SSH Wide Compatability Mode Unsupported [SOLUTION]

[godylockz]

Description:

Running SSH in "Wide Compatibility Mode" causes hydra not to error out. This is enabled via kali-tweaks -> Hardening or adding the following to /etc/ssh/ssh_config. The + indicates append to default.

Host *
  Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc
  KexAlgorithms +diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
  HostKeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com
  PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com                                                                                                                                                                                              

Versions

Kali Version 2022.3, Hydra v9.3

Error

$ hydra -l michael -P /usr/share/wordlists/rockyou.txt ssh://10.10.11.166
[INFO] Testing if password authentication is supported by ssh://michael@10.10.11.166:22
[2022/09/28 00:41:59.494904, 1] socket_callback_connected:  Socket connection callback: 1 (0)
[2022/09/28 00:41:59.526248, 1] ssh_client_select_hostkeys:  List of allowed host key algorithms is empty or contains only unsupported algorithms
[ERROR] could not connect to ssh://10.10.11.166:22 - ssh_set_client_kex: Out of memory

Expected behavior

SSH bruteforcing should work correctly in Wide Compatibility mode. CrackMapExec works in the meantime:

cme ssh 10.10.11.166 -u michael -p /usr/share/wordlists/rockyou.txt

[ClaudioVarandas]

I think i have the same issue, using the "Wide Compatibility Mode" too, same version of OS and Hydra.

Here is my debug data:

┌──(root㉿kali)-[~]
└─# hydra -l root -P /usr/share/wordlists/metasploit/unix_passwords.txt ssh://192.168.47.129:22 -t 4 -vV -d
Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

[DEBUG] Output color flag is 1
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-09-29 18:07:50
[DEBUG] cmdline: hydra -l root -P /usr/share/wordlists/metasploit/unix_passwords.txt -t 4 -vV -d ssh://192.168.47.129:22 
[DEBUG] opt:9 argc:10 mod:ssh tgt:192.168.47.129 port:22 misc:(null)
[DATA] max 4 tasks per 1 server, overall 4 tasks, 1009 login tries (l:1/p:1009), ~253 tries per task
[DATA] attacking ssh://192.168.47.129:22/
[VERBOSE] Resolving addresses ... 
[DEBUG] resolving 192.168.47.129
[VERBOSE] resolving done
[INFO] Testing if password authentication is supported by ssh://root@192.168.47.129:22
[ERROR] could not connect to ssh://192.168.47.129:22 - ssh_set_client_kex: Out of memory

[vanhauser-thc]

A quick search for this and libssh did not reveal the config changed required. I do not have time to work on this for the next weeks so if someone can send a PR this would be great ...

[elboulangero]

Hello,

this issue should be fixed in Kali Linux, as of today, with the latest version of kali-tweaks 2023.1.2, that just landed in kali-rolling.

Steps to follow:

1. Run sudo apt update && sudo apt full-upgrade -y to upgrade your Kali install.
2. Make sure the latest version of kali-tweaks was installed with dpkg -l | grep kali-tweaks (expect version 2023.1.2 or higher).
3. Then run kali-tweaks and enable the « SSH Wide Compatibility ». If it's already enabled, please disable it, confirm, then enable it again.

After that, it should work. Please report that the issue is indeed fixed.

For the curious, details on the exact issue can be found at: https://gitlab.com/kalilinux/packages/kali-tweaks/-/merge_requests/8#note_1241868100

Thanks!

[elboulangero]

I was told that it still fails, this time with a different error message:

[ERROR] could not connect to ssh://10.11.1.115:22 - kex error : no match for method mac algo client->server: server [hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96], client [hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512]

So I just updated kali-tweaks so that, in « SSH Wide Compatibility » mode, the legacy MACs are also enabled. This was released in kali-tweaks version 2023.1.3.

For anyone interested to test, same procedure as above to update (steps 1, 2 and 3). Thanks!

