SSH: Couldn't agree a key algorithm (available: curve25519-sha256@libssh.org)



  • Hi Guys,

    I've had a quick search on the forums but can't find anyone else having this issue and thought making a post would help other users if they are searching here/google etc.

    Basically I installed a fresh version of 2.3.1, checked for updates and updated the system. Now for some reason I am getting the following error when trying to connect via putty:

    Couldn't agree a key algorithm (available: curve25519-sha256@libssh.org)

    I don't even get to the username/password prompt. Not sure if this is an issue my side but SSH worked fine before. Does anyone know how to fix it?




  • update putty



  • @AndrewZ:

    update putty

    Thank you that worked!


  • Rebel Alliance Developer Netgate

    FYI- We disabled some older, weaker, ssh key exchange algorithms. It won't be uncommon to find some older programs that use ssh directly or via things like libssh, that will need to be updated.


  • Rebel Alliance Global Moderator

    yeah the issue I am having is with securecrt, you would think they would enabled chacha20 but not yet.. they just recently added ed25519..

    But the dev version of putty has had both for quite some time.



  • Works for me 2!

    Thanks…


  • Rebel Alliance Developer Netgate

    FYI- I added details about the SSH daemon changes here: https://doc.pfsense.org/index.php/2.3.2_New_Features_and_Changes#SSH_Daemon



  • Same problem here, the latest version of WS_FTP doesn't supports pfSense SSH anymore. I asked support to IPSwitch (the makers of WS_FTP).



  • I just bumped into this earlier today too.  My putty was from 2013 and an update fixed it no problem.  Then I come here and someone else has the same issue.


  • Rebel Alliance Global Moderator

    It really is sad the old stuff some of these major applications are using. The one that really ticks me off is freaking cisco!!  Even to their security devices they do not support the current best practice for kex and ciphers..

    I think players like pfsense and even stuff like filezilla not connecting to antiquated stuff will hope to push the major players to get with the times.


  • Rebel Alliance Developer Netgate

    I hope so. I nudged Vandyke about getting the stronger kex/mac/ciphers we have in their list. It connects fine if you have a current version of SecureCRT but there is room for improvement. It is still missing chacha20-poly1305, AES256-GCM, and curve25519-sha256


  • Rebel Alliance Global Moderator

    Yeah I did the same thing with vandyke, they added ed25519 I believe in 8.01 or 02 but yeah still missing for sure chacha20

    Maybe .03 is out??  Off to check..  You would think such a company who's bread and butter is ssh client and server even would be up to speed..


  • Rebel Alliance Developer Netgate

    I need to test it some more but I also had an issue with keyboard-interactive on the latest SecureCRT against pfSense 2.3.2 that I need to e-mail them about. Key auth works, and plain password (ew), but not keyboard-interactive.



  • FYI

    https://lists.freebsd.org/pipermail/freebsd-announce/2016-August/001737.html

    FreeBSD 11 is dropping support for OpenSSH DSA keys.


  • Rebel Alliance Global Moderator

    ^ nice info Harvy66, I would of prob not have noticed that info I don't subscribe to that list - prob should ;)  Nice to hear though.. I would assume pfsense will follow suite, maybe beat them to the punch ;)


  • Rebel Alliance Developer Netgate

    We stopped generating them some time ago, and on 2.3.2 they are not used even if present.



  • Putty 0.67 compiled on Debian Jessie 8.4 x64, will work on all Debian based variants, ie: Ubuntu, etc.
    For Windows just download from Putty's website.

    Will solve the issue "SSH: Couldn't agree a key algorithm (available: curve25519-sha256@libssh.org)"

    http://www.legionit.net/downloads/putty_0.67-1_amd64.deb.tar.gz

    Will compile FileZilla if any one needs it?

    ![Putty to pFsense - Couldnt agree on Key Exchange Algorith.png](/public/imported_attachments/1/Putty to pFsense - Couldnt agree on Key Exchange Algorith.png)
    ![Putty to pFsense - Couldnt agree on Key Exchange Algorith.png_thumb](/public/imported_attachments/1/Putty to pFsense - Couldnt agree on Key Exchange Algorith.png_thumb)


  • Rebel Alliance Developer Netgate

    When it comes to security packages such as ssh clients, please only download them from official sources, check the hashes and signatures if possible. Don't download builds from random sources.



