This project is read-only.

Key exchange problems with VShell (no appropriate prime between 1024 and 1024)

Oct 9, 2015 at 9:30 AM
Hi,

One of our business partners recently updated their SFTP server to VShell 4.1. Straight after that we noticed SSH client was unable to connect. After debugging I've noticed the following message sent from the server to client:
No appropriate prime between 1024 and 1024 is available

As it turns out VShell have removed all 1024 bit primes recently: https://www.vandyke.com/products/vshell/history.txt.

I had a quick look at the code and fix seems to be straightforward - all that needs to be done is very small change in Start method of KeyExchangeDiffieHellmanGroupExchangeSha256 and KeyExchangeDiffieHellmanGroupExchangeSha1 classes. However, last thing I want to do is take SSH.NET library and make my own changes to it.

Are there any plans to release new version of SSH.NET at some point? I've noticed last beta release was quite a long time ago (although this key exchange problem seems to be fixed). Does anyone know what's happening with that beta?

Thank you in advance.
Feb 18, 2016 at 10:43 AM
Any information on the small changes? I have the same issue.. All i found was the "MinimumGroupSize" in "KeyExchangeDiffieHellmanGroupExchangeShaBase"
Jun 7, 2016 at 8:40 PM
I failed to reproduce this issue with VShell 4.2.1 (Win x64).
Are you still able to reproduce this issue ?
Jun 10, 2016 at 10:01 AM
Was fixed a while ago: http://sshnet.codeplex.com/workitem/1973

Simple update SSH.NET to current beta in your project. Or wait till drieseng releases a new version.
Jun 10, 2016 at 11:35 AM
drieseng wrote:
I failed to reproduce this issue with VShell 4.2.1 (Win x64).
Are you still able to reproduce this issue ?
Yes, I can still reproduce the problem. Updating to beta sounds like a bad idea for production servers.
Jun 16, 2016 at 4:42 AM
Edited Jun 16, 2016 at 4:44 AM
Hi,

Upvoting this issue as it has impacted us as well. Will there be a prod release that includes the fix?

The workaround we found was removing the dh algorithms.
conn.KeyExchangeAlgorithms.Remove("diffie-hellman-group-exchange-sha256");
conn.KeyExchangeAlgorithms.Remove("diffie-hellman-group-exchange-sha1");
Thanks!
Jun 19, 2016 at 5:22 PM
I've released a new beta of SSH.NET today that includes a fix for this issue:
https://github.com/sshnet/SSH.NET/releases/tag/2016.0.0-beta1

The prelease NuGet package is available here.
Marked as answer by drieseng on 6/19/2016 at 9:22 AM