diffie-hellman group exchange sha256 support - WeOnlyDo Discussion board

diffie-hellman group exchange sha256 support (wodSSH / wodSSH.NET)

by Alek, Thursday, February 25, 2016, 16:20 (2954 days ago)

Hi,

does wodSSH.NET library support connecting via SSH using Diffie Hellman group exchange with SHA-256? If so, starting at which version? If not, are there any plans to do so?

Regards,
Alek

diffie-hellman group exchange sha256 support

by Jasmine, Thursday, February 25, 2016, 16:30 (2954 days ago) @ Alek

Hi Alek.

wodSSH.NET currently does not support it. We add algorithms on request, so we can try to add it wodSSH.NET as well.

Give us a week please and I'll get back to you.

Regards,
Jasmine.

diffie-hellman group exchange sha256 support

by Alek, Tuesday, March 01, 2016, 09:34 (2949 days ago) @ Jasmine

Hello Jasmine,

that's great, I'm looking forward to your response.
I'd also like to inquire about adding ecdh-sha2-nistp521 support (it seems not to be supported yet as well) - should I create a separate message for that?

Regards,
Alek

diffie-hellman group exchange sha256 support

by Jasmine, Thursday, March 03, 2016, 02:44 (2947 days ago) @ Alek

Hi Alek.

We did some changes. Can you please request update and try it out now, SHA256 should have been supported now.

Official update soon.

Jasmine.

diffie-hellman group exchange sha256 support

by Alek, Friday, March 04, 2016, 11:59 (2946 days ago) @ Jasmine

Hey Jasmine,

thanks - how would I request an update? The installer seems to be exactly the same as before.

Regards,
Alek

diffie-hellman group exchange sha256 support

by Jasmine, Friday, March 04, 2016, 12:00 (2946 days ago) @ Alek

Alek,

if you're licensed user, go to

http://www.weonlydo.com/index.asp?update=1

and request it from there.

If you're using a DEMO, then just re-download from our website and try it out.

Installer looks the same, only minor version number is changed until we double-check all is ok.

Jasmine.

diffie-hellman group exchange sha256 support

by Alek, Friday, March 04, 2016, 12:29 (2946 days ago) @ Jasmine

Jasmine,

I see. Could you please also include handling for this other algorithm I asked for? I did not mention it initially, but support for both would be excellent.

It's ecdh-sha2-nistp521, I mentioned it here: http://www.weonlydo.com/forums/index.php?id=10469

Thanks,
Alek

diffie-hellman group exchange sha256 support

by Jasmine, Friday, March 04, 2016, 12:33 (2946 days ago) @ Alek

Alek,

unfortunately I cannot promise that one. Internal support in .NET for those algorithms does exist, but does not allow us to extract enough information to be used by SSH protocol.

We did consider adding 3rd party libraries only for this purpose, but we postponed that until we decide what to do.

But at this time, answer would be 'no' unfortunately.

Jasmine.

diffie-hellman group exchange sha256 support

by david, Monday, March 07, 2016, 20:55 (2943 days ago) @ Jasmine

We have been using the .NET SFTP.NET client for over 10 years. However, we are having trouble connecting to a new client's server that seems to be using diffie-hellman group exchange sha256:

Exception: (Buffer error: start>end)
RemoteIdentification: SSH-2.0-OpenSSH_4.7
SFTP.NET version: still fails with latest 3.4.9.128

We are able to connect using Core FTP app with this handshake:

SH-2.0-OpenSSH_4.7
diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
diffie-hellman-group1-sha1
client -> aes128
server -> aes128
f1:a6:6e:3c:75:97:6e:0b:bc:f3:a8:98:66:0a:a8:95
ssh-rsa
Sending password
PWD

diffie-hellman group exchange sha256 support

by Jasmine, Monday, March 07, 2016, 21:00 (2943 days ago) @ david

Hi David.

Any chance we can try to connect there? If so, can you send us details (at least IP) to techsupport so we can try it out?

