diffie-hellman group exchange sha256 support (wodSSH / wodSSH.NET)
Hi,
does wodSSH.NET library support connecting via SSH using Diffie Hellman group exchange with SHA-256? If so, starting at which version? If not, are there any plans to do so?
Regards,
Alek
diffie-hellman group exchange sha256 support
Hi Alek.
wodSSH.NET currently does not support it. We add algorithms on request, so we can try to add it wodSSH.NET as well.
Give us a week please and I'll get back to you.
Regards,
Jasmine.
diffie-hellman group exchange sha256 support
Hello Jasmine,
that's great, I'm looking forward to your response.
I'd also like to inquire about adding ecdh-sha2-nistp521 support (it seems not to be supported yet as well) - should I create a separate message for that?
Regards,
Alek
diffie-hellman group exchange sha256 support
Hi Alek.
We did some changes. Can you please request update and try it out now, SHA256 should have been supported now.
Official update soon.
Jasmine.
diffie-hellman group exchange sha256 support
Hey Jasmine,
thanks - how would I request an update? The installer seems to be exactly the same as before.
Regards,
Alek
diffie-hellman group exchange sha256 support
Alek,
if you're licensed user, go to
http://www.weonlydo.com/index.asp?update=1
and request it from there.
If you're using a DEMO, then just re-download from our website and try it out.
Installer looks the same, only minor version number is changed until we double-check all is ok.
Jasmine.
diffie-hellman group exchange sha256 support
Jasmine,
I see. Could you please also include handling for this other algorithm I asked for? I did not mention it initially, but support for both would be excellent.
It's ecdh-sha2-nistp521, I mentioned it here: http://www.weonlydo.com/forums/index.php?id=10469
Thanks,
Alek
diffie-hellman group exchange sha256 support
Alek,
unfortunately I cannot promise that one. Internal support in .NET for those algorithms does exist, but does not allow us to extract enough information to be used by SSH protocol.
We did consider adding 3rd party libraries only for this purpose, but we postponed that until we decide what to do.
But at this time, answer would be 'no' unfortunately.
Jasmine.
diffie-hellman group exchange sha256 support
We have been using the .NET SFTP.NET client for over 10 years. However, we are having trouble connecting to a new client's server that seems to be using diffie-hellman group exchange sha256:
Exception: (Buffer error: start>end)
RemoteIdentification: SSH-2.0-OpenSSH_4.7
SFTP.NET version: still fails with latest 3.4.9.128
We are able to connect using Core FTP app with this handshake:
SH-2.0-OpenSSH_4.7
diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
diffie-hellman-group1-sha1
client -> aes128
server -> aes128
f1:a6:6e:3c:75:97:6e:0b:bc:f3:a8:98:66:0a:a8:95
ssh-rsa
Sending password
PWD
diffie-hellman group exchange sha256 support
Hi David.
Any chance we can try to connect there? If so, can you send us details (at least IP) to techsupport so we can try it out?
Thanks,
Jasmine.
diffie-hellman group exchange sha256 support
David,
one more thing, I just noticed. This thread is about changes in wodSSH.NET, not wodSFTP.NET. wodSFTP.NET is not yet updated, but will be in next 2-3 days.
Jasmine.
diffie-hellman group exchange sha256 support
Hi David.
I believe we have updated wodSFTP.NET as well to support your server. Can you request update and try it out?
Jasmine.
diffie-hellman group exchange sha256 support
Hi Jasmine,
thank you very much for the provided update (2.6.4.160). It seems that the FIPS version (2.6.3.158) was not updated though. Can I ask you to provide an updated FIPS version as well?
Thanks!
Regards,
Alek
diffie-hellman group exchange sha256 support
Hi Alek.
Yes you're right. Updated, please try now.
Jasmine.
diffie-hellman group exchange sha256 support
Hi Jasmine,
we have applied the 2.6.4.160 version of SSH.NET in our software. Unfortunately, we have met an issue with loading this library: WeOnlyDo.Security.Cryptography.KeyManager.dll. The older version of this library (from 2.5.0.130) is working fine. We are able the new version of the library by adding useLegacyV2RuntimeActivationPolicy="true" to App.config, but we would like to avoid it.
Our program is compiled against .NET Framework 4.5.
Code to reproduce:
using System;
using WeOnlyDo.Security.Cryptography;
namespace WeOnlyDoKeyManagmentTest
{
class Program
{
// Program does not work,
// it can be fixed by adding useLegacyV2RuntimeActivationPolicy="true" to App.config (ref. http://stackoverflow.com/questions/1604663/what-does-uselegacyv2runtimeactivationpolicy-do-in-the-net-4-config)
// ex: System.IO.FileLoadException
// message: Mixed mode assembly is built against version 'v2.0.50727' of the runtime and cannot be loaded in the 4.0 runtime without additional configuration information.
static void Main()
{
const string key = @"-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
";
var decrypted = DecryptCertificateFile(key, String.Empty, "RSA");
Console.WriteLine(decrypted);
}
public static string DecryptCertificateFile(string content, string password, string keyType)
{
SSHKeyTypes sshKeyType;
switch (keyType.ToLowerInvariant())
{
case "rsa":
sshKeyType = SSHKeyTypes.RSAKey;
break;
case "dsa":
sshKeyType = SSHKeyTypes.DSAKey;
break;
default:
throw new ArgumentOutOfRangeException(nameof(keyType));
}
try
{
var manager = new KeyManager();
manager.Load(content, password);
return Convert.ToBase64String(manager.PrivateKey(sshKeyType));
}
catch (Exception exception)
{
throw new Exception("Can't load private key.", exception);
}
}
}
}
Could you please provide working version? The best option is to compile you library against .net 4.5 (please remember for FIPS version).
Regards,
Piotr
diffie-hellman group exchange sha256 support
Hi Piotr.
wodSSH.NET and wodKeyManager.NET are not related. One is addon for another, but it's 2 separate components.
wodKeyManager is C++ code, and it's not that easy to compile it with newer visual studios.
We do have it for NET 4.0, I'm not sure if it will work directly with 4.5, but I think it will. Please send email to techsupport - at - weonlydo.com so we can send it to you there.
Jasmine.
diffie-hellman group exchange sha256 support
After upgrade of the library, the connection to the ssh server doesn't work anymore.
I will create an example and sent it via email to support for investigation.