Weak security algorithm

scineram · November 26, 2025, 5:01pm

Not sure on which version did this start, but with 24.10.4 I cannot login from WebSSH on iOS, unless I enable a weak security option. I use literally the same keypair for passwordless access to my Freenas, but that works just fine. Here is an errorlog. Can somebody decrypt it?

<EngineLog>
  <Connect_Ssh>
    <EngineVersion>9.5.0.99</EngineVersion>
    <EngineStatus>2</EngineStatus>
    <connectInner>
      <hostname>192.168.1.1</hostname>
      <port>22</port>
      <sshConnect>
      </sshConnect>
      <sshSetupConnection>
        <clientIdentifier>SSH-2.0-WebSSH_29.9</clientIdentifier>
        <initialDataFromSshServer><![CDATA[SSH-2.0-dropbear
]]></initialDataFromSshServer>
        <serverVersion>SSH-2.0-dropbear</serverVersion>
        <serverKex>
          <KeyExchangeAlgs>
            <algorithm>curve25519-sha256</algorithm>
            <algorithm>curve25519-sha256@libssh.org</algorithm>
            <algorithm>diffie-hellman-group14-sha256</algorithm>
            <algorithm>kexguess2@matt.ucc.asn.au</algorithm>
            <algorithm>kex-strict-s-v00@openssh.com</algorithm>
          </KeyExchangeAlgs>
          <HostKeyAlgs>
            <algorithm>ssh-ed25519</algorithm>
            <algorithm>rsa-sha2-256</algorithm>
            <algorithm>ssh-rsa</algorithm>
          </HostKeyAlgs>
          <EncCS>
            <algorithm>chacha20-poly1305@openssh.com</algorithm>
            <algorithm>aes128-ctr</algorithm>
            <algorithm>aes256-ctr</algorithm>
          </EncCS>
          <EncSC>
            <algorithm>chacha20-poly1305@openssh.com</algorithm>
            <algorithm>aes128-ctr</algorithm>
            <algorithm>aes256-ctr</algorithm>
          </EncSC>
          <MacCS>
            <algorithm>hmac-sha2-256</algorithm>
          </MacCS>
          <MacSC>
            <algorithm>hmac-sha2-256</algorithm>
          </MacSC>
          <CompCS>
            <algorithm>none</algorithm>
          </CompCS>
          <CompSC>
            <algorithm>none</algorithm>
          </CompSC>
          <ChosenIncomingEncryption>aes128-ctr</ChosenIncomingEncryption>
          <ChosenOutgoingEncryption>aes128-ctr</ChosenOutgoingEncryption>
          <error>No matching mac algorithms supported.</error>
          <error>Unable to agree upon server-to-client MAC algorithm.</error>
          <error>No matching mac algorithms supported.</error>
          <error>Unable to agree upon client-to-server MAC algorithm.</error>
          <ChosenIncomingCompression>none</ChosenIncomingCompression>
          <ChosenOutgoingCompression>none</ChosenOutgoingCompression>
          <ChosenKexAlgorithm>curve25519-sha256</ChosenKexAlgorithm>
          <ChosenHostKeyAlgorithm>ssh-ed25519</ChosenHostKeyAlgorithm>
        </serverKex>
        <sshRawPacket>Socket connection closed.</sshRawPacket>
        <sshKexInitResponse>Socket connection closed.</sshKexInitResponse>
        <error>Failed to read KEX init response</error>
      </sshSetupConnection>
      <sshConnect>
      </sshConnect>
      <sshSetupConnection>
        <clientIdentifier>SSH-2.0-WebSSH_29.9</clientIdentifier>
        <initialDataFromSshServer><![CDATA[SSH-2.0-dropbear
]]></initialDataFromSshServer>
        <serverVersion>SSH-2.0-dropbear</serverVersion>
        <serverKex>
          <KeyExchangeAlgs>
            <algorithm>curve25519-sha256</algorithm>
            <algorithm>curve25519-sha256@libssh.org</algorithm>
            <algorithm>diffie-hellman-group14-sha256</algorithm>
            <algorithm>kexguess2@matt.ucc.asn.au</algorithm>
            <algorithm>kex-strict-s-v00@openssh.com</algorithm>
          </KeyExchangeAlgs>
          <HostKeyAlgs>
            <algorithm>ssh-ed25519</algorithm>
            <algorithm>rsa-sha2-256</algorithm>
            <algorithm>ssh-rsa</algorithm>
          </HostKeyAlgs>
          <EncCS>
            <algorithm>chacha20-poly1305@openssh.com</algorithm>
            <algorithm>aes128-ctr</algorithm>
            <algorithm>aes256-ctr</algorithm>
          </EncCS>
          <EncSC>
            <algorithm>chacha20-poly1305@openssh.com</algorithm>
            <algorithm>aes128-ctr</algorithm>
            <algorithm>aes256-ctr</algorithm>
          </EncSC>
          <MacCS>
            <algorithm>hmac-sha2-256</algorithm>
          </MacCS>
          <MacSC>
            <algorithm>hmac-sha2-256</algorithm>
          </MacSC>
          <CompCS>
            <algorithm>none</algorithm>
          </CompCS>
          <CompSC>
            <algorithm>none</algorithm>
          </CompSC>
          <ChosenIncomingEncryption>aes128-ctr</ChosenIncomingEncryption>
          <ChosenOutgoingEncryption>aes128-ctr</ChosenOutgoingEncryption>
          <error>No matching mac algorithms supported.</error>
          <error>Unable to agree upon server-to-client MAC algorithm.</error>
          <error>No matching mac algorithms supported.</error>
          <error>Unable to agree upon client-to-server MAC algorithm.</error>
          <ChosenIncomingCompression>none</ChosenIncomingCompression>
          <ChosenOutgoingCompression>none</ChosenOutgoingCompression>
          <ChosenKexAlgorithm>curve25519-sha256</ChosenKexAlgorithm>
          <ChosenHostKeyAlgorithm>ssh-ed25519</ChosenHostKeyAlgorithm>
        </serverKex>
        <sshRawPacket>Socket connection closed.</sshRawPacket>
        <sshKexInitResponse>Socket connection closed.</sshKexInitResponse>
        <error>Failed to read KEX init response</error>
      </sshSetupConnection>
    </connectInner>
    <error>Failed.</error>
  </Connect_Ssh>
</EngineLog>

brada4 · November 26, 2025, 5:47pm

Your client supports only ONE MAC algorithm, server accepts that. It is certainly a bug in client, as much as log is written everything id fine until client dies off by itself.

          <MacCS>
            <algorithm>hmac-sha2-256</algorithm>
          </MacCS>
          <MacSC>
            <algorithm>hmac-sha2-256</algorithm>
          </MacSC>

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board

scineram · November 26, 2025, 6:04pm

Thanks for the help!

root@LEDE:~# ubus call system board
{
        "kernel": "6.6.110",
        "hostname": "LEDE",
        "system": "ARMv8 Processor rev 4",
        "model": "D-Link AQUILA PRO AI M60 A1",
        "board_name": "dlink,aquila-pro-ai-m60-a1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.4",
                "revision": "r28959-29397011cc",
                "target": "mediatek/filogic",
                "description": "OpenWrt 24.10.4 r28959-29397011cc",
                "builddate": "1760891865"
        }
}

scineram · November 28, 2025, 3:51pm

I tried to report the issue to WebSSH.
https://github.com/isontheline/pro.webssh.net/issues/1484
Do they have an unreasonable security requirement?

brada4 · November 28, 2025, 3:57pm

They support ONE algorithm that they refuse as insecure.

OpenSSH

debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512