[chinnidiwakar]

Still the same issue, i tried in latest kali. any update on this? regular ssh command words, medusa works, nmap script works, but not hydra.
[ERROR] could not connect to ssh://10.0.0.169:22 - kex error : no match for method server host key algo: server [ssh-rsa,ssh-dss], client [rsa-sha2-512,rsa-sha2-256,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com]

[elboulangero]

@chinnidiwakar Did you enable SSH "Wide Compatibility Mode" in Kali? This is enabled via command kali-tweaks, then in the menu Hardening.

[chinnidiwakar]

yes, the issue was after fixing that only. i have also tried to add them to config file, that did not help either.

…

On Tue, Sep 12, 2023 at 1:34 PM Arnaud Rebillout ***@***.***> wrote: @chinnidiwakar <https://github.com/chinnidiwakar> Did you enable SSH "Wide Compatibility Mode" in Kali? This is enabled via command kali-tweaks, then in the menu Hardening. — Reply to this email directly, view it on GitHub <#792 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADLBMHDUNMUQA4YL7FK6YHDX2AJPJANCNFSM6AAAAAAQXMP374> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[rickiey]

I ran into this problem with ubuntu

[ERROR] could not connect to ssh://192.168.5.133:22 - kex error : no match for method server host key algo: server [rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519], client [ssh-rsa] 

[elboulangero]

@chinnidiwakar Just to be sure, can you give me the ouput of:

ssh -G '*' | grep -i '^HostKeyAlgo' | cut -d' ' -f2- | sed 's/,/\n/g' | sort

Thanks

[chinnidiwakar]

[image: image.png] here it is

…

On Tue, Sep 12, 2023 at 2:40 PM Arnaud Rebillout ***@***.***> wrote: @chinnidiwakar <https://github.com/chinnidiwakar> Just to be sure, can you give me the ouput of: ssh -G '*' | grep -i '^HostKeyAlgo' | cut -d' ' -f2- | sed 's/,/\n/g' | sort Thanks — Reply to this email directly, view it on GitHub <#792 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADLBMHCGVLAEKPWM6RLHFYLX2ARHLANCNFSM6AAAAAAQXMP374> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[elboulangero]

@chinnidiwakar Didn't work, there's no image

[chinnidiwakar]

is it visible now?

[elboulangero]

Yes it's visible, thanks!

I find a bit surprising, as I don't get the same output on my side (also an up-to-date Kali system), I have a few more algos:

┌──(kali㉿kali)-[~]
└─$ ssh -G '*' | grep -i '^HostKeyAlgo' | cut -d' ' -f2- | sed 's/,/\n/g' | sort
ecdsa-sha2-nistp256
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521
ecdsa-sha2-nistp521-cert-v01@openssh.com
rsa-sha2-256
rsa-sha2-256-cert-v01@openssh.com
rsa-sha2-512
rsa-sha2-512-cert-v01@openssh.com
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com
sk-ecdsa-sha2-nistp256@openssh.com
sk-ssh-ed25519-cert-v01@openssh.com
sk-ssh-ed25519@openssh.com
ssh-dss
ssh-dss-cert-v01@openssh.com
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-rsa-cert-v01@openssh.com
webauthn-sk-ecdsa-sha2-nistp256@openssh.com

Can you also share the output of those commands please:

┌──(kali㉿kali)-[~]
└─$ ls /etc/ssh/ssh_config.d                      
kali-wide-compat.conf
                                                                                                                              
┌──(kali㉿kali)-[~]
└─$ cat /etc/ssh/ssh_config.d/kali-wide-compat.conf 
# The configuration below enables legacy ciphers and algorithms,
# to allow interacting with old servers that still use those.
#
# If the setting(s) in this file are not desirable, do NOT
# modify this file. Instead, start 'kali-tweaks' in a
# terminal and change the setting from there.

