From antenore@simbiosi.org Mon Feb 18 12:52:17 2019 Received: (at 1373) by bugs.x2go.org; 18 Feb 2019 11:52:18 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 6AB415DAF2 for <1373@bugs.x2go.org>; Mon, 18 Feb 2019 12:52:17 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mYRZz-hab4lG for <1373@bugs.x2go.org>; Mon, 18 Feb 2019 12:52:10 +0100 (CET) X-Greylist: delayed 4200 seconds by postgrey-1.35 at ymir.das-netzwerkteam.de; Mon, 18 Feb 2019 12:52:09 CET Received: from 9.mo5.mail-out.ovh.net (9.mo5.mail-out.ovh.net [178.32.96.204]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id D256B5DAF1 for <1373@bugs.x2go.org>; Mon, 18 Feb 2019 12:52:09 +0100 (CET) Received: from player734.ha.ovh.net (unknown [10.109.160.251]) by mo5.mail-out.ovh.net (Postfix) with ESMTP id 2638821C92D for <1373@bugs.x2go.org>; Mon, 18 Feb 2019 10:24:45 +0100 (CET) Received: from simbiosi.org (deibp9eh1--blueice2n4.emea.ibm.com [195.212.29.174]) (Authenticated sender: antenore@simbiosi.org) by player734.ha.ovh.net (Postfix) with ESMTPSA id D39042C16253; Mon, 18 Feb 2019 09:24:43 +0000 (UTC) Date: Mon, 18 Feb 2019 10:24:41 +0100 From: Antenore Gatta To: 1373@bugs.x2go.org, submit@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#1373: kex error : no match for method mac algo Message-ID: <20190218102441.6f46c400@mom.ch.ibm.com> In-Reply-To: References: Organization: Simbiosi.org X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.32; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Ovh-Tracer-Id: 8781174851743207683 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedtledrledvgdduvddvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenuc Hi Daniel, I'm just a reader, but X2GO uses libssh, that support the Kex you are using, so first of all, you have to install an updated version of libssh and eventually check if it has been compiled with the support of these algorithms. Normally, I think, on the X2GO side there is nothing more to do. Have a look here: https://www.libssh.org/features/ On Mon, 18 Feb 2019 11:07:37 +0200 Danie de Jager wrote: > Package: client > > The client does not support chacha20 as I get this error when I try to > connect to the X2Go server. I did harden my SSH configuration as > guided by Mozzila > https://infosec.mozilla.org/guidelines/openssh > > When I use defaults it works fine. It seems that the library used by > X2Go is missing some newer methods. > > Config: > server ssh config: > KexAlgorithms curve25519-sha256@libssh.org > ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 > Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com, > aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr > MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, > umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com > > Client sshd config: > Client using default sshd config > > or > > HashKnownHosts yes > HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com, > ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa, > ecdsa-sha2-nistp521-cert-v01@openssh.com, > ecdsa-sha2-nistp384-cert-v01@openssh.com, > ecdsa-sha2-nistp256-cert-v01@openssh.com > ,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 > KexAlgorithms curve25519-sha256@libssh.org > ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 > MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, > umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com > Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com, > aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr > > Error: > "kex error : no match for method mac algo client->server: server [ > hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com, > umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com], > client [hmac-sha1]" > > or sometimes > > "crypt_set_algorithms2: no crypto algorithm function found for > chacha20-poly1305@openssh.com" > > Let me know if I can provide more information. > > Regards, > *Danie de Jager*