  • Not having to compile in the first place would have been nice, however not offered on Putty's site and Git Hub is 0.63

    However the Admin: jimp is right

    MD5:  be9fabbd1fd58e2b5dc4ff022400eadf

    SHA1: b8e4b18743ed294d08220bbbb0b48105f0734850

    SHA256: ec4092dc30c86679013e9e86ce949653a283e1000ab488bb40523b968970a850



  • No matter which version of putty I used it didn't work for my, strangely the same versions of putty work on my other pfsense box.  I don't understand why? I tired clearing out he reg files but still no go, what DID work for me was using BITVISE ssh client. this worked without issues.


  • Rebel Alliance Developer Netgate

    I have yet to see a case where updating PuTTY didn't work. Perhaps you are still running an old putty somehow (wrong shortcut/link, for example).



  • @johnpoz:

    yeah the issue I am having is with securecrt, you would think they would enabled chacha20 but not yet.. they just recently added ed25519..

    But the dev version of putty has had both for quite some time.

    That product director has driven me up the wall, her name maureen I think.

    About a year or so ago I requested what I consider easy to adopt changes.

    Support for chacha20
    Support for gcm ciphers

    To this day still no support.

    Yet they have managed to do updates that affect the GUI design and some other stuff.

    Seems their priority is making the program look pretty but not security enhancements.

    https://forums.vandyke.com/showthread.php?t=12209
    https://www.vandyke.com/products/securecrt/history.txt
    https://s2-forums.vandyke.com/showthread.php?p=46666

    very frustrating.


  • Rebel Alliance Global Moderator

    Yeah your right her name is Maureen from the thread.. Her last excuse

    We have a fairly small develpment team and it can be a challenge to balance implementing new features, fixing bugs, and making sure our applications run on the latest version of the supported platforms.

    My answer to that was putty has 1 guy coding ;)  And it has had support pretty much since its been available ;)

    I told her their product is dead to me.. Its completely useless if its not going to support modern ciphers and algo's.. The closest they have come is back in Jan of 2016 they added ECDSA and Ed25519 keys


  • Banned

    For putty, really use the daily builds ONLY. ECDSA and Ed25519 is there as well. The stable release is not usable.


  • Rebel Alliance Global Moderator

    Yeah I use the dev bulds.. But as of late I just use kitty which is a fork of putty that supports everything as of a few updates back.  Or I just use the windows build of openssh.. This is really the easiest way to know for sure your going to have full support of all the ciphers and algo's that openssh is using.

    https://www.mls-software.com/opensshd.html


  • Rebel Alliance Developer Netgate

    Good news, ChaCha20 is coming to SecureCRT

    You previously requested support for the ChaCha20-Poly1305 cipher for SSH2
    sessions.  This has been implemented in a pre-beta version of SecureCRT and SecureFX.

    If you would be interested in trying it, please let me know which product(s) and
    platform(s) you need.

    Products:

    SecureCRT
    SecureCRT and SecureFX

    Platforms:

    Windows (64-bit)
    Windows (32-bit)
    Mac OS X (10.11 and later)
    Linux (Ubuntu 16.x, 64-bit)
    Linux (Ubuntu 16.x, 32-bit)
    Linux (Ubuntu 14.x and 15.x, 64-bit)
    Linux (Ubuntu 14.x and 15.x, 32-bit)
    Linux (RHEL 7.0)


  • Rebel Alliance Global Moderator

    Yeah I just emailed her, says on my thread to contact her for access to the prebeta ;)



  • yeah she emailed me about it some days back, no GCM still but at least CHACHA is something.


  • Rebel Alliance Global Moderator

    So got the new secure beta.. And finally

    [LOCAL] : Available Remote Send Ciphers = chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
    [LOCAL] : Selected Send Cipher = chacha20-poly1305@openssh.com
    [LOCAL] : Available Remote Recv Ciphers = chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
    [LOCAL] : Selected Recv Cipher = chacha20-poly1305@openssh.com

    Now they just need to add GCM ;)



  • @jimp:

    FYI- We disabled some older, weaker, ssh key exchange algorithms. It won't be uncommon to find some older programs that use ssh directly or via things like libssh, that will need to be updated.

    How do you reenable them?


  • Rebel Alliance Global Moderator

    Why would you need to re-enable them.. They have been disabled for a reason, ie not secure.. Update your client is the correct fix here..



  • @johnpoz:

    Why would you need to re-enable them.. They have been disabled for a reason, ie not secure.. Update your client is the correct fix here..

    Thats awesome.

    How do you reenable them?

    (For the record, yes, I am fully aware that many companies in 2016-2017, made SHA1 deprecated)



  • You re-enable them by rolling your own custom version of pfSense where you enable them in the openssh configuration. Oh and forget any official support if you follow that route.



  • @kpa:

    You re-enable them by rolling your own custom version of pfSense where you enable them in the openssh configuration. Oh and forget any official support if you follow that route.