Host *
    Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc
    KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
    HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-dss,ssh-dss-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com
    MACs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-md5-96,hmac-md5-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha1-96,hmac-sha1-96-etm@openssh.com
    PubkeyAcceptedAlgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-dss,ssh-dss-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com

Thanks

[godylockz]

The only thing different on Kali Wide Compatibility config since the fix is..

    MACs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-md5-96,hmac-md5-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha1-96,hmac-sha1-96-etm@openssh.com

Can you please confirm you are getting positive attempts using another SSH bruteforce utility such as crackmapexec?

Any additional details for debugging on the target, that would be great.

The original target I created the issue still works.

[chinnidiwakar]

└─# ls /etc/ssh/ssh_config.d/kali-wide-compat.conf 
/etc/ssh/ssh_config.d/kali-wide-compat.conf
                                                                                                                              
┌──(root㉿kali)-[~]
└─# cat /etc/ssh/ssh_config.d/kali-wide-compat.conf               
# The configuration below enables legacy ciphers and algorithms,
# to allow interacting with old servers that still use those.
#
# If the setting(s) in this file are not desirable, do NOT
# modify this file. Instead, start 'kali-tweaks' in a
# terminal and change the setting from there.

Host *
    Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc
    KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
    HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-dss,ssh-dss-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com
    MACs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-md5-96,hmac-md5-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha1-96,hmac-sha1-96-etm@openssh.com
    PubkeyAcceptedAlgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-dss,ssh-dss-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com

[chinnidiwakar]

└─# crackmapexec ssh 10.0.0.159 -u root -p pass.txt
SSH         10.0.0.159      22     10.0.0.159       [*] SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
SSH         10.0.0.159      22     10.0.0.159       [-] root:password Authentication failed.
SSH         10.0.0.159      22     10.0.0.159       [+] root:toor (Pwn3d!)
                                                                             ```

[chinnidiwakar]

[elboulangero]

@chinnidiwakar Thanks for the feedback. Something doesn't really match in your config though.

We have the same config file /etc/ssh/ssh_config.d/kali-wide-compat.conf, however the output of the command ssh -G '*' | grep -i '^HostKeyAlgo' | cut -d' ' -f2- | sed 's/,/\n/g' | sort that you pasted above doesn't match mine. In this output, the following algos are missing:

ssh-dss
ssh-dss-cert-v01@openssh.com
ssh-rsa-cert-v01@openssh.com
webauthn-sk-ecdsa-sha2-nistp256@openssh.com

Are you that you don't have some other config (in /etc/ssh/ssh_config.d or in /etc/ssh/ssh_config) that modifies HostKeyAlgorithms?

Besides, the list of algo proposed by the hydra (last line, client [...]) doesn't match the algo listed by the command ssh -G '*'... It's all confusing to me.

[chinnidiwakar]

Nope Only One under ssh_config.d

and only this content in ssh_config

└─# cat /etc/ssh/ssh_config                        

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Include /etc/ssh/ssh_config.d/*.conf

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
                                    ```

[elboulangero]

Ok... What about your ~/.ssh directory, any config there?

So far I can't explain why the command ssh -G '*' | grep -i '^HostKeyAlgo' | cut -d' ' -f2- | sed 's/,/\n/g' | sort doesn't show all algorithms, it might be related to the issue you're having. But it's something in your setup, so you should try to sort that out first.

[chinnidiwakar]

└─# cd .ssh                    
                                                                                                                              
┌──(root㉿kali)-[~/.ssh]
└─# ls                     
config  known_hosts  known_hosts.old
                                                                                                                              
┌──(root㉿kali)-[~/.ssh]
└─# cat config             
Host *
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
Ciphers +aes128-cbc,aes256-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group14-sha1
                                                                                                                              
