Comments (2)
First, with a server identification string of SSH-2.0-OpenSSH_6.9 implementing a workaround specifically for Juniper switches is going to hard. It might still be possible to implement a workaround (eg. what I did for https://bugzilla.mindrot.org/show_bug.cgi?id=1291 was to make it so that if one of the problem algorithms is being used when a packet isn't able to be correctly decrypted that it tries to reconnect without the problem algorithms [see the bad_algorithm_candidate
method in SSH2.php) but to decide if that'd be appropriate approach I'd need more info - the SSH logs and what the specific algorithm that's failing is.
Your post shows a cipher suite but it's unclear if that cipher suite is for a successful connection or a failing one. But like does it fail if client_to_server/crypt is a specific algorithm? Does every algorithm need to be a specific algorithm for it to fail? idk
If you were to share with me the IP address of the machine (I wouldn't need an account on that machine) to brute force different cipher suites I could do that myself. If you are able to do this you can email the info to [email protected].
SSH logs would also help. There are two main ways to get SSH log:
Ephemeral Logging
You can get the SSH logs by creating a new temporary SSH instance with sudo /usr/sbin/sshd -ddd -p2222
. Connect on port 2222 with the same credential that you normally do and then after the connection resolves itself that command will terminate.
Persistent Logging
idk if you can edit the /etc/ssh/sshd_config
file but if you could then adding the following to it would enable you to get the logs:
LogLevel Debug3
Once you do that you'll need to restart SSH (systemctl restart sshd
).
As https://serverfault.com/a/1130653 discusses, logs are stored by default to the AUTH SyslogFacility, eg. /var/log/auth.log. You can, however, change that by adding this to your sshd_config, as well:
SyslogFacility LOCAL0
You'd then want to modify /etc/rsyslog.conf
and add this:
local0.* /var/log/sshd.log
You'd then need to restart rsyslog (systemctl restart rsyslog
)
from phpseclib.
Sorry for the very delayed response.
Sadly I won't be able to give you access to the server.
I appreciate you looking into this, but considering how much of an edge case this is, I think the workarounds are sufficient:
- Upgrade the switch to the most recent security patch
- Use
setPreferredAlgorithms
from my initial post
I'll be closing this off, maybe this helps someone somewhen!
from phpseclib.
Related Issues (20)
- Notice: Trying to access array offset on value of type bool in /src/vendor/phpseclib/phpseclib/phpseclib/Net/SFTP.php on line 2132 HOT 1
- a HOT 1
- Server Terminates Connection HOT 8
- add ssh3 support for faster connection HOT 1
- Using OpenSSH private key results in openssl_sign() - supplied key param cannot be coerced into a private key HOT 4
- `SFTP::put()` fails silently with no provided error information if path does not exist HOT 5
- ElGamal ECC encryption HOT 1
- Parse error: syntax error, unexpected 'const' (T_CONST), expecting variable (T_VARIABLE) HOT 5
- Issue with isConnected/isAuthenticated after remote terminal restart HOT 5
- openssl_x509_check_private_key always return cert and privatekey mismatch HOT 2
- SSH2 exec crashes while returning data & "Please close the channel (1) before trying to open it again" HOT 9
- Semantic versioning? HOT 13
- Add setPaddable func at the SymmetricKey class? HOT 2
- 2.0.47 is a breaking change | `AES::setKey` interface changed HOT 1
- SSH2: Decryption Failures During Read HOT 8
- Load ASN.1 private key to generate an RSA signature HOT 7
- Slow load of a password protected key HOT 7
- Calling verifyPoint on EC curves throws TypeError HOT 6
- Error reading channel data (7) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from phpseclib.