Issue with TScSSHClient HostKeyAlgorithms ssh-ed25519 in SecureBridge version 9.3.1

Discussion of open issues, suggestions and bugs regarding network security and data protection solution - SecureBridge
Post Reply
ajoschi
Posts: 15
Joined: Thu 14 Oct 2010 11:46

Issue with TScSSHClient HostKeyAlgorithms ssh-ed25519 in SecureBridge version 9.3.1

Post by ajoschi » Tue 02 Feb 2021 13:17

Hi,

We are using Secure Bridge v9.3.1.
In our code we use TScSSHClient with HostKeyAlgorithms configured to also support ecdsa-ssh-ed25519:

This is how we configured in our code:

Code: Select all

lScSSHClient.HostKeyAlgorithms.AsString := 'ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519';
However, we have one test system with SSH server configured to accept only ed25519 as host key algorithm and we get an error with this message:
'The negotiation of host key algorithm is failed (rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 <-> ssh-ed25519)'
Is there something wrong in our code (in the way we configure the HostKeyAlgorithms) or is this a known issue?

Any help would be highly appreciated!

Thx, Ajoschi

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: Issue with TScSSHClient HostKeyAlgorithms ssh-ed25519 in SecureBridge version 9.3.1

Post by ViktorV » Wed 03 Feb 2021 13:46

Unfortunately, we could not reproduce the issue.
In order for us to be able to give you a detailed answer, please compose a small sample demonstrating the described behavior with permanent test access and send it to us using contact form https://devart.com/company/contactform.html

ajoschi
Posts: 15
Joined: Thu 14 Oct 2010 11:46

Re: Issue with TScSSHClient HostKeyAlgorithms ssh-ed25519 in SecureBridge version 9.3.1

Post by ajoschi » Wed 03 Feb 2021 15:08

Hello Viktor,

Thank you for your fast reply!

In fact I can easily reproduce this with the Demo project "SSHClient.dproj" which ships with SecureBridge.

1. Build and Start the Project..
2. Enter fields "SSH Server", "User name", and "Password"
3. Press "Connect SSH" button.
-> Error message: 'The negotiation of host key algorithm is failed (rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss <-> ssh-ed25519)'

If you could tell me how what to do (how to modify) the "SSHClient.dproj" sample so that this should work, I'm pretty sure I will find a solution for my code too.

Thx, Ajoschi

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: Issue with TScSSHClient HostKeyAlgorithms ssh-ed25519 in SecureBridge version 9.3.1

Post by ViktorV » Fri 05 Feb 2021 12:29

The issue might be related to your specific SSH server, so we asked for test access.
Therefore, as we already wrote in order for us to be able to give you a detailed answer, please compose a small sample demonstrating the described behavior with permanent test access and send it to us using contact form https://devart.com/company/ contactform.html

ajoschi
Posts: 15
Joined: Thu 14 Oct 2010 11:46

Re: Issue with TScSSHClient HostKeyAlgorithms ssh-ed25519 in SecureBridge version 9.3.1

Post by ajoschi » Mon 08 Feb 2021 12:39

Hello Viktor,

Because of security reasons we cannot give you direct access to this test system.
However, this is a debian9 VM on HyperV.
If it would help, I could provide a snapshot of the VM.

Please let me know if this would do.

Thx,
Ajoschi

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: Issue with TScSSHClient HostKeyAlgorithms ssh-ed25519 in SecureBridge version 9.3.1

Post by ViktorV » Mon 08 Feb 2021 13:02

If the issue can be easily reproduced on this snapshot, please upload it to a file hosting service and send us the download link via https://devart.com/company/contactform.html

ajoschi
Posts: 15
Joined: Thu 14 Oct 2010 11:46

Re: Issue with TScSSHClient HostKeyAlgorithms ssh-ed25519 in SecureBridge version 9.3.1

Post by ajoschi » Tue 09 Feb 2021 15:59

Hello Viktor,

I have used the link you provide to give you access information to a server to reproduce this.

Thx,
Ajoschi

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: Issue with TScSSHClient HostKeyAlgorithms ssh-ed25519 in SecureBridge version 9.3.1

Post by ViktorV » Tue 09 Feb 2021 16:56

Thank you for the information.
We have received your example and began to explore.
We will inform you when we have any results.

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: Issue with TScSSHClient HostKeyAlgorithms ssh-ed25519 in SecureBridge version 9.3.1

Post by ViktorV » Fri 26 Mar 2021 12:57

Thank you for the information. We have reproduced and fixed the issue. This fix will be included in the next build of SecureBridge, which we're planning to release next week.

Post Reply