Archived Forum Post

Index of archived forum posts

Question:

Chilkat Latest SSH and Apple El Capitan

Nov 02 '15 at 11:17

This one has got me stumped, it would appear starting in the latest Apple release, El Capitan, using the Chilkat SSH library to open a connection results in the a failed connection with the following errors in the /var/log/system.log on the remote apple machine:

fatal: ssh_dispatch_run_fatal: Connection to xx..xx.xx.xx: no matching cipher found [preauth]

I imagine there's a way to get a list of ciphers and try to make it work, very strange it can't just figure it out on its own.. anyone else ran into this yet?

hz


Answer

Check to see if Chilkat v9.5.0.54 (the latest release) solves the problem.


Answer

It does not, I just pulled it down and rebuilt with 9.5.0.54.

From the website it would appear the ciphers are:

By default, the component will automatically choose the first cipher supported by the server in the order listed here: "aes256-ctr", "aes128-ctr", "aes256-cbc", "aes128-cbc", "twofish256-cbc", "twofish128-cbc", "blowfish-cbc", "3des-cbc", "arcfour128", "arcfour256". (If blowfish is chosen, the encryption strength is 128 bits.)

And from the man pages for sshd_config on the Apple: aes128-ctr, aes192-ctr, aes256-ctr, aes128-gc@openssh.com,aes256-gco@openssh.com,chacha21-poly1305@openssh.com

So it would appear we'd have a match instantly...

hz


Answer

Use verbose logging (set the Chilkat object's VerboseLogging property = YES/true) and then examine the contents of the LastErrorText after the failed call to Connect.


Answer

Done, I've also attempted by forcing the cipher with no success. That DllDate has me concerned, I've double checked the linked static library, but I'll look again, I removed the license specific details.

ChilkatLog: Connect_Ssh: DllDate: Apr 20 2012 Architecture: Little Endian; 32-bit Language: Visual C++ 9.0 hostname: 192.168.1.2 port: 22 ConnectTimeoutMs_1: 30000 calling ConnectSocket2 IPV6 enabled connect with NO heartbeat. This is an IPV4 numeric address... AddrInfoList: AddrInfo: ai_flags: 4 ai_family: 2 ai_socktype: 1 ai_protocol: 0 ai_addrlen: 16 ai_canonname: (NULL) --AddrInfo --AddrInfoList Connect using IPV4. ipAddress1: 192.168.1.2 myIP_3: 192.168.1.15 myPort_3: 51219 connect successful (2) Established TCP/IP connection with SSH server clientIdentifier: SSH-2.0-PuTTY_Local:_May_14_2009_21:12:18 Sending client identifier... Done sending client identifier. Reading server version... initialDataFromSshServer: SSH-2.0-OpenSSH_6.9

serverVersion: SSH-2.0-OpenSSH_6.9
sendMessage:
  msgName: KEXINIT
  unpaddedLength: 452
  remainder: 4
  paddingLen: 4
  totalSize: 456
--sendMessage
packetLen: 948
KeyExchangeAlgs:
  algorithm: curve25519-sha256@libssh.org
  algorithm: ecdh-sha2-nistp256
  algorithm: ecdh-sha2-nistp384
  algorithm: ecdh-sha2-nistp521
  algorithm: diffie-hellman-group-exchange-sha256
  algorithm: diffie-hellman-group14-sha1
--KeyExchangeAlgs
HostKeyAlgs:
  algorithm: ssh-rsa
  algorithm: ssh-dss
  algorithm: ecdsa-sha2-nistp256
  algorithm: ssh-ed25519
--HostKeyAlgs
EncCS:
  algorithm: chacha20-poly1305@openssh.com
  algorithm: aes128-ctr
  algorithm: aes192-ctr
  algorithm: aes256-ctr
  algorithm: aes128-gcm@openssh.com
  algorithm: aes256-gcm@openssh.com
--EncCS
EncSC:
  algorithm: chacha20-poly1305@openssh.com
  algorithm: aes128-ctr
  algorithm: aes192-ctr
  algorithm: aes256-ctr
  algorithm: aes128-gcm@openssh.com
  algorithm: aes256-gcm@openssh.com
--EncSC
MacCS:
  algorithm: umac-64-etm@openssh.com
  algorithm: umac-128-etm@openssh.com
  algorithm: hmac-sha2-256-etm@openssh.com
  algorithm: hmac-sha2-512-etm@openssh.com
  algorithm: hmac-sha1-etm@openssh.com
  algorithm: umac-64@openssh.com
  algorithm: umac-128@openssh.com
  algorithm: hmac-sha2-256
  algorithm: hmac-sha2-512
  algorithm: hmac-sha1
--MacCS
MacSC:
  algorithm: umac-64-etm@openssh.com
  algorithm: umac-128-etm@openssh.com
  algorithm: hmac-sha2-256-etm@openssh.com
  algorithm: hmac-sha2-512-etm@openssh.com
  algorithm: hmac-sha1-etm@openssh.com
  algorithm: umac-64@openssh.com
  algorithm: umac-128@openssh.com
  algorithm: hmac-sha2-256
  algorithm: hmac-sha2-512
  algorithm: hmac-sha1
--MacSC
CompCS:
  algorithm: none
  algorithm: zlib@openssh.com
--CompCS
CompSC:
  algorithm: none
  algorithm: zlib@openssh.com
--CompSC
Unable to agree upon server-to-client encryption algorithm.
Unable to agree upon client-to-server encryption algorithm.
MAC: HMAC-SHA1
MAC: HMAC-SHA1
Compression: none
Compression: none
Key Exchange: DH Group Exchange SHA256
Host Key Algorithm: DSS
numBits: 128
pbits: 1024
Using GEX Group.
Sending KEX_DH_GEX_REQUEST...
pbits: 1024
sendMessage:
  msgName: KEX_DH_GEX_REQUEST
  unpaddedLength: 10
  remainder: 2
  paddingLen: 6
  totalSize: 16
--sendMessage
numBytesRequested: 8
Connection closed by connected peer.
Failed to read data on SSH connection.
Failed to read KEX_DH_GEX_REQUEST response
Failed.

--Connect_Ssh --ChilkatLog


Answer

You're using an old version of Chilkat. Notice this in the LastErrorText: "DllDate: Apr 20 2012"


Answer

Damn it! I was using the wrong libs, my mistake. It would appear this has been corrected in the latest release, I'm very sorry for the confusion.