Weird error in different situations: "Unable to exchange encryption keys" #349
Description
Hi,
I have a weird problem with SSH handshake that I didn't have previously. Maybe related to SSH server getting updated at some point, I don't know.
The thing is that if I build a flatpak, it works, but if I do just e.g. cargo run it doesn't.
The error is "[Session(-1)] Unable to exchange encryption keys".
Cargo.lock says that ssh2-crate version is 0.9.5.
Regular OpenSSH client works.
Without flatpak, the SSH server logs show:
Connection from 10.0.20.10 port 43390 on 10.0.50.10 port 22 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_9.7
debug1: Remote protocol version 2.0, remote software version libssh2_1.11.1_DEV
debug1: compat_banner: no match: libssh2_1.11.1_DEV
debug2: fd 4 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 212790
debug3: preauth child monitor started
debug3: privsep user:group 997:996 [preauth]
debug1: permanently_set_uid: 997/996 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-ed25519 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
*HANGS HERE*
And with flatpak:
Connection from 10.0.20.10 port 51588 on 10.0.50.10 port 22 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_9.7
debug1: Remote protocol version 2.0, remote software version libssh2_1.11.1_DEV
debug1: compat_banner: no match: libssh2_1.11.1_DEV
debug2: fd 4 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 213553
debug3: preauth child monitor started
debug3: privsep user:group 997:996 [preauth]
debug1: permanently_set_uid: 997/996 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-ed25519 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
etc...
The point where it hangs is where client-side error is returned from handshake():
session_data.session = ssh2::Session::new().unwrap();
session_data.session.set_tcp_stream(stream);
if let Err(error) = session_data.session.handshake() {
Any idea what could be causing this?