How do I enable diffie-hellman-group-exchange-sha1 as the type of key exchange in Twisted Python framework (Kippo HoneyPot Related)?

1
votes

I have an application that is an SSH client that supports the following key algorithms for negotiation.

diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256

I don't have the option of changing the SSH client, so I am trying to solve the problem on the SSH server, which is utilizing Twisted. The SSH server is actually implemented in the Kippo Honeypot, but the underlying problem is with Twisted.

I see that Twisted supports diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1 in line 221 here: https://github.com/twisted/twisted/blob/38421d6fcffa1ddb590e51df0e1c6cba6f29d052/twisted/conch/ssh/transport.py

I see that diffie-hellman-group-exchange-sha1 is being disabled in line 60 here: ​https://github.com/twisted/twisted/blob/38421d6fcffa1ddb590e51df0e1c6cba6f29d052/twisted/conch/ssh/factory.py

The diffie-hellman-group-exchange-sha1 supported but then later disabled. My application's SSH client cannot negotiate a key to establish an SSH connection to the SSH server that is utilizing Twisted.

I see this note in the code prior to disabling it "log.msg('disabling diffie-hellman-group-exchange because we cannot find moduli file')" If I try to force Twisted to use diffie-hellman-group-exchange-sha1 I get the following error.

   Traceback (most recent call last):
      File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 84, in callWithLogger
        return callWithContext({"system": lp}, func, *args, **kw)
      File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 69, in callWithContext
        return context.call({ILogContext: newCtx}, func, *args, **kw)
      File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext
        return self.currentContext().callWithContext(ctx, func, *args, **kw)
      File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext
        return func(*args,**kw)
    --- <exception caught here> ---
      File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 586, in _doReadOrWrite
        why = selectable.doRead()
      File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 199, in doRead
        rval = self.protocol.dataReceived(data)
      File "/home/sudopwn/kippo-master/kippo/core/ssh.py", line 150, in dataReceived
        transport.SSHServerTransport.dataReceived(self, data)
      File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/transport.py", line 438, in dataReceived
        self.dispatchMessage(messageNum, packet[1:])
      File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/transport.py", line 453, in dispatchMessage
        f(payload)
      File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/transport.py", line 950, in ssh_KEX_DH_GEX_REQUEST
        self.g, self.p = self.factory.getDHPrime(ideal)
      File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/factory.py", line 126, in getDHPrime
        primesKeys = self.primes.keys()
    exceptions.AttributeError: 'NoneType' object has no attribute ‘keys'

Is there a workaround or a solution to allow diffie-hellman-group-exchange-sha1 to be enabled?

1
pythonsshtwisteddiffie-hellmanhoneypot

1 Answers

1
votes

There is no "workaround" to the fact that DH key exchange requires moduli. That's how the math works. If you look in openssh_compat.py you will see that the getPrimes has a parser for openssh's primes format, and if you have moduli at /path/to/moduli then twistd -n conch --data=/path/to will parse them. You can generate these with ssh-keygen -G. You need to implement something similar on HoneyPotSSHFactory, implemented here: https://github.com/desaster/kippo/blob/master/kippo/core/ssh.py#L53

Remember that generating moduli takes a while so you will want to do it in advance.