Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net-ssh fails under version 3.0.0 of the library when trying to connect to a server using an rsa host key #489

Open
skaes opened this issue Jan 5, 2022 · 2 comments
Open

net-ssh fails under version 3.0.0 of the library when trying to connect to a server using an rsa host key #489

skaes opened this issue Jan 5, 2022 · 2 comments

Comments

@skaes
Copy link
Contributor

skaes commented Jan 5, 2022

If I understand it correctly, version 3.0.0, when compiled against an openssl 1.1 library is supposed to work as before,

Unfortunately it can not connect to host that use an RSA host key:

. /net-ssh-test some-host-using-an-rsa-host-key
D, [2022-01-04T10:39:43.730661 #62362] DEBUG -- net.ssh.transport.session[53c]: establishing connection to some-host-using-an-rsa-host-key
D, [2022-01-04T10:39:43.784954 #62362] DEBUG -- net.ssh.transport.session[53c]: connection established
I, [2022-01-04T10:39:43.785162 #62362]  INFO -- net.ssh.transport.server_version[550]: negotiating protocol version
D, [2022-01-04T10:39:43.785239 #62362] DEBUG -- net.ssh.transport.server_version[550]: local is `SSH-2.0-Ruby/Net::SSH_6.1.0 x86_64-darwin21'
D, [2022-01-04T10:39:43.816831 #62362] DEBUG -- net.ssh.transport.server_version[550]: remote is `SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3'
I, [2022-01-04T10:39:43.832333 #62362]  INFO -- net.ssh.transport.algorithms[564]: sending KEXINIT
D, [2022-01-04T10:39:43.832609 #62362] DEBUG -- socket[578]: queueing packet nr 0 type 20 len 748
D, [2022-01-04T10:39:43.832688 #62362] DEBUG -- socket[578]: sent 752 bytes
D, [2022-01-04T10:39:43.837431 #62362] DEBUG -- socket[578]: read 400 bytes
D, [2022-01-04T10:39:43.837495 #62362] DEBUG -- socket[578]: received packet nr 0 type 20 len 396
I, [2022-01-04T10:39:43.837541 #62362]  INFO -- net.ssh.transport.algorithms[564]: got KEXINIT from server
I, [2022-01-04T10:39:43.837599 #62362]  INFO -- net.ssh.transport.algorithms[564]: negotiating algorithms
D, [2022-01-04T10:39:43.837673 #62362] DEBUG -- net.ssh.transport.algorithms[564]: negotiated:
* kex: diffie-hellman-group-exchange-sha256
* host_key: ssh-rsa
* encryption_server: aes256-ctr
* encryption_client: aes256-ctr
* hmac_client: hmac-sha2-512
* hmac_server: hmac-sha2-512
* compression_client: none
* compression_server: none
* language_client: 
* language_server: 
D, [2022-01-04T10:39:43.837700 #62362] DEBUG -- net.ssh.transport.algorithms[564]: exchanging keys
D, [2022-01-04T10:39:43.837792 #62362] DEBUG -- socket[578]: queueing packet nr 1 type 34 len 20
D, [2022-01-04T10:39:43.837829 #62362] DEBUG -- socket[578]: sent 24 bytes
D, [2022-01-04T10:39:43.885406 #62362] DEBUG -- socket[578]: read 280 bytes
D, [2022-01-04T10:39:43.885566 #62362] DEBUG -- socket[578]: received packet nr 1 type 31 len 276
D, [2022-01-04T10:39:43.892059 #62362] DEBUG -- socket[578]: queueing packet nr 2 type 32 len 268
D, [2022-01-04T10:39:43.892124 #62362] DEBUG -- socket[578]: sent 272 bytes
D, [2022-01-04T10:39:43.921702 #62362] DEBUG -- socket[578]: read 1104 bytes
D, [2022-01-04T10:39:43.921972 #62362] DEBUG -- socket[578]: received packet nr 2 type 33 len 1084
/Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/kex/abstract.rb:101:in `verify_signature': could not verify server signature (Net::SSH::Exception)
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/kex/abstract.rb:50:in `exchange_keys'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/algorithms.rb:445:in `exchange_keys'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/algorithms.rb:245:in `proceed!'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/algorithms.rb:184:in `accept_kexinit'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:210:in `block in poll_message'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:190:in `loop'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:190:in `poll_message'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:225:in `block in wait'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:223:in `loop'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:223:in `wait'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh/transport/session.rb:90:in `initialize'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh.rb:251:in `new'
        from /Users/stefan.kaes/.rvm/gems/ruby-3.1.0/gems/net-ssh-6.1.0/lib/net/ssh.rb:251:in `start'
        from ./net-ssh-test:10:in `<main>'
from ./net-ssh-test:10:in `<main>'

Here's the test script:

Net::SSH.start(ARGV[0], nil, :verbose => :debug) do |ssh|
  puts ssh.exec!("pwd")
end

Running the same command using version 2.2.1 of the gem works fine.
@tycooon
Copy link

tycooon commented Jan 12, 2022
edited
Loading

Have the same problem but with Ed25519 key: Ed25519::VerifyError: signature verification failed!. Using openssl 2.2.1 fixes the issue as well.

@quantson quantson mentioned this issue Jan 26, 2022
Closed
@zedalaye
Copy link

You just have to add the gem x25519 to your Gemfile as explained here : https://github.com/net-ssh/net-ssh#key-exchange

ragesoss added a commit to WikiEducationFoundation/WikiEduDashboard that referenced this issue Dec 5, 2022
@ragesoss
Try to fix the build
7fa4d01 
OpenSSL 3 is giving us problems with the GithHub build. According to the latest post in the open issue thread, adding the x25519 gem might let us work around it: ruby/openssl#489 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zedalaye @skaes @tycooon