┌──(root㉿kali)-[~/.ssh]
└─# cat known_hosts
|1|76LXJtBP0owI1pKahd1sHuBIx/w=|AFaVVqEeqMC6p4lLzPf//91ZxSQ= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAstqnuFMBOZvO3WTEjP4TUdjgWkIVNdTq6kboEDjteOfc65TlI7sRvQBwqAhQjeeyyIk8T55gMDkOD0akSlSXvLDcmcdYfxeIF0ZSuT+nkRhij7XSSA/Oc5QSk3sJ/SInfb78e3anbRHpmkJcVgETJ5WhKObUNf1AKZW++4Xlc63M4KI5cjvMMIPEVOyR3AKmI78Fo3HJjYucg87JjLeC66I7+dlEYX6zT8i1XYwa/L1vZ3qSJISGVu8kRPikMv/cNSvki4j+qDYyZ2E5497W87+Ed46/8P42LNGoOV8OcX/ro6pAcbEPUdUEfkJrqi2YXbhvwIJ0gFMb6wfe5cnQew==
|1|A7sMLVqSKm8AEvGATQ3GZouz7P0=|0DBmzsnTXEBLg00EcB4CEY5/F50= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvehXYom8uMxoVm24UzeGE7SOVsWjZcqN5KxuPiJld4
|1|tOGdV9AySiMAp2Ftlikz0jPp8a4=|05slJEjtiGYEXMsHI51xfx8WhIY= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+jqqZKVegyOKFd3cc0vByJqpF9OXGcAytlm+DZFXDmPAMNwWanRN8b7eMWA3oEJwszI3c/M+przNm1Ultl4m3RfU01XiWSfWphC13rgBfMRLSDSDjj5EtTv4fPwXUeDJVflQ7lvYNgfF6c2MP5VFfj2GdynVO6EJJse1S2LrGX7wCfsfYs7CFd2GUVWeH9hau673oRVY0pcIKwwh80p1tr90g5cJjpjzLYGsOwShDJwipEFit0lxI9e8nEF/tYbGtYOabvVEokO+ze//mwvxqv5pm3IhV8juiC26iDNDDh4BvvcAczN9kREKy1LN5kXem9xePkWbrUohc8zze2eXCifwqUq5SNXMGdJaBCw3uBs4kM5bw5ki5z03SnXnINlrC2fyEKoGTxLnQ1+bEjHB4/kPaxfBUYerS8pMkn+OztVO8JMXG6u+IFg8wNjfcd3Bba+UItK8j6vNpy4AvcrkAKyBmEW5YRHI+Kimcy4o2+LlvDqZP/RWuYkCkIKAbFpM=
|1|AmqocFwlwBKAtlCodG+xRB30HzA=|6xZi8vZo7wPqSFuwX0uA7OTifrI= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOYSZyPQ6Lr80Z2b9E0IFTEGlZcroQx5tcbKpR/W/MGQXxcGREQ3IV3Y/ARyO/+INpGkKyaIQfHnj9fSlk1leMg=
|1|pa+QHDpvutgOYomnDViVHHSEEC4=|r+6qHVLtXwmlEk0K8HtE3gf9w2k= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAstqnuFMBOZvO3WTEjP4TUdjgWkIVNdTq6kboEDjteOfc65TlI7sRvQBwqAhQjeeyyIk8T55gMDkOD0akSlSXvLDcmcdYfxeIF0ZSuT+nkRhij7XSSA/Oc5QSk3sJ/SInfb78e3anbRHpmkJcVgETJ5WhKObUNf1AKZW++4Xlc63M4KI5cjvMMIPEVOyR3AKmI78Fo3HJjYucg87JjLeC66I7+dlEYX6zT8i1XYwa/L1vZ3qSJISGVu8kRPikMv/cNSvki4j+qDYyZ2E5497W87+Ed46/8P42LNGoOV8OcX/ro6pAcbEPUdUEfkJrqi2YXbhvwIJ0gFMb6wfe5cnQew==
                                                                                                                              
