Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

golang ssh library cannot connect to sf.tmate.io #12

Closed
drnic opened this issue Oct 26, 2014 · 11 comments
Closed

golang ssh library cannot connect to sf.tmate.io #12

drnic opened this issue Oct 26, 2014 · 11 comments

Comments

@drnic
Copy link

drnic commented Oct 26, 2014

I was trying to use go.crypto to connect to the sf.tmate.io SSH session but get the following error:

unable to connect: ssh: handshake failed: ssh: no common algorithms

I found an explanation for the possible cause: http://stackoverflow.com/questions/18998473/failed-to-dial-handshake-failed-ssh-no-common-algorithms-error-in-ssh-client/19002265#19002265

Currently, I've fallen back to calling out to an external ssh CLI [1] but unfortunately for the Windows users it means they need to find and install an SSH client CLI.

It would be awesome if sf.tmate.io supported one of the cyphers supported by go-crypto which I think are:

  • aes128-ctr
  • aes192-ctr
  • aes256-ctr
  • arcfour128
  • arcfour256

Possible?

[1] https://github.com/cloudfoundry-community/cf-ssh#why-require-ssh-cli
@nviennot
Copy link
Member

This is what tmate-slave supports (gathered with ssh -vv), which includes aes128-ctr,aes192-ctr and aes256-ctr:

debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,des-cbc-ssh1
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,des-cbc-ssh1
debug2: kex_parse_kexinit: hmac-sha1
debug2: kex_parse_kexinit: hmac-sha1
debug2: kex_parse_kexinit: zlib@openssh.com,zlib
debug2: kex_parse_kexinit: zlib@openssh.com,zlib

Maybe the issue is during the diffie-hellman exchange then?

@nviennot
Copy link
Member

Oh and also, tmate-slave forces the client to use zlib@openssh.com for compression.

EDIT: or zlib. If go.crypto doesn't support zlib nor zlib@openssh.com, then it's going to fail with the error you are mentioning.

@drnic
Copy link
Author

drnic commented Oct 26, 2014

Ok time to code dive into go-crypt. Thanks!

On Sun, Oct 26, 2014 at 9:06 AM, Nicolas Viennot notifications@github.com
wrote:

Oh and also, tmate-slave forces the client to use zlib@openssh.com for compression.

Reply to this email directly or view it on GitHub:
#12 (comment)

@nviennot
Copy link
Member

Cool :)

If I may, why would it be beneficial if go-crypto could connect to tmate?

@drnic
Copy link
Author

drnic commented Oct 26, 2014

Also sorry that cf-ssh README doesn't mention tmate.io yet. Still writing docs etcz

On Sun, Oct 26, 2014 at 9:06 AM, Nicolas Viennot notifications@github.com
wrote:

Oh and also, tmate-slave forces the client to use zlib@openssh.com for compression.

Reply to this email directly or view it on GitHub:
#12 (comment)

@drnic
Copy link
Author

drnic commented Oct 26, 2014

The goal is for cf-ssh to kick off an interactive shell into a remote container. I'm hoping to not have to delegate that to the "ssh" CLI.

On Sun, Oct 26, 2014 at 9:17 AM, Nicolas Viennot notifications@github.com
wrote:

Cool :)

If I may, why would it be beneficial if go-crypto could connect to tmate?

Reply to this email directly or view it on GitHub:
#12 (comment)

@nviennot
Copy link
Member

I'm not sure I understand how you are making it work, but it sounds interesting :)

FYI, in 6months, I'll be working full time on tmate (as a real company and all that), which will have good support for running tmate into containers + html5 dashboards of your terminals etc.

@drnic
Copy link
Author

drnic commented Oct 26, 2014

Cool re tmate as a company.

cf-ssh is using tmate for self-access to a private network container running within Cloud Foundry rather than for sharing access to a server/laptop with another person. I'll draw some diagrams one day :)

On Sun, Oct 26, 2014 at 9:24 AM, Nicolas Viennot notifications@github.com
wrote:

I'm not sure I understand how you are making it work, but it sounds interesting :)

FYI, in 6months, I'll be working full time on tmate (as a real company and all that), which will have good support for running tmate into containers + html5 dashboards of your terminals etc.

Reply to this email directly or view it on GitHub:
#12 (comment)

@nviennot
Copy link
Member

sweet :) I'll definitely ping you once I have something rolling -- as the tmate product is going to address that exact usecase (not the pairing stuff).

@nviennot
Copy link
Member

I've added a feature to easily grab the SSH keys out of tmate.
Check out "Running tmate as a daemon" on http://tmate.io/ with the new version 1.8.10.
Might be useful for your usecase.

@allomov
Copy link

allomov commented Apr 15, 2015

@drnic hope that merging this PR to golang will help to solve this problem golang/go#10274 soon.

@phil-blain phil-blain mentioned this issue Jul 13, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@drnic @allomov @nviennot