scp failure: time to update kex_algorithms?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
yoyoma2
DD-WRT User


Joined: 24 Sep 2016
Posts: 92

PostPosted: Tue Nov 12, 2019 17:47    Post subject: scp failure: time to update kex_algorithms? Reply with quote
With r41468 on R6300V2, scp from dd-wrt fails copying to/from various LAN hosts. This worked fine with kong builds.

Code:
scp user@host:/path/file .
Connection to user@host:22 exited: No matching algo kex

Normally with kong, sshd is disabled as I telnet into dd-wrt but scp works fine copying to/from various LAN hosts.

Querying BS with Jumpnow nmap gives:
Code:
| ssh2-enum-algos:
|   kex_algorithms: (3)
|       diffie-hellman-group14-sha256
|       diffie-hellman-group1-sha1
|       kexguess2@matt.ucc.asn.au
|   server_host_key_algorithms: (1)
|       ssh-rsa
|   encryption_algorithms: (4)
|       aes128-ctr
|       aes256-ctr
|       aes128-cbc
|       aes256-cbc
|   mac_algorithms: (2)
|       hmac-sha1
|       hmac-md5
|   compression_algorithms: (1)
|_      none

Querying kong with Jumpnow nmap gives:
Code:
| ssh2-enum-algos:
|   kex_algorithms: (8)
|       curve25519-sha256
|       curve25519-sha256@libssh.org
|       ecdh-sha2-nistp521
|       ecdh-sha2-nistp384
|       ecdh-sha2-nistp256
|       diffie-hellman-group14-sha256
|       diffie-hellman-group14-sha1
|       kexguess2@matt.ucc.asn.au
|   server_host_key_algorithms: (1)
|       ssh-rsa
|   encryption_algorithms: (2)
|       aes128-ctr
|       aes256-ctr
|   mac_algorithms: (1)
|       hmac-sha1
|   compression_algorithms: (1)
|_      none


Kong has some kex_algorithms that are not actively recommended against while BS has none.

This other thread gives a workaround for ssh'ing into dd-wrt but this doesn't help scp'ing from dd-wrt where sshd is off.

Time to update kex_algorithms?
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 2284
Location: Texas, USA

PostPosted: Tue Nov 12, 2019 19:04    Post subject: Reply with quote
Looks to me like Kong's config is closer to industry standard. Another reason not to upgrade my R7000P to a BS build.
_________________
E4200 v1 DD-WRT 41517 mega (K3.x)
R7000P DD-WRT 40270M kongac
E4200 v1 FreshTomato 2019.3.273 beta
E4200 v1 FreshTomato 2019.3.development
R7000 FreshTomato 2019.3.development
E4200 v1 1.0.07.development
yoyoma2
DD-WRT User


Joined: 24 Sep 2016
Posts: 92

PostPosted: Wed Nov 13, 2019 16:36    Post subject: Reply with quote
Ya, I'm starting to miss my kong build but you have to move forward eventually. The workaround was to install openssh-client from entware and use scp from it instead of dd-wrt's scp. Kind of defeats the purpose of dd-wrt if you have to integrate and configure a bunch of packages like with openwrt.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4188
Location: Netherlands

PostPosted: Wed Nov 13, 2019 16:50    Post subject: Reply with quote
The latest version of WinSCP is also complaining constantly, you can lower the settings but I will open a ticket to get things updated (I hope Wink ).
_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
yoyoma2
DD-WRT User


Joined: 24 Sep 2016
Posts: 92

PostPosted: Fri Nov 15, 2019 20:25    Post subject: Reply with quote
Thanks for logging this egc.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum