openssh unix dev - Jun 2002 - [Bug 297] New: sshd version 3.3 incompatible with pre-3.3 clients in ssh1 mode

http://bugzilla.mindrot.org/show_bug.cgi?id=297

           Summary: sshd version 3.3 incompatible with pre-3.3 clients in
                    ssh1 mode
           Product: Portable OpenSSH
           Version: -current
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: henrik-sshbugzilla at hswn.dk


After installing the 3.3p1 release on our webserver, I have received a couple of
reports from users who can no longer login.

It seems to be a problem only when using ssh v1 protocol. The connection is
terminated with a message "Disconnecting: Corrupted check bytes on
input."

The output from "ssh -v1" is:
$ ssh -v -1 sslug.dk
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 0 anon 1
debug1: Connecting to sslug.dk [130.228.2.150] port 22.
debug1: temporarily_use_uid: 501/504 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/504 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/tange/.ssh/identity type 0
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.3
debug1: match: OpenSSH_3.3 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.9p2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'sslug.dk' is known and matches the RSA1 host key.
debug1: Found key in /home/tange/.ssh/known_hosts:3
debug1: Encryption type: blowfish
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
Disconnecting: Corrupted check bytes on input.
debug1: Calling cleanup 0x8067590(0x0)

I have an identical report from a user running a 3.1p1 client. However, I cannot
reproduce it myself with neither a 3.3p1 nor a 3.1p1 client.

The logs on the server does not indicate anything unusual.

Server is a heavily patched Red Hat 6.2 installation, running a Linux
2.4.19-pre10 kernel with OpenSSH 3.3p1 (rebuilt from the openssh.com
distribution). UsePrivilegeSeparation is enabled.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.