┌──(root㉿kali)-[~/.ssh]
└─# cat known_hosts.old 
|1|76LXJtBP0owI1pKahd1sHuBIx/w=|AFaVVqEeqMC6p4lLzPf//91ZxSQ= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAstqnuFMBOZvO3WTEjP4TUdjgWkIVNdTq6kboEDjteOfc65TlI7sRvQBwqAhQjeeyyIk8T55gMDkOD0akSlSXvLDcmcdYfxeIF0ZSuT+nkRhij7XSSA/Oc5QSk3sJ/SInfb78e3anbRHpmkJcVgETJ5WhKObUNf1AKZW++4Xlc63M4KI5cjvMMIPEVOyR3AKmI78Fo3HJjYucg87JjLeC66I7+dlEYX6zT8i1XYwa/L1vZ3qSJISGVu8kRPikMv/cNSvki4j+qDYyZ2E5497W87+Ed46/8P42LNGoOV8OcX/ro6pAcbEPUdUEfkJrqi2YXbhvwIJ0gFMb6wfe5cnQew==
|1|A7sMLVqSKm8AEvGATQ3GZouz7P0=|0DBmzsnTXEBLg00EcB4CEY5/F50= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvehXYom8uMxoVm24UzeGE7SOVsWjZcqN5KxuPiJld4
                                                                                                                              
┌──(root㉿kali)-[~/.ssh]
└─# 

[chinnidiwakar]

this is the default kali downloaded and using straight from kali.org website, and the same issue persists in 10 or more other kali's. so i dont even know where the issue is to fix.

[elboulangero]

@chinnidiwakar

The file ~/.ssh/config is what's causing the issue. You surely see that this file defines PubkeyAcceptedAlgorithms and HostkeyAlgorithms and Ciphers and KexAlgorithms, right? Hence those settings take precedence over what's in /etc/ssh/ssh_config.d/kali-wide-compat.conf. In other words, Kali Wide Compat settings are ignored.

So please remove the file ~/.ssh/config and maybe that will be enough to fix the issue.

Also, this file is not Kali's default, what's in ~/.ssh/ was added by you.

[chinnidiwakar]

Hi Sorry for delayed Response, and Thanks for Noticing, that config file is a small workaround that i found on the stackoverflow, and forgot to remove it later, as you explained it think it takes precedence and not taking my kali-tweaks modifications, i removed the file and now hydra could crack it just as expected, thanks for your time and support with all these back and forth, i will try to reexecute all the commands and will share the output for future reference. Thanks again.

[ulist]

[ERROR] could not connect to ssh://192.168.0.149:22 - kex error : no match for method server host key algo: server [ssh-dss], client [ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa]

Crackmapexec

ValueError: p must be exactly 1024, 2048, 3072, or 4096 bits long

I did the kali twaek
No ~/.ssh/config

root@localhost:~# ssh -G '*' | grep -i '^HostKeyAlgo' | cut -d' ' -f2- | sed 's/,/\n/g' | sort                                                                      ecdsa-sha2-nistp256                                                               ecdsa-sha2-nistp256-cert-v01@openssh.com                                          ecdsa-sha2-nistp384                                                               ecdsa-sha2-nistp384-cert-v01@openssh.com                                          ecdsa-sha2-nistp521                                                               ecdsa-sha2-nistp521-cert-v01@openssh.com                                          rsa-sha2-256                                                                      rsa-sha2-256-cert-v01@openssh.com
rsa-sha2-512                                                                      rsa-sha2-512-cert-v01@openssh.com                                                 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com                                       sk-ecdsa-sha2-nistp256@openssh.com                                                sk-ssh-ed25519-cert-v01@openssh.com                                               sk-ssh-ed25519@openssh.com                                                        ssh-dss                                                                           ssh-dss-cert-v01@openssh.com                                                      ssh-ed25519                                                                       ssh-ed25519-cert-v01@openssh.com
ssh-rsa                                                                           ssh-rsa-cert-v01@openssh.com                                                      webauthn-sk-ecdsa-sha2-nistp256@openssh.com