Connection aborted when using certain SSH clients.
Closed this issue · 13 comments
Bifrozt commented
Was doing some testing and noticed that the connection is aborted if using a certain SSH client.
When attempting to connect from a Fedora 23 machine the connection is aborted with the last message to the SSH client being:
Unable to negotiate with 10.120.192.124: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
The SSH client version returned on Fedora 23
$ ssh -V
OpenSSH_7.1p2, OpenSSL 1.0.2f-fips 28 Jan 2016
The issue appears to be with this specific version as it works fine from Ubuntu 14.04 and OpenBSD machines. No adv-log's are generated from this.
This is what is logged in the honssh.log:
2016-02-28 23:14:25+0100 [honssh.server.HonsshServerFactory] [PLUGIN][HONEYPOT-STATIC] - GET_PRE_AUTH_DETAILS
2016-02-28 23:14:25+0100 [-] [PRE_AUTH] - Connecting to Honeypot: BZ-testing (172.16.47.200:22)
2016-02-28 23:14:25+0100 [-] [ADV-NET] - HonSSH Interface already exists, not re-adding
2016-02-28 23:14:25+0100 [-] [ADV-NET] - Fake IP Address already exists, not re-adding
2016-02-28 23:14:25+0100 [-] Starting factory <honssh.client.HonsshClientFactory instance at 0x7f6e9bee7908>
2016-02-28 23:14:25+0100 [HonsshServerTransport,4,10.120.192.237] Disconnecting with error, code 3
reason: couldn't match all kex parts
2016-02-28 23:14:25+0100 [HonsshServerTransport,4,10.120.192.237] connection lost
2016-02-28 23:14:25+0100 [Uninitialized] [CLIENT] - New client connection
2016-02-28 23:14:25+0100 [HonsshClientTransport,client] kex alg, key alg: diffie-hellman-group-exchange-sha1 ssh-rsa
2016-02-28 23:14:25+0100 [HonsshClientTransport,client] outgoing: aes256-ctr hmac-sha1 none
2016-02-28 23:14:25+0100 [HonsshClientTransport,client] incoming: aes256-ctr hmac-sha1 none
2016-02-28 23:14:25+0100 [HonsshClientTransport,client] REVERSE
2016-02-28 23:14:25+0100 [HonsshClientTransport,client] NEW KEYS
2016-02-28 23:14:25+0100 [HonsshClientTransport,client] [CLIENT] - Client Connection Secured
2016-02-28 23:14:26+0100 [-] [PLUGIN][EXAMPLE] - SET_SERVER
2016-02-28 23:14:26+0100 [-] [PLUGIN][EXAMPLE] - SET SERVER
2016-02-28 23:14:26+0100 [-] [PLUGIN][OUTPUT-TXTLOG] - CONNECTION_MADE
2016-02-28 23:14:26+0100 [-] [PLUGIN][EXAMPLE] - CONNECTION_MADE
2016-02-28 23:14:26+0100 [-] [PLUGIN][EXAMPLE] - {'honey_port': '22', 'sensor_name': 'BZ-testing', 'session': {'auths': [], 'country': '', 'start_time': '20160228_231426_124800', 'log_location': 'sessions/BZ-testing/10.120.192.237/', 'session_id': '79125acb64764740941fbd65559adc0e', 'peer_port': '59191', 'channels': [], 'peer_ip': '10.120.192.237'}, 'honey_ip': '172.16.47.200'}
2016-02-28 23:14:26+0100 [-] [PLUGIN][EXAMPLE] - SET_CLIENT
2016-02-28 23:14:26+0100 [-] [PLUGIN][EXAMPLE] - {'honey_port': '22', 'sensor_name': 'BZ-testing', 'session': {'auths': [], 'country': '', 'start_time': '20160228_231426_124800', 'log_location': 'sessions/BZ-testing/10.120.192.237/', 'session_id': '79125acb64764740941fbd65559adc0e', 'peer_port': '59191', 'channels': [], 'version': 'SSH-2.0-OpenSSH_7.1', 'peer_ip': '10.120.192.237'}, 'honey_ip': '172.16.47.200'}
2016-02-28 23:14:26+0100 [-] [PRE_AUTH] - CLIENT CONNECTED, REPLAYING BUFFERED PACKETS
And this is what the verbose output from Fedora SSH client shows.