Thanks,
Jasmine.

diffie-hellman group exchange sha256 support

by Jasmine, Monday, March 07, 2016, 21:13 (2943 days ago) @ Jasmine

David,

one more thing, I just noticed. This thread is about changes in wodSSH.NET, not wodSFTP.NET. wodSFTP.NET is not yet updated, but will be in next 2-3 days.

Jasmine.

diffie-hellman group exchange sha256 support

by Jasmine, Tuesday, March 08, 2016, 22:59 (2942 days ago) @ Jasmine

Hi David.

I believe we have updated wodSFTP.NET as well to support your server. Can you request update and try it out?

Jasmine.

diffie-hellman group exchange sha256 support

by Alek, Thursday, March 10, 2016, 15:38 (2940 days ago) @ Jasmine

Hi Jasmine,

thank you very much for the provided update (2.6.4.160). It seems that the FIPS version (2.6.3.158) was not updated though. Can I ask you to provide an updated FIPS version as well?

Thanks!

Regards,
Alek

diffie-hellman group exchange sha256 support

by Jasmine, Thursday, March 10, 2016, 17:13 (2940 days ago) @ Alek

Hi Alek.

Yes you're right. Updated, please try now.

Jasmine.

diffie-hellman group exchange sha256 support

by Piotr, Tuesday, March 22, 2016, 08:41 (2928 days ago) @ Jasmine

Hi Jasmine,
we have applied the 2.6.4.160 version of SSH.NET in our software. Unfortunately, we have met an issue with loading this library: WeOnlyDo.Security.Cryptography.KeyManager.dll. The older version of this library (from 2.5.0.130) is working fine. We are able the new version of the library by adding useLegacyV2RuntimeActivationPolicy="true" to App.config, but we would like to avoid it.

Our program is compiled against .NET Framework 4.5.
Code to reproduce:

using System;
using WeOnlyDo.Security.Cryptography;

namespace WeOnlyDoKeyManagmentTest
{
    class Program
    {
        // Program does not work,
        // it can be fixed by adding useLegacyV2RuntimeActivationPolicy="true" to App.config (ref. http://stackoverflow.com/questions/1604663/what-does-uselegacyv2runtimeactivationpolicy-do-in-the-net-4-config)
        // ex: System.IO.FileLoadException
        // message: Mixed mode assembly is built against version 'v2.0.50727' of the runtime and cannot be loaded in the 4.0 runtime without additional configuration information.
        static void Main()
        {
            const string key = @"-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
";
            var decrypted = DecryptCertificateFile(key, String.Empty, "RSA");

            Console.WriteLine(decrypted);
        }

        public static string DecryptCertificateFile(string content, string password, string keyType)
        {
            SSHKeyTypes sshKeyType;
            switch (keyType.ToLowerInvariant())
            {
                case "rsa":
                    sshKeyType = SSHKeyTypes.RSAKey;
                    break;
                case "dsa":
                    sshKeyType = SSHKeyTypes.DSAKey;
                    break;
                default:
                    throw new ArgumentOutOfRangeException(nameof(keyType));
            }

            try
            {
                var manager = new KeyManager();
                manager.Load(content, password);
                return Convert.ToBase64String(manager.PrivateKey(sshKeyType));
            }
            catch (Exception exception)
            {
                throw new Exception("Can't load private key.", exception);
            }
        }

    }
}

Could you please provide working version? The best option is to compile you library against .net 4.5 (please remember for FIPS version).

Regards,
Piotr

diffie-hellman group exchange sha256 support

by Jasmine, Tuesday, March 22, 2016, 11:39 (2928 days ago) @ Piotr

Hi Piotr.

wodSSH.NET and wodKeyManager.NET are not related. One is addon for another, but it's 2 separate components.

wodKeyManager is C++ code, and it's not that easy to compile it with newer visual studios.

We do have it for NET 4.0, I'm not sure if it will work directly with 4.5, but I think it will. Please send email to techsupport - at - weonlydo.com so we can send it to you there.

Jasmine.

diffie-hellman group exchange sha256 support

by Jirka, Friday, April 15, 2016, 14:44 (2904 days ago) @ Jasmine

After upgrade of the library, the connection to the ssh server doesn't work anymore.
I will create an example and sent it via email to support for investigation.