config rclone to support diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1

Question

Some quick background. I use rclone to transfer data to a SFTP server. rclone is written in Golang and uses lib crypto under the hood. When we try to establish ssh connection to SFTP server, we get the error message

couldn't connect SSH: ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1], server offered: [diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1].

crypto lib has added the support for diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 around 3 weeks ago, but needs to be opt-in. (See https://github.com/golang/crypto/commit/57b3e21c3d5606066a87e63cfe07ec6b9f0db000)

Obviously, the latest rclone version hasn’t opt-in those algorithms support yet. So the question is: Anyone know how to config rclone to opt-in algorithm support for diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1

https://github.com/ncw/rclone/issues/1810 references this issue. As you haven't given a complete minimal example showing this problem, I am going to vote to close and suggest you rely on the project's bug tracking — Vorsprung, Jul 10 '19 at 11:29

score 2 · Accepted Answer · answered Jul 12 '19 at 07:17

We have managed to opt-in those algorithms support and submitted a PR here: https://github.com/ncw/rclone/pull/3341

Note: since those algorithms are considered insecure, your also need to use the exisiting rclone flag --sftp-use-insecure-cipher to make them available for SSH handshake.

score 1 · Answer 2 · answered Jun 17 '21 at 08:02

The interactive rclone config now provides enabling insecure ciphers as well:

Enable the use of insecure ciphers and key exchange methods.

This enables the use of the following insecure ciphers and key exchange methods:

- aes128-cbc
- aes192-cbc
- aes256-cbc
- 3des-cbc
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group-exchange-sha1

Those algorithms are insecure and may allow plaintext data to be recovered by an attacker.
Enter a boolean value (true or false). Press Enter for the default ("false").
Choose a number from below, or type in your own value
 1 / Use default Cipher list.
   \ "false"
 2 / Enables the use of the aes128-cbc cipher and diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1 key exchange.
   \ "true"
use_insecure_cipher> 2

config rclone to support diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1

2 Answers2