$ ssh -ltestuser 10.120.192.124 -vvv
OpenSSH_7.1p2, OpenSSL 1.0.2f-fips 28 Jan 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.120.192.124 [10.120.192.124] port 22.
debug1: Connection established.
debug1: identity file /home/xXx/.ssh/id_rsa type 1
debug1: key_load_public: No such file or direczZzy
debug1: identity file /home/xXx/.ssh/id_rsa-cert type -1
debug1: identity file /home/xXx/.ssh/id_dsa type 2
debug1: key_load_public: No such file or direczZzy
debug1: identity file /home/xXx/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or direczZzy
debug1: identity file /home/xXx/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or direczZzy
debug1: identity file /home/xXx/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or direczZzy
debug1: identity file /home/xXx/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or direczZzy
debug1: identity file /home/xXx/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.120.192.124:22 as 'testuser'
debug3: hostkeys_foreach: reading file "/home/xXx/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/xXx/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from 10.120.192.124
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysazZz.liu.se
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysazZz.liu.se
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
Unable to negotiate with 10.120.192.124: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
Any ideas about whats going on here?
tnich commented
Try commenting out this if statement:
https://github.com/tnich/honssh/blob/master/honssh/server.py#L155
See what happens :)
Bifrozt commented
Appears to have solved the issue :)
unixfox commented
I've the same issue but commenting the line as @tnich said gives me and error:
2016-10-30 15:23:18+0000 [honssh.server.HonsshServerFactory] Unhandled Error
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 73, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext
return func(*args,**kw)
File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 614, in _doReadOrWrite
why = selectable.doRead()
--- <exception caught here> ---
File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 1062, in doRead
protocol = self.factory.buildProtocol(self._buildAddr(addr))
File "/root/honssh/honssh/server.py", line 156, in buildProtocol
ske.remove('diffie-hellman-group-exchange-sha256')
exceptions.ValueError: list.remove(x): x not in list
Strangly my docker host offers the key (diffie-hellman-group-exchange-sha256).
root@e21d15789b4e:~# sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)"
ciphers 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
macs hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-sha2-512,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com
kexalgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org
Line commented:
def buildProtocol(self, addr):
t = HonsshServerTransport()
t.ourVersionString = self.ourVersionString
t.factory = self
t.supportedPublicKeys = self.privateKeys.keys()
if not self.primes:
ske = t.supportedKeyExchanges[:]
if 'diffie-hellman-group-exchange-sha1' in ske:
ske.remove('diffie-hellman-group-exchange-sha1')
#if 'diffie-hellman-group-exchange-sha256' in ske:
ske.remove('diffie-hellman-group-exchange-sha256')
t.supportedKeyExchanges = ske
t.supportedCiphers = ['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc' ]
t.supportedPublicKeys = ['ssh-rsa', 'ssh-dss']
t.supportedMACs = [ 'hmac-md5', 'hmac-sha1']
return t
tnich commented
Comment out the line below it too?
unixfox commented
I commented out the next line but It offers the same key exchange:
Unable to negotiate with 95.85.41.93 port 2222: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
2016-10-30 15:32:09+0000 [-] Main loop terminated.
2016-10-30 15:32:09+0000 [-] Server Shut Down.
2016-10-30 15:32:25+0000 [-] Log opened.
2016-10-30 15:32:25+0000 [-] twistd 14.0.2 (/usr/bin/python 2.7.9) starting up.
