla=2Eorg/guidelines/openssh > >When I use defaults it works fine=2E It seems that the library used by >X2Go >is missing some newer methods=2E > >Config: >server ssh config: >KexAlgorithms curve25519-sha256@libssh=2Eorg >,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-= group-exchange-sha256 >Ciphers chacha20-poly1305@openssh=2Ecom,aes256-gcm@openssh=2Ecom, >aes128-gcm@openssh=2Ecom,aes256-ctr,aes192-ctr,aes128-ctr >MACs hmac-sha2-512-etm@openssh=2Ecom,hmac-sha2-256-etm@openssh=2Ecom, >umac-128-etm@openssh=2Ecom,hmac-sha2-512,hmac-sha2-256,umac-128@openssh= =2Ecom > >Client sshd config: >Client using default sshd config > >or > >HashKnownHosts yes >HostKeyAlgorithms ssh-ed25519-cert-v01@openssh=2Ecom, >ssh-rsa-cert-v01@openssh=2Ecom,ssh-ed25519,ssh-rsa, >ecdsa-sha2-nistp521-cert-v01@openssh=2Ecom, >ecdsa-sha2-nistp384-cert-v01@openssh=2Ecom, >ecdsa-sha2-nistp256-cert-v01@openssh=2Ecom >,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 >KexAlgorithms curve25519-sha256@libssh=2Eorg >,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-= group-exchange-sha256 >MACs hmac-sha2-512-etm@openssh=2Ecom,hmac-sha2-256-etm@openssh=2Ecom, >umac-128-etm@openssh=2Ecom,hmac-sha2-512,hmac-sha2-256,umac-128@openssh= =2Ecom >Ciphers chacha20-poly1305@openssh=2Ecom,aes256-gcm@openssh=2Ecom, >aes128-gcm@openssh=2Ecom,aes256-ctr,aes192-ctr,aes128-ctr > >Error: >"kex error : no match for method mac algo client->server: server [ >hmac-sha2-512-etm@openssh=2Ecom,hmac-sha2-256-etm@openssh=2Ecom, >umac-128-etm@openssh=2Ecom,hmac-sha2-512,hmac-sha2-256,umac-128@openssh= =2Ecom], >client [hmac-sha1]" > >or sometimes > >"crypt_set_algorithms2: no crypto algorithm function found for >chacha20-poly1305@openssh=2Ecom" > >Let me know if I can provide more information=2E > >Regards, >*Danie de Jager*