I guess my question is “what is the crypto backend that will give my client the best chance of being able to connect to any unknown SFTP server”. Finding my way here, I initially built with WinCNG since my application also supports Schannel TLS connections using windows cryptography so I figured I already had the library loaded. And most people should be able to connect to Windows stuff. So much for that.
Browsing various documents I get the impression that mbedtls would be a good choice, but I want to be in the “mainstream” of libssh2 users.
It would be nice to have a “for the beginner.doc” but that’s one of the hardest things on any software package – documentation that doesn’t assume you know much about it.
William Shipley
From: Daniel Jeliński
Sent: Tuesday, March 26, 2019 1:09 AM
To: libssh2 development
Subject: Re: LIBSSH2_ERROR_KEX_FAILURE
Hi,
All ciphers provided by your client are insecure: RC4 is insecure, CBC mode of operation is insecure, client does not provide anything else.
GCM is not supported by libssh2. CTR is not supported by wincng, though I think I saw some code to emulate it on top of ECB, wonder why it didn't work for you. I can't comment on chacha, but it may also be unimplemented in libssh2.
Regards,
Daniel
wt., 26 mar 2019 o 00:34 William Shipley <william_at_schuylerhouse.com> napisał(a):
I've built libssh2 with wincng and have been testing with the CrushFTP
server. All has been working smoothly. In trying to install my software at a
client site, they are attempting to use AWS SFTP service. When performing
the libssh2_session_handshake I am failing with a KEX error.
A log from the server indicates:
Mar 25 13:58:14 pathlabsrv sshd[4988]: fatal: no matching cipher found:
client
aes256-cbc,rijndael-cbc_at_lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm_at_openssh.com,aes256-gcm_at_openssh.com,chacha20-poly1305_at_openssh.com
[preauth]
And, indeed, we do not have a matching cipher. I would have expected Windows
cryptography to be generally 'vanilla' and I would have expected Amazon to
support pretty much anything. From my limited experience they seem to have
used Open SSH.
Has anyone encountered this? Can anyone give me guidance?
Wm
-----Original Message-----
From: Daniel Stenberg
Sent: Monday, March 25, 2019 12:37 PM
To: libssh2 development
Subject: RELEASE: libssh2 1.8.2
Hi!
I'm happy to announce a small update to the previous release as we managed
to
get a little hiccup included. Here's 1.8.2!
Get it from https://www.libssh2.org/ as always!
libssh2 1.8.2
This release includes the following bugfixes:
o Fixed the misapplied userauth patch that broke 1.8.1
o moved the MAX size declarations from the public header
This release would not have looked like this without help, code, reports and
advice from friends like these:
Will Cosgrove
(1 contributors)
--
/ daniel.haxx.se
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
--------------------------------------------------------------------------------
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2019-03-29