2016-10-30 15:32:25+0000 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2016-10-30 15:32:25+0000 [-] HonsshServerFactory starting on 2222
2016-10-30 15:32:25+0000 [-] Starting factory <honssh.server.HonsshServerFactory instance at 0x7f864061c878>
2016-10-30 15:32:29+0000 [honssh.server.HonsshServerFactory] [PLUGIN][HONEYPOT-DOCKER] - GET_PRE_AUTH_DETAILS
2016-10-30 15:32:29+0000 [HonsshServerTransport,0,62.235.45.224] Disconnecting with error, code 3
reason: couldn't match all kex parts
2016-10-30 15:32:29+0000 [HonsshServerTransport,0,62.235.45.224] connection lost
2016-10-30 15:32:30+0000 [honssh.server.HonsshServerFactory] [PLUGIN][DOCKER] - Launched container (172.17.0.3, 874cd765f095027eeacb4fdabe6f2f76e0680834f2c5ab7a004b78a5f9ea2b13)
2016-10-30 15:32:30+0000 [-] [PRE_AUTH] - Connecting to Honeypot: 874cd765f095027eeacb4fdabe6f2f76e0680834f2c5ab7a004b78a5f9ea2b13 (172.17.0.3:22)
2016-10-30 15:32:30+0000 [-] [ADV-NET] - Advanced Networking disabled - Using client_addr
2016-10-30 15:32:30+0000 [-] Starting factory <honssh.client.HonsshClientFactory instance at 0x7f86403f9560>
2016-10-30 15:32:30+0000 [Uninitialized] [CLIENT] - New client connection
2016-10-30 15:32:30+0000 [HonsshClientTransport,client] kex alg, key alg: diffie-hellman-group-exchange-sha1 ssh-rsa
2016-10-30 15:32:30+0000 [HonsshClientTransport,client] outgoing: aes256-ctr hmac-sha1 none
2016-10-30 15:32:30+0000 [HonsshClientTransport,client] incoming: aes256-ctr hmac-sha1 none
2016-10-30 15:32:30+0000 [HonsshClientTransport,client] REVERSE
2016-10-30 15:32:30+0000 [HonsshClientTransport,client] NEW KEYS
2016-10-30 15:32:30+0000 [HonsshClientTransport,client] [CLIENT] - Client Connection Secured
2016-10-30 15:32:30+0000 [-] [PLUGIN][OUTPUT-TXTLOG] - CONNECTION_MADE
2016-10-30 15:32:30+0000 [-] [PRE_AUTH] - CLIENT CONNECTED, REPLAYING BUFFERED PACKETS
tnich commented
Try leaving those two lines commented out and upgrading your python twisted version e.g. pip install twisted --upgrade
unixfox commented
@tnich Upgrading twisted gives me the same error as the first time I set up honssh using pip for installing requirements packages (issue #81):
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/twisted/application/app.py", line 648, in run
runApp(config)
File "/usr/local/lib/python2.7/dist-packages/twisted/scripts/twistd.py", line 25, in runApp
_SomeApplicationRunner(config).run()
File "/usr/local/lib/python2.7/dist-packages/twisted/application/app.py", line 379, in run
self.application = self.createOrGetApplication()
File "/usr/local/lib/python2.7/dist-packages/twisted/application/app.py", line 444, in createOrGetApplication
application = getApplication(self.config, passphrase)
--- <exception caught here> ---
File "/usr/local/lib/python2.7/dist-packages/twisted/application/app.py", line 455, in getApplication
application = service.loadApplication(filename, style, passphrase)
File "/usr/local/lib/python2.7/dist-packages/twisted/application/service.py", line 411, in loadApplication
passphrase)
File "/usr/local/lib/python2.7/dist-packages/twisted/persisted/sob.py", line 223, in loadValueFromFile
eval(codeObj, d, d)
File "honssh.tac", line 32, in <module>
from twisted.conch.ssh.keys import Key
File "/usr/local/lib/python2.7/dist-packages/twisted/conch/ssh/keys.py", line 28, in <module>
from cryptography.hazmat.primitives.asymmetric.utils import (
exceptions.ImportError: No module named utils
Failed to load application: No module named utils
Downloading/unpacking twisted from https://pypi.python.org/packages/ee/50/224854b4730f4daa941b8bcc4834a15bfee3012dad663fa760a89210df2c/Twisted-16.5.0.tar.bz2#md5=79929fae9968c4b9daf518a5c0c075d7
Downloading Twisted-16.5.0.tar.bz2 (3.0MB): 3.0MB downloaded
tnich commented
Looks like we might need to update the python cryptography package too:
pip install cryptography --upgrade
unixfox commented
Upgrading cryptography gives me this error when I launch honssh:
honsshctrl.sh[21442]: Starting honssh in background...
