Cannot connect via Synapse and SSH to a linux box

[Pascal]

I have 2 other machines at home with the following errors:

box3: ubuntuserver

Code: Pascal  [Select][+][-]

1. OpenSSL 1.0.1f 6 Jan 2014

Error: Error connecting to SSH server ubuntuserver:22 as user pascal. Technical details: No algorithm compatible with the remote system's selection was found: 'aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com'

box5: kodi

Code: Pascal  [Select][+][-]

1. LibreSSL 2.2.6

Error: Error connecting to SSH server kodi:22 as user root. Technical details: No algorithm compatible with the remote system's selection was found: 'chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com'

[Thaddy]

The servers do not recognize the protocols.
The openssl one really needs updating.
On ubunto do sudo apt-get update suso apt-get upgrade
You really need to update your encryption libraries.
I can not help you in any meaningful way if you don't update.
You also need to update libressl to 2.4.3.

After that we can take the next step.

Except maybe for the really old openssl versions from 2008 and 2009 your package manager should install a version that is up to date since security packages are often back-ported.
Even if it is an otherwise non-maintained distribution!
The openssl version number should be 1.0.0t or higher.

The reason being that many protocols have been added and some protocols are disabled or removed for security reasons.

Also note you have only one of the four boxes correctly configured: the one that drops the connection without answer.
First update. The latter will come later.

[Pascal]

On ubunto do sudo apt-get update sudo apt-get upgrade

I did but openssl version is still the same :-(

[Pascal]

But why is putty able to connect to these machines without any problems?

[Thaddy]

PuTTy uses its own non-standard type of certicicate, although the handshake is standard.
Are you by any chance using PuTTy's certificates? Then that may be the cause. SSH <> PuTTy in this case.
I am pretty sure we narrowed it down to a certificate issue as the main culprit.

See https://help.ubuntu.com/community/SSH/OpenSSH/Keys

Since you are using very old encryption on at least three of those boxes don't choose a keylength of 2048 or 4096 at first. First try 1024, the try with 2048 and hopefully 4096 will also work on your servers.

[Pascal]

Since you are using very old encryption on at least three of those boxes don't choose a keylength of 2048 or 4096 at first. First try 1024, the try with 2048 and hopefully 4096 will also work on your servers.

How can i do this with the sample code/synapse?
Sorry, but i do not have any knowledge of using SSH, SSL and encryption!

[Pascal]

Are you by any chance using PuTTy's certificates? Then that may be the cause.

No, as i installed putty a while after i tried to connect to those linux boxes (at least at home).

[Thaddy]

Follow these instructions.
https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2

Then run the example from the wiki:
http://wiki.lazarus.freepascal.org/Synapse#SSH.2FTelnet_client_sample_program

[Pascal]

Didn't work:
Error connecting to SSH server kodi:22 as user root. Technical details:
Error connecting to SSH server ubuntuserver:22 as user pascal. Technical details:


Can anybody connect to SSH servers on linux machines using synapse, or any other pascal source code?

[Thaddy]

Yes I can. I do it on a daily basis. The example works, afaik. I use a slightly different one but the wiki example works if all requirements are properly installed.

[Pascal]

Do you use cryptlib or openssl? And do you connect from Windows?

If you use openssl on windows, can you send me your bindings and dlls?

[rvk]

@Pascal, what version of Synapse did you use?
You should use the SVN version and not the stable release no. 40.

[Thaddy]

Get it here https://sourceforge.net/p/synalist/code/HEAD/tree/trunk/ download snapshot

or if you have svn installed:
svn co https://svn.code.sf.net/p/synalist/code/trunk synapsetrunk

[Pascal]

I already use the svn trunk version!

[Thaddy]

In this case did you really, really, honestly follow up on my instructions because I am unable to replicate the issue on multiple server platforms.

I tested armhf client to windows server. armhf client to armhf server. armhf client to linux x86_64 server, linux-x86_64 client to linux-x86_64 server windows 10-64 to linuxx86_64 server and they all work with the example code and properly installed certificates. See the link on how to do that and do not out-smart those instructions.

I can't help more than I did. Simply put: I spend hours on it and can't replicate it.

Note I have synapse SSH code using openssl running in production code for high-level clients. I mean top 500 banks. Many people here know that.