英文:
How do you connect to unencrypted server session using GoLang SSH
问题
我正在尝试连接到一个使用"none"作为密码、密钥交换和主机密钥算法的未加密服务器。我已经尝试使用Go语言中的基本SSH包来实现这一点,但是当我发送请求时,密码的"none"值被设置为nil,因为它不是一个被批准的密码。
我正在使用下面的代码来设置将发送到服务器的客户端配置。"none"值被接受用于HostKeyCallback和HostKeyAlgorithm,但是对于密码来说,它不被接受,因为密码的值必须在批准的密码列表中。理论上,密码不应该起作用,因为它只在使用加密时才会被使用。
clientConfig := ssh.ClientConfig{
User: "user",
Timeout: 10 * time.Second,
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
Config: ssh.Config{
KeyExchanges: []string{"none"},
Ciphers: []string{"none"},
},
HostKeyAlgorithms: []string{"none"},
}
sshClientConn, chans, reqs, err := ssh.NewClientConn(s.socket, "", &clientConfig)
这会导致以下错误:
failed to create ssh session: error creating ssh client connection: ssh: handshake failed: ssh: no common algorithm for client to server cipher; client offered: [], server offered: [none]
英文:
I'm trying to connect to a unencrypted Server that uses "none" for the cipher, keyExchange and HostKeyAlgorithm. I have tried to do this with the base SSH package in go but when I send the request the "none" value for ciphers is set to nil since it is not an approve cipher.
I am using the code below to set up the client config that will be sent to the sever. The "none" value is accepted for HostKeyCallback and HostKeyAlgorithm but not for Ciphers because the cipher value must be in the list of approved ciphers. In theory, the cipher shouldn't matter as it should only be used when using encryption.
clientConfig := ssh.ClientConfig{
User: "user",
Timeout: 10 * time.Second,
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
Config: ssh.Config{
KeyExchanges: []string{"none"},
Ciphers: []string{"none"},
},
HostKeyAlgorithms: []string{"none"},
}
sshClientConn, chans, reqs, err := ssh.NewClientConn(s.socket, "", &clientConfig)
This gives the error
failed to create ssh session: error creating ssh client connection: ssh: handshake failed: ssh: no common algorithm for client to server cipher; client offered: [], server offered: [none]
答案1
得分: 1
SSH协议旨在提供安全的加密连接。这就是它的名字:Secure Shell(安全外壳)。根据RFC中的规定,该协议不预期协商非加密连接,因为这与协议的目的明显相悖。如果人们想要一个容易被篡改的非加密连接,他们本可以继续使用telnet。
然而,有一些补丁可以让特殊修补版本的OpenSSH接受“none”选项,理由是加密太昂贵(而在现今几乎从不是这种情况)。由于“none”算法存在安全问题,因此并不广泛支持,我不认为Go SSH库支持它们。如果你在服务器端使用标准库或实现,那么只要你使用最近一周左右的版本(在这个版本中修补了实现RSA与SHA-2),Go SSH库可能可以与之互操作。否则,如果服务器只支持“none”密码,你将需要使用其他方法。
英文:
The SSH protocol is designed to provide a secure, encrypted connection. That's in the name: Secure Shell. The protocol as specified in the RFCs does not anticipate negotiating an unencrypted connection since that's specifically contrary to the purpose of the protocol. If people wanted an unencrypted connection that could be easily tampered with, they would have stuck with telnet.
However, there are some patches floating around that allow specially patched versions of OpenSSH to accept none on the idea that encryption is too expensive (which, these days, is almost never the case). The none algorithms are not widely supported because they are insecure, and I don't believe that the Go SSH library supports them. If you're using a standard library or implementation on the server side, the Go SSH library can probably interoperate with it using one of the normal ciphers provided you use a version from the last week or so (when it was patched to implement RSA with SHA-2). Otherwise, if the server only supports the none cipher, you'll need to use an alternate approach.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论