bugzilla-daemon at mindrot.org
2025-Feb-09 08:24 UTC
[Bug 3786] New: openssh client no longer connects to dropbear server
https://bugzilla.mindrot.org/show_bug.cgi?id=3786
Bug ID: 3786
Summary: openssh client no longer connects to dropbear server
Product: Portable OpenSSH
Version: 9.9p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: niki2inbox at gmail.com
As of version 9.9 the client does not connect to dropbear running on
OpenWRT.
With client 9.8 I am able to connect.
$ ./ssh root at 192.168.0.1
ssh_dispatch_run_fatal: Connection to 192.168.0.1 port 22: error in
libcrypto
$
Doing -vvv does not print anything else meaningful.
My client config:
Host 192.168.0.1
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
The dropbear server arguments:
/usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 22 -K 300 -T 3
SSH_ERR_LIBCRYPTO_ERROR is returned from sshkey_pkey_digest_verify in
sshkey.c
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Feb-09 16:02 UTC
[Bug 3786] openssh client no longer connects to dropbear server
https://bugzilla.mindrot.org/show_bug.cgi?id=3786 --- Comment #1 from Nikola <niki2inbox at gmail.com> --- Seems like this doesn't have much to do with ssh, it is caused by crypto policies on Fedora limiting the libcrypto API to not using sha1. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Jun-04 08:22 UTC
[Bug 3786] openssh client no longer connects to dropbear server
https://bugzilla.mindrot.org/show_bug.cgi?id=3786
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
If you enable debugging on the clie(In reply to Nikola from comment
#0)> As of version 9.9 the client does not connect to dropbear running on
> OpenWRT.
Which version of Dropbear?
> With client 9.8 I am able to connect.
>
> $ ./ssh root at 192.168.0.1
> ssh_dispatch_run_fatal: Connection to 192.168.0.1 port 22: error in
> libcrypto
If you add "-vvv" you should at least see what algorithms it's
trying
to (and failing to) enable.
> Host 192.168.0.1
> PubkeyAcceptedAlgorithms +ssh-rsa
> HostkeyAlgorithms +ssh-rsa
My guess it's the SHA1 that ssh-rsa uses. Modern Dropbears support
some of the the RSA SHA2 variants (rsa-sha2-256) so if yours does I'd
suggest trying that.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Possibly Parallel Threads
- Bug: ssh-copy-id mishandles dropbear
- [Bug 3527] New: ssh-copy-id broken for dropbear
- [Bug 2232] New: curve25519-sha256@libssh.org Signature Failures When 'ssh' Used with Dropbear, libssh Servers
- Bug: ssh-copy-id mishandles dropbear
- Using Dropbear for RTOS which is not POSIX complaint?