rubencaro/sshex

Modify SSH algorithms

bwks opened this issue · 3 comments

bwks commented

Hello.

I am an Elixir/Erlang noob so this might be a daft question.

I am trying to connect to a cisco router and it only supports the diffie-hellman-group-exchange-sha1 and diffie-hellman-group14-sha1 algorithms.

When I try to connect to a cisco router I get the following error.

21:12:54.137 [info]  Erlang SSH :client 4.10.6 (OpenSSL 1.1.1d  10 Sep 2019).
Server: 'SSH-2.0-Cisco-1.25'
Disconnects with code = 3 [RFC4253 11.1]: Key exchange failed
State = {kexinit,client,init}
Module = ssh_transport, Line = 380.
Details:
  Kexinit failed in client: error:{badmatch,{false,"kex"}}

These algorithms are disabled in the erlang SSH module by default, but it looks like its possible to enable them.
http://erlang.org/doc/man/SSH_app.html#supported_algos

I cannot figure out how to pass the options in to modify the algorithms.
Is this possible with sshex?

This is how you modify the algorithms in erlang:
http://erlang.org/doc/apps/ssh/configure_algos.html#example-5

ssh:chk_algos_opts(
         [{modify_algorithms,
	       [{prepend,
	           [{kex,['diffie-hellman-group1-sha1']}]
		   }
	       ]
          }
        ]).

I am not completely certain, but I think this is to convert it to elixir.

:ssh.chk_algos_opts(
            [{:modify_algorithms,
            [{:prepend,
                [{:kex, ['diffie-hellman-group1-sha1']}]
          }
            ]
              }
            ])

If possible, how can this be passed in via SSHex.connect() ?

Thank you in advance for any assistance.

bwks commented

I think I figured it out.

SSHEx.connect(ip: "x.x.x.x", user: "user", password: "pass", modify_algorithms: [{:append, [{:kex, [:"diffie-hellman-group-exchange-sha1"]}]}])

I can now login. But looks like the connection closes immediately. Checking on that now

bwks commented

Ok. I believe the second issue is related to the way Cisco implements their shell.
The connection is successful, but you can only run a single command.
The connection is then closed.
In other languages, you need to open a channel to send multiple commands to a Cisco shell.

iex(3)> {:ok, conn} = SSHEx.connect(ip: '192.168.255.150', user: 'admin', password: 'cisco', modify_algorithms: [{:append, [{:kex, [:"diffie-hellman-group-exchange-sha1"]}]}])
{:ok, #PID<0.238.0>}
iex(4)> SSHEx.cmd!(conn, 'show clock')
"\r\n\r\n\r\n*22:08:54.207 UTC Sat Jan 30 2021"
iex(5)> SSHEx.cmd!(conn, 'show clock')
** (RuntimeError) {:error, :closed}
    (sshex 2.2.1) lib/sshex.ex:100: SSHEx.cmd!/3
iex(5)> 
``
rubencaro commented

It looks like you figured out yourself 😁 , on both cases.

As you can see, it was not really a problem with sshex. I will close the issue.

  • 👍1