Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No connectivity against recent OpenSSH 8.2 #141

Open
mirabilos opened this issue Feb 27, 2020 · 14 comments
Open

No connectivity against recent OpenSSH 8.2 #141

mirabilos opened this issue Feb 27, 2020 · 14 comments

Comments

@mirabilos
Copy link

I’m trying to use vx.connectbot from F-Droid to upload files to my laptop over WLAN and see this in syslog on the laptop, running Debian unstable:

sshd[11179]: Unable to negotiate with 192.168.178.24 port 42928: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]

OpenSSH 8.2 only offers these KexAlgorithms by default:

curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256

Please implement diffie-hellman-group-exchange-sha256, should be closest to what already exists.

@DmitryBurstein
Copy link

Having the same problem on Fedora 32 with OpenSSH 8.3p1

@hyc
Copy link

hyc commented Dec 6, 2020

Use the vx-connectbot-1.7.1-41-beta.apk from the home page http://connectbot.vx.sk/

@tovine
Copy link

tovine commented Sep 26, 2021

Same thing applies to current Debian stable, this needs to be updated or this app is essentially broken in 2021

@hyc
Copy link

hyc commented Sep 27, 2021

Also the beta APK seems to only work well the first time it's run. Usually after that it hangs after the session handshake. I have to kill it and restart it multiple times for it to work after that.

The original Connectbot project works well in this respect, but the rest of its UI is horrible. Screen size/rotation changes don't work well, and so many of the useful VX menu items are of course absent. Would be nice to put their up to date SSH backend into VX Connectbot.

@bmomjian
Copy link

Debian's current stable release, Bullseye, also fails with this problem, even using Android vx-connectbot-1.7.1-41-beta.apk. I had to modify sshd_config on Debian to fix it.

@mirabilos
Copy link
Author

mirabilos commented Dec 28, 2021 via email

@bmomjian
Copy link

Sure. I found the proper fix on the Debian lists at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952687. The addition to /etc/ssh/sshd_config was:

KexAlgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1

Ubuntu had a similar fix at https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1877496 but it didn't work consistently. The line was:
KexAlgorithms +diffie-hellman-group14-sha1

@hyc
Copy link

hyc commented Dec 14, 2022

I've restructured the VXConnectbot source code so that it builds with modern Android Studio, here https://github.com/hyc/vxconnectbot

I've then modified it to use https://github.com/connectbot/sshlib which has been updated with newer encryption algorithms.

I now have a working Debug APK for myself. There's one glitch on the initial Host screen, the input box for typing in your user@hostname isn't being drawn fully. But you can put garbage in and then edit the host afterward.
I'll see if I can figure out why the display is glitched there, but the rest is working.

@bmomjian
Copy link

That is great news. I started looking for alternatives to this app after it wasn't being updated and never found something with similar features, so it would be good to get this app updated.

@hyc
Copy link

hyc commented Dec 14, 2022

Note that you'll need to uninstall your existing version before you can install the debug build. You should probably back up your settings first.

Maybe we can get @mmatuska motivated to synch up and release a new official binary.

@hyc
Copy link

hyc commented Dec 15, 2022

I've uploaded an APK that you can use as well. https://github.com/hyc/vxconnectbot/releases/tag/v1.7.1-50

@bmomjian
Copy link

bmomjian commented Aug 4, 2023

As much as I prefer xvconnectbot over connectbot, the connectbot developers have restarted development, and I need ed25519 keys, so I am going to switch back to that. The most recent connectbot commit was on June 10, 2023.

@hyc
Copy link

hyc commented Aug 4, 2023

I don't understand - the update I posted supports ed25519 keys. Did it not work for you?

@bmomjian
Copy link

bmomjian commented Aug 4, 2023

Sorry i was not clear. I have been using vx-connectbot for years as unsupported software and installing a build that even fewer people use was just too risky for a security-critical application like ssh. Sorry. I decided to move back to connectbot for that reason.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants