You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using inspec to ssh to an AKS node on Azure I am seeing an error:
Transport error, can't connect to 'ssh' backend: SSH command failed (could not settle on kex algorithm
Server kex preferences: curve25519-sha256@libssh.org
Client kex preferences: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1)
The target server is hardened to only support the curve25519 for key exchange. I am able to ssh to the box with both the ssh client binary and also with a Net::SSH test script:
Debug:
I, [2023-09-19T22:17:48.950397 #478643] INFO -- net.ssh.transport.algorithms[258]: got KEXINIT from server
I, [2023-09-19T22:17:48.950451 #478643] INFO -- net.ssh.transport.algorithms[258]: negotiating algorithms
D, [2023-09-19T22:17:48.950512 #478643] DEBUG -- net.ssh.transport.algorithms[258]: negotiated:
* kex: curve25519-sha256@libssh.org
* host_key: ssh-ed25519
* encryption_server: chacha20-poly1305@openssh.com
* encryption_client: chacha20-poly1305@openssh.com
* hmac_client: hmac-sha2-512-etm@openssh.com
* hmac_server: hmac-sha2-512-etm@openssh.com
Net::SSH is working properly and will negotiate the proper KEX, but I can not connect to this system with inspec, it appears to be using a different set of algos.
I tried to set the ssh config file for my host to use the right KEX algo, but the settings there appear to be ignored.
Any suggestions for how to configure inspec to use the proper kex or to debug this further?
Inspec version: 5.22.3
Net-ssh 7.2.0
Thanks!
The text was updated successfully, but these errors were encountered:
When using inspec to ssh to an AKS node on Azure I am seeing an error:
The target server is hardened to only support the curve25519 for key exchange. I am able to ssh to the box with both the ssh client binary and also with a Net::SSH test script:
Outputs: /home/admin
Net::SSH is working properly and will negotiate the proper KEX, but I can not connect to this system with inspec, it appears to be using a different set of algos.
I tried to set the ssh config file for my host to use the right KEX algo, but the settings there appear to be ignored.
Any suggestions for how to configure inspec to use the proper kex or to debug this further?
Inspec version: 5.22.3
Net-ssh 7.2.0
Thanks!
The text was updated successfully, but these errors were encountered: