Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

1.0.216 reports NoCommonAlgo error #10148

Closed
dly553709938 opened this issue Jan 3, 2025 · 3 comments
Closed

1.0.216 reports NoCommonAlgo error #10148

dly553709938 opened this issue Jan 3, 2025 · 3 comments
Labels

Comments

@dly553709938
Copy link

dly553709938 commented Jan 3, 2025

Server system: RedHat 6.5
Server ssh version: OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010

Client system: macOS 15.2
Tabby version: 1.0.216

After my Tabby was automatic upgraded to version 216, when I connected to the server through ssh as before, the console output error:

NoCommonAlgo { kind: Kex, ours: ["curve25519-sha256", "[email protected]", "diffie-hellman-group14-sha256", "diffie-hellman-group16-sha512", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521"], theirs: ["diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"] }

I didn't have this problem before. I checked the Release Notes and changed to a new ssh backend.

I need to manually check diffie-hellman-group14-sha1 or diffie-hellman-group1-sha1 in CIPHERS of each existing Profile in Profiles & connection to connect to the server. Can it be changed to be selected by default? I think there are still many mature projects using RedHat 6.x system.

@Eugeny
Copy link
Owner

Eugeny commented Jan 3, 2025

The first two dynamic gex exchanges are indeed not supported by the new backend yet. The g14sha1 is supported but needs to be explicitly enabled since it's less secure.

The kex list on the server looks weird though - it appears that it could in theory support standard sha256 fixed group exchanges but they're explicitly disabled and only the sha256 dynamic group kex is enabled.

@dly553709938
Copy link
Author

I hope that the first two dynamic gex exchanges, or at least one of them, can be implemented as soon as possible. I believe that many compatibility issues can be avoided.

@Eugeny
Copy link
Owner

Eugeny commented Jan 8, 2025

It's fixed in the nightly now

@Eugeny Eugeny closed this as completed Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants