parda25

PAM 2.8.x SSH cipher suites

Blog Post created by parda25 Employee on Mar 21, 2018

Introduction

This article is sharing network packet of SSH client init captured by Wireshark between Centos7 and PAM 2.8.4 to identify which cipher suite can be used to connect from PAM.  

 

Cipher suite supported by PAM 2.8.4.1

Below is the list of the key algorithms, encryption algorithm and mac algorithms which are supported by PAM 2.8.x

 

  • kex_algorithms string: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
  •  encryption_algorithms: aes128-ctr,arcfour128,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour
  • mac_algorithms: hmac-sha2-256,hmac-sha2-512,hmac-sha256-2@ssh.com,hmac-sha256@ssh.com,hmac-sha512@ssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

 

Network packet of Client key init raw data

Frame 310: 830 bytes on wire (6640 bits), 830 bytes captured (6640 bits) on interface 0

Ethernet II, Src: Vmware_e3:09:95 (00:0c:29:e3:09:95), Dst: Vmware_25:82:47 (00:0c:29:25:82:47)

Internet Protocol Version 4, Src: 155.35.245.40 (155.35.245.40), Dst: 155.35.245.67 (155.35.245.67)

Transmission Control Protocol, Src Port: 52122 (52122), Dst Port: ssh (22), Seq: 26, Ack: 22, Len: 776

   Source port: 52122 (52122)

   Destination port: ssh (22)

   [Stream index: 1]

   Sequence number: 26   (relative sequence number)

   [Next sequence number: 802   (relative sequence number)]

   Acknowledgment number: 22   (relative ack number)

   Header length: 20 bytes

   Flags: 0x018 (PSH, ACK)

   Window size value: 29200

   [Calculated window size: 29200]

   [Window size scaling factor: -2 (no window scaling used)]

   Checksum: 0xa7b8 [validation disabled]

   [SEQ/ACK analysis]

SSH Protocol

   SSH Version 2 (encryption:aes128-ctr mac:hmac-sha2-256 compression:none)

       Packet Length: 772

       Padding Length: 9

       Key Exchange

           Message Code: Key Exchange Init (20)

           Algorithms

               Cookie: f07c94fa3ce1a23231b45f276b6d4de4

               kex_algorithms length: 183

               kex_algorithms string: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

               server_host_key_algorithms length: 75

               server_host_key_algorithms string: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss,ssh-rsa

               encryption_algorithms_client_to_server length: 84

               encryption_algorithms_client_to_server string: aes128-ctr,arcfour128,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour

               encryption_algorithms_server_to_client length: 84

               encryption_algorithms_server_to_client string: aes128-ctr,arcfour128,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour

               mac_algorithms_client_to_server length: 133

               mac_algorithms_client_to_server string: hmac-sha2-256,hmac-sha2-512,hmac-sha256-2@ssh.com,hmac-sha256@ssh.com,hmac-sha512@ssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

               mac_algorithms_server_to_client length: 133

               mac_algorithms_server_to_client string: hmac-sha2-256,hmac-sha2-512,hmac-sha256-2@ssh.com,hmac-sha256@ssh.com,hmac-sha512@ssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

               compression_algorithms_client_to_server length: 4

               compression_algorithms_client_to_server string: none

               compression_algorithms_server_to_client length: 4

               compression_algorithms_server_to_client string: none

               languages_client_to_server length: 0

               languages_server_to_client length: 0

               KEX First Packet Follows: 0

               Reserved: 00000000

           Padding String: 0205070d0d171f2828

 

--

Outcomes