(mac) unknown algorithm(s) found!: aes128-gcm@openssh.com,aes256-gcm@openssh.com

[rein123]

Hi!
Using https://github.com/jtesta/ssh-audit/releases/tag/v3.3.0 I want to report the following:

Starting audit of 192.168.0.10:22...
# general
(gen) banner: SSH-2.0-Mocana SSH
(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2020.79+
(gen) compression: disabled
# key exchange algorithms
(kex) curve25519-sha256              -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
(kex) curve25519-sha256              -- [info] default key exchange from OpenSSH 7.4 to 8.9
(kex) curve25519-sha256@libssh.org   -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62
(kex) curve25519-sha256@libssh.org   -- [info] default key exchange from OpenSSH 6.5 to 7.3
[0;31m(kex) ecdh-sha2-nistp521             -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
(kex) ecdh-sha2-nistp521             -- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
[0;31m(kex) ecdh-sha2-nistp384             -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
(kex) ecdh-sha2-nistp384             -- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
[0;31m(kex) ecdh-sha2-nistp256             -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
(kex) ecdh-sha2-nistp256             -- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) diffie-hellman-group15-sha512
(kex) diffie-hellman-group16-sha512  -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group17-sha512
(kex) diffie-hellman-group18-sha512  -- [info] available since OpenSSH 7.3
# host-key algorithms
(key) ssh-ed25519                    -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79
# encryption algorithms (ciphers)
(enc) AEAD_AES_128_GCM
(enc) aes128-gcm@openssh.com         -- [info] available since OpenSSH 6.2
(enc) AEAD_AES_256_GCM
(enc) aes256-gcm@openssh.com         -- [info] available since OpenSSH 6.2
(enc) aes128-ctr                     -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes256-ctr                     -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr                     -- [info] available since OpenSSH 3.7
# message authentication code algorithms
(mac) AEAD_AES_128_GCM
(mac) aes128-gcm@openssh.com         -- [warn] unknown algorithm
(mac) AEAD_AES_256_GCM
(mac) aes256-gcm@openssh.com         -- [warn] unknown algorithm
(mac) hmac-sha2-512                  -- [warn] using encrypt-and-MAC mode
(mac) hmac-sha2-512                  -- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
# fingerprints
(fin) ssh-ed25519: SHA256:OXv9gviji0wo4O4jr4NVZsFYKT1CKkQuZ4fTlcK0E0U
(fin) ssh-ed25519: MD5:35:e8:82:81:53:ea:0f:4a:95:a2:5d:88:ba:a4:0d:14 -- [info] do not rely on MD5 fingerprints for server identification; it is insecure for this use case

!!! WARNING: unknown algorithm(s) found!: aes128-gcm@openssh.com,aes256-gcm@openssh.com.  If this is the latest version of ssh-audit (see <https://github.com/jtesta/ssh-audit/releases>), please create a new Github issue at <https://github.com/jtesta/ssh-audit/issues> with the full output above.

[jtesta]

Well this is rather interesting! Those two algorithms are already supported by ssh-audit (and have been for many, many years). Seems like there might be a bug somewhere. I see that your target server is identifying itself as "Mocana SSH". I can't find much information about it, though. Can you perhaps explain what product/software stack that is? Or even better: if you can share the address of a host with that SSH server that is reachable from the Internet, then I could debug this quickly without having to install anything locally. Thanks!

[rein123]

Unfortunately, I cannot provide an interface for you to test it directly, since the device is currently in development.
The used stack is from https://dev.digicert.com/en/trustcore-sdk/nanossh.html

Seems like "aes128-gcm" is maybe not an issue but the "@openssh.com" variant of it.

[jtesta]

@rein123: just thought I'd check again to see if perhaps an external instance is now available. Since the code looks right already, the only way to further debug this would be against a live system. Thanks!

[perkelix]

This page shows some of the supported ciphers. There doesn't seem to be much public documentation about the other supported features.

[rein123]

Sorry for the delay. I got informed that in a few weeks the product team will arrange a setup which is accessible via the Internet. I will keep you updated as soon as it is available.