bugzilla-daemon at mindrot.org
2014-Apr-18 22:37 UTC
[Bug 2232] New: curve25519-sha256@libssh.org Signature Failures When 'ssh' Used with Dropbear, libssh Servers
https://bugzilla.mindrot.org/show_bug.cgi?id=2232 Bug ID: 2232 Summary: curve25519-sha256 at libssh.org Signature Failures When 'ssh' Used with Dropbear, libssh Servers Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: throwaway.xy+opensshbugzilla at gmail.com Overview: When using the curve25519-sha256 at libssh.org kex algorithm, host key signature validation will sometimes fail between an OpenSSH 'ssh' client and other SSH servers (dropbear-2014.63, libssh 0.6.3 or beyond). Steps to Reproduce: Download or build dropbear-2014.63 'dropbearkey' and 'dropbear' programs. Start a dropbear server in one terminal (will use ~/.ssh/authorized_keys): # ./dropbearkey -t rsa -f ./test-rsa-hostkey # ./dropbear -r ./test-rsa-hostkey -F -p 1234 -v -E In a second terminal run 'ssh echo "hello"' commands in a loop using 'ssh' from 6.6p1: # ITER=1; echo "Start"; while [ $? -eq 0 ]; do let ITER=ITER+1; echo "$ITER"; ./ssh -o KexAlgorithms="curve25519-sha256 at libssh.org" -p 1234 localhost echo "hello"; done Actual Results: Eventually the loop above will fail. Sometimes failure happens quickly, sometimes it can many iterations: ... hello 224 hello 225 hash mismatch key_verify failed for server_host_key Expected Results: The loop should never fail with the 'hash_mismatch' error above. Build Date & Hardware: # git rev-parse HEAD 19158b2447e35838d69b2b735fb640d1e86061ea # git show V_6_6_P1 commit 19158b2447e35838d69b2b735fb640d1e86061ea Author: Damien Miller <djm at mindrot.org> Date: Thu Mar 13 13:14:21 2014 +1100 - (djm) Release OpenSSH 6.6 ... Additional Builds and Platforms: Also reproducible with 6.5p1. Additional Information: Originally discovered here: https://red.libssh.org/issues/159. My understanding of the actual bug is that OpenSSH is generating the shared secret bignum value 'K' in a way that is not expected by other implementations. I believe the problem is in 'buffer_put_bignum2_from_string' (used by 'kexc25519_shared_key'), as is mentioned here on the mailing list, with a patch to bufaux.c to fix: http://marc.info/?l=openssh-unix-dev&m=139699836815285&w=2 Some test results between a patched OpenSSH client and a libssh-based server are in the above libssh bug link, and they suggest that the patch does fix the problem. I believe this bug affects interop of 'curve25519-sha256 at libssh.org' going forward, so I've set Severity to 'major'. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Apr-20 12:21 UTC
[Bug 2232] curve25519-sha256@libssh.org Signature Failures When 'ssh' Used with Dropbear, libssh Servers
https://bugzilla.mindrot.org/show_bug.cgi?id=2232 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |djm at mindrot.org Resolution|--- |DUPLICATE --- Comment #1 from Damien Miller <djm at mindrot.org> --- *** This bug has been marked as a duplicate of bug 2233 *** -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Aug-11 13:03 UTC
[Bug 2232] curve25519-sha256@libssh.org Signature Failures When 'ssh' Used with Dropbear, libssh Servers
https://bugzilla.mindrot.org/show_bug.cgi?id=2232 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Damien Miller <djm at mindrot.org> --- Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Maybe Matching Threads
- [Bug 2233] New: curve25519-sha256@libssh.org Signature Failures When 'sshd' Used with Dropbear Clients
- [PATCH] curve25519-sha256@libssh.org key exchange proposal
- bad bignum encoding for curve25519-sha256@libssh.org
- [PATCH] curve25519-sha256@libssh.org key exchange proposal
- Multiple keys/methods per key exchange (e.g. multi-md5-sha1-md4@libssh.org) Re: [PATCH] curve25519-sha256@libssh.org key exchange proposal