    No.

    From the posts in this thread, they were disabled not removed (ala PPTP). They should be able to be enabled (under your own responsability)

    The issue for example is that PPTP was warned several months in advance that it was going to get removed. Maybe I missed it for SHA1 but…

    The point is that this thread only talks about it is disabled, not removed so...


  • Rebel Alliance Global Moderator

    "How do you reenable them?"

    You edit your sshd_conf to use the what you want.. But again I am going to stress they were disabled for a REASON!!!

    
    [2.4.0-BETA][root@pfsense.local.lan]/etc/ssh: cat sshd_config 
    # This file is automatically generated at startup
    KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
    Port 22
    Protocol 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_ed25519_key
    Compression yes
    ClientAliveInterval 30
    PermitRootLogin yes
    # Login via Key only
    ChallengeResponseAuthentication no
    PasswordAuthentication no
    PubkeyAuthentication yes
    UsePAM no
    UseDNS no
    LoginGraceTime 30s
    VersionAddendum none
    X11Forwarding no
    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
    # override default of no subsystems
    Subsystem       sftp    /usr/libexec/sftp-server
    
    

    Notice the part that says this file created at startup.. So you would have to edit sshd script that does the creation.  Or you could use the sshd_extra file pretty sure..

    I can not stress this enough - do not lower the security of your sshd, up the security of the client your using to access it.  Putty is FREE it works just fine, they have a securecrt client closed beta you can get that supports the chacha stuff.  You can use just the mls windows version of openssh, which is what I use all the time.. also FREE

    You should never lower your security to "make something work"…  This is just bad security 101..

    What I did notice from this thread since I connected in with ssh -v into pfsense is they are behind on their ssh.. they are running 7.2 while 7.5 is current.

    debug1: Local version string SSH-2.0-OpenSSH_7.5
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2
    debug1: match: OpenSSH_7.2 pat OpenSSH* compat 0x04000000



  • @johnpoz:

    "How do you reenable them?"

    You edit your sshd_conf to use the what you want.. But again I am going to stress they were disabled for a REASON!!!

    
    [2.4.0-BETA][root@pfsense.local.lan]/etc/ssh: cat sshd_config 
    # This file is automatically generated at startup
    KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
    Port 22
    Protocol 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_ed25519_key
    Compression yes
    ClientAliveInterval 30
    PermitRootLogin yes
    # Login via Key only
    ChallengeResponseAuthentication no
    PasswordAuthentication no
    PubkeyAuthentication yes
    UsePAM no
    UseDNS no
    LoginGraceTime 30s
    VersionAddendum none
    X11Forwarding no
    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
    # override default of no subsystems
    Subsystem       sftp    /usr/libexec/sftp-server
    
    

    Notice the part that says this file created at startup.. So you would have to edit sshd script that does the creation.  Or you could use the sshd_extra file pretty sure..

    I can not stress this enough - do not lower the security of your sshd, up the security of the client your using to access it.  Putty is FREE it works just fine, they have a securecrt client closed beta you can get that supports the chacha stuff.  You can use just the mls windows version of openssh, which is what I use all the time.. also FREE

    You should never lower your security to "make something work"…  This is just bad security 101..

    What I did notice from this thread since I connected in with ssh -v into pfsense is they are behind on their ssh.. they are running 7.2 while 7.5 is current.

    debug1: Local version string SSH-2.0-OpenSSH_7.5
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2
    debug1: match: OpenSSH_7.2 pat OpenSSH* compat 0x04000000

    Quoted in case of removal.



  • @johnpoz:

    I can not stress this enough - do not lower the security of your sshd, up the security of the client your using to access it.  Putty is FREE it works just fine, they have a securecrt client closed beta you can get that supports the chacha stuff.  You can use just the mls windows version of openssh, which is what I use all the time.. also FREE

    You should never lower your security to "make something work"…  This is just bad security 101..

    Even though this is not my case why I asked how to enable it again and while I agree with you, you cannot have 1000 clients waiting to be updated and/or people that use older clients where there isnt development anymore, suddenly stop working. You need a solution now. That quickest solution (as much as a bandaid it is) is to enable the older standard (which is really irrelevent when the servers are internal non public facing and/or you have monitoring on your systems)

    When you make sure that all clients are updated and compatible, THEN and ONLY then, can it be re disabled and use the newer and safer standard.


  • Rebel Alliance Developer Netgate

    You re-enable them the same way you revert any change you don't want. Find the commits that made the change and revert them or manually change them back the way they were.

    None of that banter belongs in this thread. Locking.


Locked