TypeError: setAutoPadding(false) not supported for Aes128Gcm yet

[joewalker]

Version: Deno 2.3.3

Usage context: Trying to port code from nodejs which uses ssh2.

My code calls connection.connect(cfg) which then emits an error event

connection.on('error', …);
connection.connect(config);

The error presented in the error event is the following exception:

TypeError: setAutoPadding(false) not supported for Aes128Gcm yet
    at Decipheriv.final (ext:deno_node/internal/crypto/cipher.ts:158:5)
    at AESGCMDecipherNative.decrypt (file:///…/node_modules/.deno/[email protected]/node_modules/ssh2/lib/protocol/crypto.js:955:50)
    at Protocol.parsePacket [as _parse] (file:///…/node_modules/.deno/[email protected]/node_modules/ssh2/lib/protocol/Protocol.js:2028:25)
    at Protocol.parse (file:///…/node_modules/.deno/[email protected]/node_modules/ssh2/lib/protocol/Protocol.js:313:16)
    at Socket.<anonymous> (file:///…/node_modules/.deno/[email protected]/node_modules/ssh2/lib/client.js:775:21)
    at Socket.emit (ext:deno_node/_events.mjs:393:28)
    at addChunk (ext:deno_node/internal/streams/readable.js:599:12)
    at readableAddChunkPushByteMode (ext:deno_node/internal/streams/readable.js:547:3)
    at Socket.Readable.push (ext:deno_node/internal/streams/readable.js:416:7)
    at TCP.onStreamRead [as onread] (ext:deno_node/internal/stream_base_commons.ts:193:23)

I'm guessing that this is somewhat expected.

Thank-you.

[edilson258]

@joewalker could you give a full reproduction please

[joewalker]

Sure. I think this will happen with any ed25519 ssh key, so:

• Create a new folder, cd into it
• Create a new key pair with ssh-keygen -t ed25519 -C comment -f ./newkey
• Since we're testing node compat, install ssh2 with npm install ssh2
• Create an index.js file with the following contents:

import { Client } from 'ssh2';
import fs from 'node:fs/promises';

const connection = new Client();
connection.on('ready', () => {
  console.log('SSH Connection established');
  connection.end();
});
connection.on('error', err => {
  console.error('SSH Connection error:', err);
});
connection.connect({
  // A public access SSH server that will accept any auth
  host: 'tty.sdf.org',
  port: 22,
  username: 'menu',
  privateKey: await fs.readFile('newkey', 'utf8'),
});

Then compare:

$ node index.js

SSH Connection established

with

$ deno --allow-ffi=./node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node --allow-net --allow-read=. index.js

SSH Connection error: TypeError: setAutoPadding(false) not supported for Aes128Gcm yet
    at Decipheriv.final (ext:deno_node/internal/crypto/cipher.ts:158:5)
    at AESGCMDecipherNative.decrypt (file:///…/node_modules/ssh2/lib/protocol/crypto.js:955:50)
    at Protocol.parsePacket [as _parse] (file:///…/node_modules/ssh2/lib/protocol/Protocol.js:2028:25)
    at Protocol.parse (file:///…/node_modules/ssh2/lib/protocol/Protocol.js:313:16)
    at Socket.<anonymous> (file:///…/node_modules/ssh2/lib/client.js:773:21)
    at Socket.emit (ext:deno_node/_events.mjs:393:28)
    at addChunk (ext:deno_node/internal/streams/readable.js:599:12)
    at readableAddChunkPushByteMode (ext:deno_node/internal/streams/readable.js:547:3)
    at Socket.Readable.push (ext:deno_node/internal/streams/readable.js:416:7)
    at TCP.onStreamRead [as onread] (ext:deno_node/internal/stream_base_commons.ts:193:23)

Happy to provide a zip file, but I'm guess from a security pov, the above is preferred.