Re: Interop lsh and SSH-2.0-GitLab-SSHD

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: Interop lsh and SSH-2.0-GitLab-SSHD
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Thu, 5 Oct 2023 13:19:45 -0400 (EDT)

> [...] gitlab's custom sshd [...] advertising itself as
> SSH-2.0-GitLab-SSHD when I connect to gitlab.com.

I notice it's also ignoring the required space after the
softwareversion (4253 4.2 - which admittedly contradicts itself, giving
syntax that requires a space but then giving an example without one and
calling it valid).

> When connecting to gitlab.com using lsh stopped working quite long
> ago, I assumed it was just because lsh was lagging support for
> current algorithms.

I wouldn't just assume that; I'd look at the algorithm lists offered by
the two ends...which I gather (from text I cut, below) you did.

It offers a fairly small list of algorithms, but (unlike github!) it at
least includes enough that it should interoperate with moussh - once I
tell my end to ignore the banner syntax error.  (I didn't go past the
"unrecognized host key, accept?" stage, because I have no presence
there.)  Here's what I see them offering:

855  ssh: peer's algorithms (%=unrecognized, *=disabled):
856           kex: %curve25519-sha256 %curve25519-sha256%libssh.org@localhost %ecdh-sha2-nistp256 %ecdh-sha2-nistp384 %ecdh-sha2-nistp521 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1
857            hk: ssh-dss %ecdsa-sha2-nistp256 %ssh-ed25519 rsa-sha2-256 rsa-sha2-512 ssh-rsa
858      enc c->s: %aes128-gcm%openssh.com@localhost %chacha20-poly1305%openssh.com@localhost %aes256-gcm%openssh.com@localhost aes128-ctr aes192-ctr aes256-ctr
859      enc s->c: %aes128-gcm%openssh.com@localhost %chacha20-poly1305%openssh.com@localhost %aes256-gcm%openssh.com@localhost aes128-ctr aes192-ctr aes256-ctr
860      mac c->s: %hmac-sha2-256-etm%openssh.com@localhost %hmac-sha2-512-etm%openssh.com@localhost %hmac-sha2-256 %hmac-sha2-512 hmac-sha1
861      mac s->c: %hmac-sha2-256-etm%openssh.com@localhost %hmac-sha2-512-etm%openssh.com@localhost %hmac-sha2-256 %hmac-sha2-512 hmac-sha1
862     comp c->s: none
863     comp s->c: none

> [...]
> But authenticating in the same way to gitlab.com still fails.  The
> curious thing is that the server appears to just close the
> connection, I don't get any SSH_MSG_USERAUTH_FAILURE, not even a
> SSH_MSG_DISCONNECT.

Curious.  No, I have no idea what's behind that.  I'd be interested to
hear if you ever do learn what's behind it.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

References:
- Interop lsh and SSH-2.0-GitLab-SSHD
  - From: Niels Möller

Prev by Date: Interop lsh and SSH-2.0-GitLab-SSHD
Next by Date: Re: Interop lsh and SSH-2.0-GitLab-SSHD
Previous by Thread: Interop lsh and SSH-2.0-GitLab-SSHD
Next by Thread: Re: Interop lsh and SSH-2.0-GitLab-SSHD
Indexes:

Home | Main Index | Thread Index | Old Index