Project

General

Profile

Actions
Copy link

Feature #27477

open

Add support for secure KEX/MAC algorithms

Added by Robert Vandewater over 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Add support for connecting to hardened hosts using the following KEX and MACs, or a combination thereof.

KexAlgorithms curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com

I believe net-ssh installed for CentOS (4.2) supports the aforementioned, but the proxy plugin is only offering:

sshd[19536]: Unable to negotiate with 1.2.3.4 port 54748: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 [preauth]
sshd[2986]: Unable to negotiate with 1.2.3.4 port 42358: no matching MAC found. Their offer:  [preauth]
Environment:
  • CentOS Linux release 7.6.1810 (Core)
  • foreman-1.22.0-1.el7
  • tfm-rubygem-foreman_remote_execution-1.8.2-1.fm1_22.el7
  • tfm-rubygem-foreman_remote_execution_core-1.2.0-1.el7
  • rubygem-smart_proxy_remote_execution_ssh-0.2.1-1.el7
  • rubygem-net-ssh-4.2.0-1.el7
  • tfm-rubygem-net-ssh-4.2.0-1.el7

No data to display

Actions
Copy link

Also available in: Atom PDF