Question:
This one has got me stumped, it would appear starting in the latest Apple release, El Capitan, using the Chilkat SSH library to open a connection results in the a failed connection with the following errors in the /var/log/system.log on the remote apple machine:
fatal: ssh_dispatch_run_fatal: Connection to xx..xx.xx.xx: no matching cipher found [preauth]
I imagine there's a way to get a list of ciphers and try to make it work, very strange it can't just figure it out on its own.. anyone else ran into this yet?
hz
Check to see if Chilkat v9.5.0.54 (the latest release) solves the problem.
It does not, I just pulled it down and rebuilt with 9.5.0.54.
From the website it would appear the ciphers are:
By default, the component will automatically choose the first cipher supported by the server in the order listed here: "aes256-ctr", "aes128-ctr", "aes256-cbc", "aes128-cbc", "twofish256-cbc", "twofish128-cbc", "blowfish-cbc", "3des-cbc", "arcfour128", "arcfour256". (If blowfish is chosen, the encryption strength is 128 bits.)
And from the man pages for sshd_config on the Apple: aes128-ctr, aes192-ctr, aes256-ctr, aes128-gc@openssh.com,aes256-gco@openssh.com,chacha21-poly1305@openssh.com
So it would appear we'd have a match instantly...
hz
Use verbose logging (set the Chilkat object's VerboseLogging property = YES/true) and then examine the contents of the LastErrorText after the failed call to Connect.
Done, I've also attempted by forcing the cipher with no success. That DllDate has me concerned, I've double checked the linked static library, but I'll look again, I removed the license specific details.
ChilkatLog: Connect_Ssh: DllDate: Apr 20 2012 Architecture: Little Endian; 32-bit Language: Visual C++ 9.0 hostname: 192.168.1.2 port: 22 ConnectTimeoutMs_1: 30000 calling ConnectSocket2 IPV6 enabled connect with NO heartbeat. This is an IPV4 numeric address... AddrInfoList: AddrInfo: ai_flags: 4 ai_family: 2 ai_socktype: 1 ai_protocol: 0 ai_addrlen: 16 ai_canonname: (NULL) --AddrInfo --AddrInfoList Connect using IPV4. ipAddress1: 192.168.1.2 myIP_3: 192.168.1.15 myPort_3: 51219 connect successful (2) Established TCP/IP connection with SSH server clientIdentifier: SSH-2.0-PuTTY_Local:_May_14_2009_21:12:18 Sending client identifier... Done sending client identifier. Reading server version... initialDataFromSshServer: SSH-2.0-OpenSSH_6.9
serverVersion: SSH-2.0-OpenSSH_6.9
sendMessage:
msgName: KEXINIT
unpaddedLength: 452
remainder: 4
paddingLen: 4
totalSize: 456
--sendMessage
packetLen: 948
KeyExchangeAlgs:
algorithm: curve25519-sha256@libssh.org
algorithm: ecdh-sha2-nistp256
algorithm: ecdh-sha2-nistp384
algorithm: ecdh-sha2-nistp521
algorithm: diffie-hellman-group-exchange-sha256
algorithm: diffie-hellman-group14-sha1
--KeyExchangeAlgs
HostKeyAlgs:
algorithm: ssh-rsa
algorithm: ssh-dss
algorithm: ecdsa-sha2-nistp256
algorithm: ssh-ed25519
--HostKeyAlgs
EncCS:
algorithm: chacha20-poly1305@openssh.com
algorithm: aes128-ctr
algorithm: aes192-ctr
algorithm: aes256-ctr
algorithm: aes128-gcm@openssh.com
algorithm: aes256-gcm@openssh.com
--EncCS
EncSC:
algorithm: chacha20-poly1305@openssh.com
algorithm: aes128-ctr
algorithm: aes192-ctr
algorithm: aes256-ctr
algorithm: aes128-gcm@openssh.com
algorithm: aes256-gcm@openssh.com
--EncSC
MacCS:
algorithm: umac-64-etm@openssh.com
algorithm: umac-128-etm@openssh.com
algorithm: hmac-sha2-256-etm@openssh.com
algorithm: hmac-sha2-512-etm@openssh.com
algorithm: hmac-sha1-etm@openssh.com
algorithm: umac-64@openssh.com
algorithm: umac-128@openssh.com
algorithm: hmac-sha2-256
algorithm: hmac-sha2-512
algorithm: hmac-sha1
--MacCS
MacSC:
algorithm: umac-64-etm@openssh.com
algorithm: umac-128-etm@openssh.com
algorithm: hmac-sha2-256-etm@openssh.com
algorithm: hmac-sha2-512-etm@openssh.com
algorithm: hmac-sha1-etm@openssh.com
algorithm: umac-64@openssh.com
algorithm: umac-128@openssh.com
algorithm: hmac-sha2-256
algorithm: hmac-sha2-512
algorithm: hmac-sha1
--MacSC
CompCS:
algorithm: none
algorithm: zlib@openssh.com
--CompCS
CompSC:
algorithm: none
algorithm: zlib@openssh.com
--CompSC
Unable to agree upon server-to-client encryption algorithm.
Unable to agree upon client-to-server encryption algorithm.
MAC: HMAC-SHA1
MAC: HMAC-SHA1
Compression: none
Compression: none
Key Exchange: DH Group Exchange SHA256
Host Key Algorithm: DSS
numBits: 128
pbits: 1024
Using GEX Group.
Sending KEX_DH_GEX_REQUEST...
pbits: 1024
sendMessage:
msgName: KEX_DH_GEX_REQUEST
unpaddedLength: 10
remainder: 2
paddingLen: 6
totalSize: 16
--sendMessage
numBytesRequested: 8
Connection closed by connected peer.
Failed to read data on SSH connection.
Failed to read KEX_DH_GEX_REQUEST response
Failed.
--Connect_Ssh --ChilkatLog
You're using an old version of Chilkat. Notice this in the LastErrorText: "DllDate: Apr 20 2012"
Damn it! I was using the wrong libs, my mistake. It would appear this has been corrected in the latest release, I'm very sorry for the confusion.