bugzilla-daemon at mindrot.org
2025-Apr-17 23:36 UTC
[Bug 3814] New: incorrect signature when ssh'ing to an AIX server (Big Endian) from amd64 (Little endian)
https://bugzilla.mindrot.org/show_bug.cgi?id=3814
Bug ID: 3814
Summary: incorrect signature when ssh'ing to an AIX server (Big
Endian) from amd64 (Little endian)
Product: Portable OpenSSH
Version: 10.0p1
Hardware: PPC64
OS: AIX
Status: NEW
Severity: major
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: jfp at clearfield.com
The client is Debian sid, using the manually compiled upstream
openssh-10.0p1 against an AIX server running OpenSSH_9.9
Got the following error:
ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: incorrect
signature
If I delete the entry in the known_hosts I get the additional:
debug2: ssh_ed25519_verify: crypto_sign_ed25519_open failed: -1
Full logs:
debug1: OpenSSH_10.0p2, OpenSSL 3.5.0 8 Apr 2025
debug3: Running on Linux 6.12.17-amd64 #1 SMP PREEMPT_DYNAMIC Debian
6.12.17-1 (2025-03-01) x86_64
debug3: Started with: ./ssh -vvvvvv HOSTNAME
debug1: Reading configuration data /home/jfp/.ssh/config
debug1: /home/jfp/.ssh/config line 247: Applying options for *.trl
debug1: /home/jfp/.ssh/config line 360: Applying options for *
debug1: /home/jfp/.ssh/config line 367: Deprecated option "useroaming"
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' ->
'/home/jfp/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' ->
'/home/jfp/.ssh/known_hosts2'
debug2: resolving "HOSTNAME" port 22
debug3: resolve_host: lookup HOSTNAME:22
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to HOSTNAME [10.160.21.22] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /home/jfp/.ssh/id_rsa type 0
debug1: identity file /home/jfp/.ssh/id_rsa-cert type -1
debug1: identity file /home/jfp/.ssh/id_ecdsa type -1
debug1: identity file /home/jfp/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/jfp/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/jfp/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/jfp/.ssh/id_ed25519 type 3
debug1: identity file /home/jfp/.ssh/id_ed25519-cert type -1
debug1: identity file /home/jfp/.ssh/id_ed25519_sk type -1
debug1: identity file /home/jfp/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/jfp/.ssh/id_xmss type -1
debug1: identity file /home/jfp/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_10.0
debug1: Remote protocol version 2.0, remote software version
OpenSSH_9.9
debug1: compat_banner: match: OpenSSH_9.9 pat OpenSSH* compat
0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to HOSTNAME:22 as 'jpi4319'
debug3: record_hostkey: found key type ECDSA in file
/home/jfp/.ssh/known_hosts:194
debug3: record_hostkey: found key type RSA in file
/home/jfp/.ssh/known_hosts:531
debug3: load_hostkeys_file: loaded 2 keys from HOSTNAME
debug1: load_hostkeys: fopen /home/jfp/.ssh/known_hosts2: No such file
or directory
debug1: load_hostkeys: fopen /usr/local/etc/ssh_known_hosts: No such
file or directory
debug1: load_hostkeys: fopen /usr/local/etc/ssh_known_hosts2: No such
file or directory
debug3: order_hostkeyalgs: prefer hostkeyalgs:
ecdsa-sha2-nistp256-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at
openssh.com,rsa-sha2-256-cert-v01 at
openssh.com,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms:
mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512 at
openssh.com,curve25519-sha256,curve25519-sha256 at
libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00
at openssh.com
debug2: host key algorithms:
ecdsa-sha2-nistp256-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at
openssh.com,rsa-sha2-256-cert-v01 at
openssh.com,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-ed25519-cert-v01
at openssh.com,ecdsa-sha2-nistp384-cert-v01 at
openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01
at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at
openssh.com,ssh-ed25519,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519
at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com
debug2: ciphers ctos:
chacha20-poly1305 at openssh.com,aes128-gcm at openssh.com,aes256-gcm at
openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc:
chacha20-poly1305 at openssh.com,aes128-gcm at openssh.com,aes256-gcm at
openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos:
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at
openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at
openssh.com,umac-64 at openssh.com,umac-128 at
openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc:
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at
openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at
openssh.com,umac-64 at openssh.com,umac-128 at
openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib at openssh.com
debug2: compression stoc: none,zlib at openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms:
sntrup761x25519-sha512,sntrup761x25519-sha512 at
openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256 at
libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-s,kex-strict-s-v00
at openssh.com
debug2: host key algorithms:
rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos:
aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305 at openssh.com,aes128-gcm at
openssh.com,aes256-gcm at openssh.com
debug2: ciphers stoc:
aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305 at openssh.com,aes128-gcm at
openssh.com,aes256-gcm at openssh.com
debug2: MACs ctos:
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at
openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at
openssh.com,umac-64 at openssh.com,umac-128 at
openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc:
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at
openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at
openssh.com,umac-64 at openssh.com,umac-128 at
openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib at openssh.com
debug2: compression stoc: none,zlib at openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: kex_choose_conf: will use strict KEX ordering
debug1: kex: algorithm: mlkem768x25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256
SHA256:v3CpWA7KYkA/0T/Zz2ogEoDFcng+0zhA7o52ASgQgiQ
debug3: record_hostkey: found key type ECDSA in file
/home/jfp/.ssh/known_hosts:194
debug3: record_hostkey: found key type RSA in file
/home/jfp/.ssh/known_hosts:531
debug3: load_hostkeys_file: loaded 2 keys from HOSTNAME
debug1: load_hostkeys: fopen /home/jfp/.ssh/known_hosts2: No such file
or directory
debug1: load_hostkeys: fopen /usr/local/etc/ssh_known_hosts: No such
file or directory
debug1: load_hostkeys: fopen /usr/local/etc/ssh_known_hosts2: No such
file or directory
debug1: Host 'HOSTNAME' is known and matches the ECDSA host key.
debug1: Found key in /home/jfp/.ssh/known_hosts:194
ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: incorrect
signature
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Apr-18 03:17 UTC
[Bug 3814] incorrect signature when ssh'ing to an AIX server (Big Endian) from amd64 (Little endian)
https://bugzilla.mindrot.org/show_bug.cgi?id=3814
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
Version|10.0p1 |9.9p1
--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
This is a known bug in 9.9p1 in the mlkem768x25519-sha256 key exchange
algorithm on bigendian platforms. You didn't see it until you upgraded
to 10.0 since that version selects mlkem768x25519-sha256 by default if
the server supports it.
Your options are:
- update the AIX server to 9.9p2 or newer.
- Apply
https://github.com/openssh/openssh-portable/commit/11f348196b3fb51c3d8d1f4f36db9d73f03149ed
and recompile (depending on compilers and headers, you may also need
some of the following patches to make it compile)
- remove mlkem768x25519-sha256 from KexAlgorithms on the client,
server or both ("KexAlgorithms -mlkem768x25519-sha256" in sshd_config
and/or sshd_config.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2025-May-22 03:59 UTC
[Bug 3814] incorrect signature when ssh'ing to an AIX server (Big Endian) from amd64 (Little endian)
https://bugzilla.mindrot.org/show_bug.cgi?id=3814
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.