Devolutions ForumDevolutions Forum

RDM ssh client/library and Bitvise SSH server

Backlog

RDM ssh client/library and Bitvise SSH server

avatar
coduttim

Hello, I think I've found a bug regarding RDM ssh client/library.
I've recently upgraded a Bitvise (SSH) server from version 9.29 to 9.39 to fix CVE-2023-48795 (SSH Terrapin Prefix Truncation Weakness) and after the upgrade the RDM cannot connect anymore (via SSH) to the upgraded server.
Downgrading the server resolved the issue (but not the vulnerability)
Other ssh clients like OpenSSH and MobaXTERM conect to the upgraded bitvise server like a charm.
Thinkering with the configuration of the RDM connecion profile to that server I came with a workaround: I removed ChaCha20 encryption algorithm from the supported list by the client.
Thinkeringa little bit more I discovered that only two encryption algorithms are working: aes256-gcp and aes128-gcm.
Any of the *-ctr do not work.
I've found another bug report to upgrading Bitvise form 9.29 to fix the same vulnerability: https://forum.devolutions.net/topics/41998/hmac-failure#195629

All Comments (7)

avatar
Maxim Robert

Hello Coduttim,

Thank you for contacting us on that matter!

Could you please provide us with the following information?

  • Your current RDM version.


  • The operating system you are using and its version.


  • The data source you are utilizing.


  • A recording showing the issue.


Then, I will provide the information to our QA Team to see if they can reproduce the issue. I sent you the information through a direct message to send us the recording. If you have any other questions, feel free to let us know.

Best regards,

Maxim Robert

avatar
coduttim
Hello Coduttim,

Thank you for contacting us on that matter!

Could you please provide us with the following information?
  • Your current RDM version.

windows: 2024.2.21.0



  • The operating system you are using and its version.

Windows 11 (23H2 build 22631.4037)



  • The data source you are utilizing.

Devolution server v2024.2.9.0



  • A recording showing the issue.

Shortly i will post a screen capture of the issue


Then, I will provide the information to our QA Team to see if they can reproduce the issue. I sent you the information through a direct message to send us the recording. If you have any other questions, feel free to let us know.

Best regards,
avatar
nicolaslehouillier

Hi,
We have the same problem here! Do you have any solutions?

avatar
Maxim Robert

Hello Nicolas,

Would it be possible to provide us with a recording showing the issue?

I sent you a direct message with the information to provide us with the recording. It will allow us to perform further investigation.

If you have any other questions, feel free to let us know.

Best regards,

Maxim Robert

avatar
Hubert Mireault

Hello,

We managed to reproduce the issue internally and this should be fixed with version 2024.3.11.0 which we are hoping to release early next week.

Regards,

Hubert Mireault

avatar
nicolaslehouillier

Everything is working now after the update

avatar
Hubert Mireault

Hello,

Thank you for the feedback, I'm glad this works for you. Let us know if you encounter any other issue.

Regards,

Hubert Mireault