Comments (9)
netdiver
commented on September 26, 2024
1
By accident I today found the github repo of net-ssh
https://github.com/net-ssh/net-ssh
and found out that the KEX algorithm curve25519-sha256 can be supported only adding another ruby gem to the package:
https://github.com/net-ssh/net-ssh?tab=readme-ov-file#key-exchange
Key Exchange
| Name | Support | Details |
|---|---|---|
| curve25519-sha256 | OK | Require the gem x25519 |
As I'm not a Ruby developer I am just asking to add this gem to the Oxidized package and to the Oxidized Docker image. Or I can contribute to this if someone gives some directions.
Thanks in advance!
from oxidized.
benasse
commented on September 26, 2024
1
Is it known any workaround for this ?
I just got it working by installing the dependency x25519 with : gem install x25519
from oxidized.
EvilGrinUK
commented on September 26, 2024
I've had a fiddle with this myself. I've forked the repo, added the dependency on x25519 and reinstalled oxidized from my forked repo.
I've changed the oxidized config so that I have the ssh kex mapped and then in my router.db I have specified the KEX to be curve25519-sha256 for the WatchGuard I have here.
Unfortunately it still doesn't connect correctly. Either I have done something wrong or there is more needed to support this properly.
from oxidized.
netdiver
commented on September 26, 2024
Thank you for trying it out.
So that's not the solution to this problem...
Could it be that [email protected] is not the same as curve25519-sha256 ???
Or better, the different naming is not supported by Net::SSH ???
It seems that the name of the algorithm was initially [email protected] and then has been changed in curve25519-sha256. It is possible that Net::SSH does not support the old name.
from oxidized.
netdiver
commented on September 26, 2024
@EvilGrinUK can you look in the log if the curve25519-sha256 (without @libssh.org) is offered to the server after your modifications? In particular in the line that begins with "Client kex preferences:"
from oxidized.
netdiver
commented on September 26, 2024
Maybe I'm wrong.
Here the gem:
https://github.com/net-ssh/net-ssh/blob/f54a2270dba3974081663b9780b493ed8d332a07/lib/net/ssh/transport/kex.rb#L28
seems to offer the same algorithm for both names.
and the last commit is from three years ago, so it has to be working!
from oxidized.
buzzzo
commented on September 26, 2024
Hi
Is it known any workaround for this ?
from oxidized.
volkermauel
commented on September 26, 2024
W, [2024-07-08T09:20:28.206712 #30] WARN -- : 10.x.y.z raised Net::SSH::Exception (rescued RuntimeError) with msg "could not settle on kex algorithm
Server kex preferences: [email protected]
Client kex preferences: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1"
Running into the same problem
from oxidized.
netdiver
commented on September 26, 2024
Good to know the solution was found.
Thanks @benasse !
Can't wait for the PR to be merged!
from oxidized.
Related Issues (20)
- Oxidized is in a loop with a device? HOT 1
- Can't have http as both input and source HOT 1
- Vyatta/VyOS will fail prompt detection on Vyatta 1.5+ rolling
- Lost Aruba switches after update HOT 2
- Model Type in backup file HOT 3
- bad file type for MLNXOS HOT 3
- OXIDIZED_HOME being ignored HOT 1
- Versions directory HOT 1
- Extreme Switch/xos.rb not matching configured prompt
- Git versioning isn't working HOT 2
- Coding style for regexps in oxidized HOT 3
- ssh custom parameters HOT 2
- I would like to see an explanation of the router.db settings in the document HOT 3
- I would like to see an explanation of each setting item in the oxidized config in the document. HOT 3
- the git generated by oxidized gets passively larger the more time passes HOT 2
- TP-Link JetStream enable is not being sent HOT 1
- Cisco Switches configs not fully backedup HOT 1
- Output Git - how its working? HOT 1
- Not able to configure Cisco switch SG350-28P 28-Port Gigabit PoE Managed Switch
- Type error when pulling config from Cisco switch: "wrong argument type nil (expected String) (TypeError)"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oxidized.