On 3/1/25 20:42, Damien Miller wrote:
On Sat, 1 Mar 2025, Dennis Clarke wrote:
Looks good here :
sparc64$ ./ssh -V
OpenSSH_9.9p2, OpenSSL 3.4.1 11 Feb 2025
sparc64$
sparc64$
sparc64$ ./ssh -oKEXAlgorithms=mlkem768x25519-sha256 -v hermes
OpenSSH_9.9p2, OpenSSL 3.4.1 11 Feb 2025
...
Unable to negotiate with 172.16.35.24 port 22: no matching key exchange method
found. Their offer:
sntrup761x25519-sha512@xxxxxxxxxxx,curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ext-info-s,kex-strict-s-v00@xxxxxxxxxxx
sparc64$
So that tested compilation but not whether the algorithm in question was
actually working. If you don't have a 9.9+ host handy, try
anongit.mindrot.org
-d
Looks to be working :
sparc64$
sparc64$ which ssh
/opt/bw/bin/ssh
sparc64$
sparc64$
sparc64$ /opt/bw/bin/ssh -v -F none
-oKEXAlgorithms=mlkem768x25519-sha256 -l anon anongit.mindrot.org
OpenSSH_9.9p2, OpenSSL 3.4.1 11 Feb 2025
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to anongit.mindrot.org [130.102.96.5] port 22.
debug1: Connection established.
debug1: identity file /export/home/dclarke/.ssh/id_rsa type -1
debug1: identity file /export/home/dclarke/.ssh/id_rsa-cert type -1
debug1: identity file /export/home/dclarke/.ssh/id_ecdsa type -1
debug1: identity file /export/home/dclarke/.ssh/id_ecdsa-cert type -1
debug1: identity file /export/home/dclarke/.ssh/id_ecdsa_sk type -1
debug1: identity file /export/home/dclarke/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /export/home/dclarke/.ssh/id_ed25519 type -1
debug1: identity file /export/home/dclarke/.ssh/id_ed25519-cert type -1
debug1: identity file /export/home/dclarke/.ssh/id_ed25519_sk type -1
debug1: identity file /export/home/dclarke/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /export/home/dclarke/.ssh/id_xmss type -1
debug1: identity file /export/home/dclarke/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.9
debug1: compat_banner: match: OpenSSH_9.9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to anongit.mindrot.org:22 as 'anon'
debug1: load_hostkeys: fopen /export/home/dclarke/.ssh/known_hosts2: No
such file or directory
debug1: load_hostkeys: fopen /opt/bw/etc/ssh_known_hosts: No such file
or directory
debug1: load_hostkeys: fopen /opt/bw/etc/ssh_known_hosts2: No such file
or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: mlkem768x25519-sha256
debug1: kex: host key algorithm: ssh-ed25519-cert-v01@xxxxxxxxxxx
debug1: kex: server->client cipher: chacha20-poly1305@xxxxxxxxxxx MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@xxxxxxxxxxx MAC:
<implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host certificate: ssh-ed25519-cert-v01@xxxxxxxxxxx
SHA256:43S30LGUkc2f9dDcLZG6O5KPKtPn7Xw2WkR2vCO/nnU, serial 1002 ID
"haru.mindrot.org" CA ssh-ed25519
SHA256:HLdf6CO2YbWTHJj2MAJ5x2iGGruFxodFM00N3IiP1x0 valid forever
debug1: load_hostkeys: fopen /export/home/dclarke/.ssh/known_hosts2: No
such file or directory
debug1: load_hostkeys: fopen /opt/bw/etc/ssh_known_hosts: No such file
or directory
debug1: load_hostkeys: fopen /opt/bw/etc/ssh_known_hosts2: No such file
or directory
debug1: No matching CA found. Retry with plain key
debug1: Host 'anongit.mindrot.org' is known and matches the ED25519 host
key.
debug1: Found key in /export/home/dclarke/.ssh/known_hosts:16
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: Sending SSH2_MSG_EXT_INFO
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse:
server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256@xxxxxxxxxxx,rsa-sha2-512,rsa-sha2-256>
debug1: kex_ext_info_check_ver: publickey-hostbound@xxxxxxxxxxx=<0>
debug1: kex_ext_info_check_ver: ping@xxxxxxxxxxx=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse:
server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256@xxxxxxxxxxx,rsa-sha2-512,rsa-sha2-256>
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Will attempt key: /export/home/dclarke/.ssh/id_rsa
debug1: Will attempt key: /export/home/dclarke/.ssh/id_ecdsa
debug1: Will attempt key: /export/home/dclarke/.ssh/id_ecdsa_sk
debug1: Will attempt key: /export/home/dclarke/.ssh/id_ed25519
debug1: Will attempt key: /export/home/dclarke/.ssh/id_ed25519_sk
debug1: Will attempt key: /export/home/dclarke/.ssh/id_xmss
debug1: Trying private key: /export/home/dclarke/.ssh/id_rsa
debug1: Trying private key: /export/home/dclarke/.ssh/id_ecdsa
debug1: Trying private key: /export/home/dclarke/.ssh/id_ecdsa_sk
debug1: Trying private key: /export/home/dclarke/.ssh/id_ed25519
debug1: Trying private key: /export/home/dclarke/.ssh/id_ed25519_sk
debug1: Trying private key: /export/home/dclarke/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
anon@xxxxxxxxxxxxxxxxxxx: Permission denied
(publickey,keyboard-interactive).
sparc64$
How's that ?
Looking good ?
--
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