Unhandled Error
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/twisted/application/app.py", line 648, in run
runApp(config)
File "/usr/local/lib/python2.7/dist-packages/twisted/scripts/twistd.py", line 25, in runApp
_SomeApplicationRunner(config).run()
File "/usr/local/lib/python2.7/dist-packages/twisted/application/app.py", line 379, in run
self.application = self.createOrGetApplication()
File "/usr/local/lib/python2.7/dist-packages/twisted/application/app.py", line 444, in createOrGetApplication
application = getApplication(self.config, passphrase)
--- <exception caught here> ---
File "/usr/local/lib/python2.7/dist-packages/twisted/application/app.py", line 455, in getApplication
application = service.loadApplication(filename, style, passphrase)
File "/usr/local/lib/python2.7/dist-packages/twisted/application/service.py", line 411, in loadApplication
passphrase)
File "/usr/local/lib/python2.7/dist-packages/twisted/persisted/sob.py", line 223, in loadValueFromFile
eval(codeObj, d, d)
File "honssh.tac", line 36, in <module>
from honssh import server, interact
exceptions.ImportError: No module named honssh
Failed to load application: No module named honssh
PS : The first time I installed the python requirements, it's using debian Jessie packages : python-twisted, python-mysqldb, python-geoip
tnich commented
Strange... Try adding the folder with honssh in to PYTHONPATH e.g.
export PYTHONPATH="$PYTHONPATH:/folder/to/honssh"
unixfox commented
Nice it works!
I uncommented out the two lines:
def buildProtocol(self, addr):
t = HonsshServerTransport()
t.ourVersionString = self.ourVersionString
t.factory = self
t.supportedPublicKeys = self.privateKeys.keys()
if not self.primes:
ske = t.supportedKeyExchanges[:]
if 'diffie-hellman-group-exchange-sha1' in ske:
ske.remove('diffie-hellman-group-exchange-sha1')
if 'diffie-hellman-group-exchange-sha256' in ske:
ske.remove('diffie-hellman-group-exchange-sha256')
t.supportedKeyExchanges = ske
t.supportedCiphers = ['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc' ]
t.supportedPublicKeys = ['ssh-rsa', 'ssh-dss']
t.supportedMACs = [ 'hmac-md5', 'hmac-sha1']
return t
Because honssh gaves me this error:
2016-10-30 15:39:43+0000 [-] Main loop terminated.
2016-10-30 15:39:43+0000 [-] Server Shut Down.
2016-10-30T15:55:17+0000 [-] Loading honssh.tac...
2016-10-30T15:55:17+0000 [-] [PLUGIN][OUTPUT-CONTRIBUTE] - VALIDATE_CONFIG
2016-10-30T15:55:17+0000 [-] [PLUGIN][OUTPUT-TXTLOG] - VALIDATE_CONFIG
2016-10-30T15:55:17+0000 [-] [PLUGIN][HONEYPOT-DOCKER] - VALIDATE_CONFIG
2016-10-30T15:55:17+0000 [-] [SERVER] - Using ssh_banner for SSH Version String: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
2016-10-30T15:55:17+0000 [-] [HONSSH] - HonSSH Boot Sequence Complete - Ready for attacks!
2016-10-30T15:55:17+0000 [-] Loaded.
2016-10-30T15:55:17+0000 [twisted.scripts._twistd_unix.UnixAppLogger#info] twistd 16.5.0 (/usr/bin/python 2.7.9) starting up.
2016-10-30T15:55:17+0000 [twisted.scripts._twistd_unix.UnixAppLogger#info] reactor class: twisted.internet.epollreactor.EPollReactor.
