bugzilla-daemon at mindrot.org
2024-Feb-05 10:00 UTC
[Bug 3663] New: KEX host signature length wrong since strict kex introduced
https://bugzilla.mindrot.org/show_bug.cgi?id=3663 Bug ID: 3663 Summary: KEX host signature length wrong since strict kex introduced Product: Portable OpenSSH Version: 9.6p1 Hardware: Other OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: neal.gooch at techmahindra.com Created attachment 3786 --> https://bugzilla.mindrot.org/attachment.cgi?id=3786&action=edit Wireshark decode of single packet When running openssh-clients-8.0p1-19.el8_9.2.x86_64.rpm (Redhat derivative which includes the strict kex changes in 9.6p1) we are unable to using Putty v0.80 which includes its strict kex changes. Putty reports ?Incorrect MAC received on packet? This on its own doesn't say which end is at fault. Wireshark decode of my SSH connection gives a Expert warning that the KEX host signature (ssh-ed25519) has a host signature length of 83 bytes (packet length) but it decoded 19 bytes. This leads me to think it is OpenSSH at fault. Interestingly an ssh session from another server running the same version of openssh doesn't spot this issue and will connect - so there might be two issues - one the server end not building this packet correctly and one on the client end not detecting it. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Feb-05 22:15 UTC
[Bug 3663] KEX host signature length wrong since strict kex introduced
https://bugzilla.mindrot.org/show_bug.cgi?id=3663 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- Sorry, but I don't follow your report. Are you saying that you're connecting with PuTTY to OpenSSH sshd 8.0? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Feb-05 23:08 UTC
[Bug 3663] KEX host signature length wrong since strict kex introduced
https://bugzilla.mindrot.org/show_bug.cgi?id=3663 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at dtucker.net --- Comment #2 from Darren Tucker <dtucker at dtucker.net> --- Given that a) the problem is in strict kex and b) *our* 8.0p1 doesn't have strict kex it sounds like the problem might be Redhat's patches to 8.0. If so, you need to report the problem to Redhat. Can you reproduce the problem with stock OpenSSH 9.6p1 compiled from source? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Feb-07 02:29 UTC
[Bug 3663] KEX host signature length wrong since strict kex introduced
https://bugzilla.mindrot.org/show_bug.cgi?id=3663 --- Comment #3 from Darren Tucker <dtucker at dtucker.net> --- BTW, our interop tests for 9.6p1 test against PuTTY's plink if it's found at configure time. (Older versions also had the tests, but they needed to be manually enabled). The tests don't report the plink version (and the tests run by the CI will depend on what's on the runners Github supplies) but at least some of our private VMs have 0.80 and pass the tests: $ cd openssh-9.6p1 $ ./configure && make interop-tests [...] run test putty-transfer.sh ... putty transfer data: compression 0 putty transfer data: compression 1 ok putty transfer data run test putty-ciphers.sh ... putty ciphers: cipher aes putty ciphers: cipher 3des putty ciphers: cipher aes128-ctr putty ciphers: cipher aes192-ctr putty ciphers: cipher aes256-ctr putty ciphers: cipher chacha20 ok putty ciphers run test putty-kex.sh ... putty KEX: kex dh-gex-sha1 putty KEX: kex dh-group1-sha1 putty KEX: kex dh-group14-sha1 putty KEX: kex ecdh ok putty KEX [...] all interop-tests passed -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Feb-07 12:30 UTC
[Bug 3663] KEX host signature length wrong since strict kex introduced
https://bugzilla.mindrot.org/show_bug.cgi?id=3663 --- Comment #4 from Neal Gooch <neal.gooch at techmahindra.com> --- Two updates: 1) Wireshark 4.2.2 (latest at time of writing) no longer gives that expert warning (checked with original capture files) so this was a red-herring and a Wireshark issue. 2) Oracle have removed openssh-8.0p1-19.el8_9.2.x86_64.rpm from their yum repos.... So this looks to be an issue during backporting by either Redhat or Oracle On this basis happy to close! -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Feb-07 12:30 UTC
[Bug 3663] KEX host signature length wrong since strict kex introduced
https://bugzilla.mindrot.org/show_bug.cgi?id=3663 Neal Gooch <neal.gooch at techmahindra.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|NEW |RESOLVED -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Feb-07 12:46 UTC
[Bug 3663] KEX host signature length wrong since strict kex introduced
https://bugzilla.mindrot.org/show_bug.cgi?id=3663 --- Comment #5 from Darren Tucker <dtucker at dtucker.net> --- I've also added some explicit PuTTY interop tests against a bunch of PuTTY versions (https://github.com/openssh/openssh-portable/actions/runs/7814553545, assuming I didn't make a mistake in the change). -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Seemingly Similar Threads
- Feature Request: new "Require Strict-KEX" c/s option
- Discussion: new terrapin resisting ciphers and macs (alternative to strict-kex) and -ctr mode question.
- Discussion: new terrapin resisting ciphers and macs (alternative to strict-kex) and -ctr mode question.
- Dovecot - Telnet error
- SSH time increased significantly after upgrade to OpenSSH 9.6p1