in 2.3.0p1 rindael/aes is broken on bigendian machines.
On Sun, Feb 18, 2001 at 07:24:45PM +0200, Pekka Savola
wrote:> Hi,
>
> Connecting from RHL7 with OpenSSH 2.3.0p1 or 2.5.0p1 to OpenSSH 2.3.0p1 on
> AIX 4.3.1. Protocol 2 doesn't work if you specify 'Ciphers
> rijndael128-cbc' or Ciphers 'aes128-cbc'.
>
> sshd -d -d -d on the server shows _nothing_ about these connections.
>
> I'm not sure if rijndael has been left out from sshd somehow, but
> shouldn't the error message be a little more specific?
>
> Short version:
>
> $ ssh ibmsp
> e6 13 54 23 89 c2 61 07 df 51 1d 1b 17 d3 3e 8f
> Disconnecting: Bad packet length -434940893.
>
> Longer version:
>
> $ ssh -v -v -v ibmsp
> SSH Version OpenSSH_2.5.0p1, protocol versions 1.5/2.0.
> Compiled with SSL (0x0090581f).
> debug: Reading configuration data /home/psavola/.ssh/config
> debug: Reading configuration data /etc/ssh/ssh_config
> debug: cipher ok: rijndael128-cbc
> [rijndael128-cbc,aes128-cbc,arcfour,blowfish-cbc]
> debug: cipher ok: aes128-cbc
> [rijndael128-cbc,aes128-cbc,arcfour,blowfish-cbc]
> debug: cipher ok: arcfour
> [rijndael128-cbc,aes128-cbc,arcfour,blowfish-cbc]
> debug: cipher ok: blowfish-cbc
> [rijndael128-cbc,aes128-cbc,arcfour,blowfish-cbc]
> debug: ciphers ok: [rijndael128-cbc,aes128-cbc,arcfour,blowfish-cbc]
> debug: ssh_connect: getuid 154 geteuid 0 anon 0
> debug: Connecting to ibmsp [193.166.7.65] port 22.
> debug: Allocated local port 1020.
> debug: Connection established.
> debug: identity file /home/psavola/.ssh/identity type 0
> debug: Bad RSA1 key file /home/psavola/.ssh/id_dsa.
> debug: identity file /home/psavola/.ssh/id_dsa type 3
> debug: Remote protocol version 1.99, remote software version
> OpenSSH_2.3.0p1
> debug: match: OpenSSH_2.3.0p1 pat ^OpenSSH_2\.3\.0
> Enabling compatibility mode for protocol 2.0
> debug: Local version string SSH-2.0-OpenSSH_2.5.0p1
> debug: Seeding random number generator
> debug: send KEXINIT
> debug: done
> debug: wait KEXINIT
> debug: got kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug: got kexinit: ssh-dss
> debug: got kexinit:
>
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc
at lysator.liu.se
> debug: got kexinit:
>
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc
at lysator.liu.se
> debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
> debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
> debug: got kexinit: none,zlib
> debug: got kexinit: none,zlib
> debug: got kexinit:
> debug: got kexinit:
> debug: first kex follow: 0
> debug: reserved: 0
> debug: done
> debug: mac_init: found hmac-sha1
> debug: kex: server->client rijndael128-cbc hmac-sha1 none
> debug: mac_init: found hmac-sha1
> debug: kex: client->server rijndael128-cbc hmac-sha1 none
> debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
> debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
> debug: Got SSH2_MSG_KEX_DH_GEX_GROUP.
> debug: bits set: 501/1024
> debug: Sending SSH2_MSG_KEX_DH_GEX_INIT.
> debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
> debug: Got SSH2_MSG_KEXDH_REPLY.
> debug: Host 'ibmsp' is known and matches the DSA host key.
> debug: Found key in /home/psavola/.ssh/known_hosts2:132
> debug: bits set: 488/1024
> debug: len 55 datafellows 128
> debug: ssh_dss_verify: signature correct
> debug: Wait SSH2_MSG_NEWKEYS.
> debug: GOT SSH2_MSG_NEWKEYS.
> debug: send SSH2_MSG_NEWKEYS.
> debug: done: send SSH2_MSG_NEWKEYS.
> debug: done: KEX2.
> debug: send SSH2_MSG_SERVICE_REQUEST
> ac 29 cf 66 5a cf ac f6 58 62 9a c7 25 dc 5c bf
> Disconnecting: Bad packet length -1406546074.
> debug: Calling cleanup 0x8060690(0x0)
>
>
>
> --
> Pekka Savola "Tell me of difficulties surmounted,
> Netcore Oy not those you stumble over and fall"
> Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
>
>
>