2016-10-30T15:55:17+0000 [-] HonsshServerFactory starting on 2222
2016-10-30T15:55:17+0000 [honssh.server.HonsshServerFactory#info] Starting factory <honssh.server.HonsshServerFactory instance at 0x7f3ee4b856c8>
2016-10-30T15:55:24+0000 [honssh.server.HonsshServerFactory] [PLUGIN][HONEYPOT-DOCKER] - GET_PRE_AUTH_DETAILS
2016-10-30T15:55:24+0000 [HonsshServerTransport,0,62.235.45.224] kex alg, key alg: 'diffie-hellman-group-exchange-sha256' 'ssh-rsa'
2016-10-30T15:55:24+0000 [HonsshServerTransport,0,62.235.45.224] outgoing: 'aes128-ctr' 'hmac-sha1' 'none'
2016-10-30T15:55:24+0000 [HonsshServerTransport,0,62.235.45.224] incoming: 'aes128-ctr' 'hmac-sha1' 'none'
2016-10-30T15:55:24+0000 [HonsshServerTransport,0,62.235.45.224] Unhandled Error
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/twisted/python/log.py", line 101, in callWithLogger
return callWithContext({"system": lp}, func, *args, **kw)
File "/usr/local/lib/python2.7/dist-packages/twisted/python/log.py", line 84, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/usr/local/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/local/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext
return func(*args,**kw)
--- <exception caught here> ---
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 597, in _doReadOrWrite
why = selectable.doRead()
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 208, in doRead
return self._dataReceived(data)
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 214, in _dataReceived
rval = self.protocol.dataReceived(data)
File "/root/honssh/honssh/honsshServer.py", line 70, in dataReceived
self.dispatchMessage(messageNum, packet[1:])
File "/root/honssh/honssh/server.py", line 87, in dispatchMessage
honsshServer.HonsshServer.dispatchMessage(self, messageNum, payload)
File "/usr/local/lib/python2.7/dist-packages/twisted/conch/ssh/transport.py", line 745, in dispatchMessage
f(payload)
File "/usr/local/lib/python2.7/dist-packages/twisted/conch/ssh/transport.py", line 1328, in ssh_KEX_DH_GEX_REQUEST
self.g, self.p = self.factory.getDHPrime(ideal)
File "/usr/local/lib/python2.7/dist-packages/twisted/conch/ssh/factory.py", line 107, in getDHPrime
primesKeys = sorted(self.primes.keys(), key=lambda i: abs(i - bits))
exceptions.AttributeError: 'NoneType' object has no attribute 'keys'
2016-10-30T15:55:24+0000 [HonsshServerTransport,0,62.235.45.224] connection lost
In conclusion I think that diffie-hellman-group-exchange-sha256 isn't supported on older version of twisted (debian package)
And adding the pythonpath resolves my initial issue #81 too.
tnich commented
Ah great, I knew I had that if statement in there for a reason!
rajasaad7 commented
I did the same by commenting:
def start_post_auth(self, username, password, auth_type):
self.post_auth_started = True
self.post_auth.start(username, password, auth_type)
but it gives new error:
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/twisted/python/log.py", line 103, in callWithLogger
return callWithContext({"system": lp}, func, *args, **kw)
File "/usr/local/lib/python2.7/dist-packages/twisted/python/log.py", line 86, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/usr/local/lib/python2.7/dist-packages/twisted/python/context.py", line 122, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/local/lib/python2.7/dist-packages/twisted/python/context.py", line 85, in callWithContext
return func(*args,**kw)
--- ---
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 614, in _doReadOrWrite
why = selectable.doRead()
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 243, in doRead
return self._dataReceived(data)
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 249, in _dataReceived
rval = self.protocol.dataReceived(data)
File "/home/itsec/honssh/honssh/honsshServer.py", line 73, in dataReceived
self.dispatchMessage(message_num, packet[1:])
File "/home/itsec/honssh/honssh/server.py", line 126, in dispatchMessage
self.packet_buffer(self.pre_auth, message_num, payload)
File "/home/itsec/honssh/honssh/server.py", line 140, in packet_buffer
self.sshParse.parse_packet("[SERVER]", message_num, payload)
File "/home/itsec/honssh/honssh/protocols/ssh.py", line 167, in parse_packet
self.start_post_auth()
File "/home/itsec/honssh/honssh/protocols/ssh.py", line 379, in start_post_auth
self.server.start_post_auth(self.username, self.password, self.auth_type)
exceptions.AttributeError: HonsshServerTransport instance has no attribute 'start_post_auth'