SSH: Couldn't agree a key algorithm (available: curve25519-sha256@libssh.org)
-
I just bumped into this earlier today too. My putty was from 2013 and an update fixed it no problem. Then I come here and someone else has the same issue.
-
It really is sad the old stuff some of these major applications are using. The one that really ticks me off is freaking cisco!! Even to their security devices they do not support the current best practice for kex and ciphers..
I think players like pfsense and even stuff like filezilla not connecting to antiquated stuff will hope to push the major players to get with the times.
-
I hope so. I nudged Vandyke about getting the stronger kex/mac/ciphers we have in their list. It connects fine if you have a current version of SecureCRT but there is room for improvement. It is still missing chacha20-poly1305, AES256-GCM, and curve25519-sha256
-
Yeah I did the same thing with vandyke, they added ed25519 I believe in 8.01 or 02 but yeah still missing for sure chacha20
Maybe .03 is out?? Off to check.. You would think such a company who's bread and butter is ssh client and server even would be up to speed..
-
I need to test it some more but I also had an issue with keyboard-interactive on the latest SecureCRT against pfSense 2.3.2 that I need to e-mail them about. Key auth works, and plain password (ew), but not keyboard-interactive.
-
FYI
https://lists.freebsd.org/pipermail/freebsd-announce/2016-August/001737.html
FreeBSD 11 is dropping support for OpenSSH DSA keys.
-
^ nice info Harvy66, I would of prob not have noticed that info I don't subscribe to that list - prob should ;) Nice to hear though.. I would assume pfsense will follow suite, maybe beat them to the punch ;)
-
We stopped generating them some time ago, and on 2.3.2 they are not used even if present.
-
Putty 0.67 compiled on Debian Jessie 8.4 x64, will work on all Debian based variants, ie: Ubuntu, etc.
For Windows just download from Putty's website.Will solve the issue "SSH: Couldn't agree a key algorithm (available: curve25519-sha256@libssh.org)"
http://www.legionit.net/downloads/putty_0.67-1_amd64.deb.tar.gz
Will compile FileZilla if any one needs it?
 -
When it comes to security packages such as ssh clients, please only download them from official sources, check the hashes and signatures if possible. Don't download builds from random sources.
-
Not having to compile in the first place would have been nice, however not offered on Putty's site and Git Hub is 0.63
However the Admin: jimp is right
MD5: be9fabbd1fd58e2b5dc4ff022400eadf
SHA1: b8e4b18743ed294d08220bbbb0b48105f0734850
SHA256: ec4092dc30c86679013e9e86ce949653a283e1000ab488bb40523b968970a850
-
No matter which version of putty I used it didn't work for my, strangely the same versions of putty work on my other pfsense box. I don't understand why? I tired clearing out he reg files but still no go, what DID work for me was using BITVISE ssh client. this worked without issues.
-
I have yet to see a case where updating PuTTY didn't work. Perhaps you are still running an old putty somehow (wrong shortcut/link, for example).
-
yeah the issue I am having is with securecrt, you would think they would enabled chacha20 but not yet.. they just recently added ed25519..
But the dev version of putty has had both for quite some time.
That product director has driven me up the wall, her name maureen I think.
About a year or so ago I requested what I consider easy to adopt changes.
Support for chacha20
Support for gcm ciphersTo this day still no support.
Yet they have managed to do updates that affect the GUI design and some other stuff.
Seems their priority is making the program look pretty but not security enhancements.
https://forums.vandyke.com/showthread.php?t=12209
https://www.vandyke.com/products/securecrt/history.txt
https://s2-forums.vandyke.com/showthread.php?p=46666very frustrating.
-
Yeah your right her name is Maureen from the thread.. Her last excuse
We have a fairly small develpment team and it can be a challenge to balance implementing new features, fixing bugs, and making sure our applications run on the latest version of the supported platforms.
My answer to that was putty has 1 guy coding ;) And it has had support pretty much since its been available ;)
I told her their product is dead to me.. Its completely useless if its not going to support modern ciphers and algo's.. The closest they have come is back in Jan of 2016 they added ECDSA and Ed25519 keys
-
For putty, really use the daily builds ONLY. ECDSA and Ed25519 is there as well. The stable release is not usable.
-
Yeah I use the dev bulds.. But as of late I just use kitty which is a fork of putty that supports everything as of a few updates back. Or I just use the windows build of openssh.. This is really the easiest way to know for sure your going to have full support of all the ciphers and algo's that openssh is using.
https://www.mls-software.com/opensshd.html
-
Good news, ChaCha20 is coming to SecureCRT
You previously requested support for the ChaCha20-Poly1305 cipher for SSH2
sessions. This has been implemented in a pre-beta version of SecureCRT and SecureFX.If you would be interested in trying it, please let me know which product(s) and
platform(s) you need.Products:
SecureCRT
SecureCRT and SecureFXPlatforms:
Windows (64-bit)
Windows (32-bit)
Mac OS X (10.11 and later)
Linux (Ubuntu 16.x, 64-bit)
Linux (Ubuntu 16.x, 32-bit)
Linux (Ubuntu 14.x and 15.x, 64-bit)
Linux (Ubuntu 14.x and 15.x, 32-bit)
Linux (RHEL 7.0) -
Yeah I just emailed her, says on my thread to contact her for access to the prebeta ;)
-
yeah she emailed me about it some days back, no GCM still but at least CHACHA is something.