bugzilla-daemon at mindrot.org
2002-Mar-07 20:33 UTC
[Bug 148] New: Key Exchange Guesses not supported
http://bugzilla.mindrot.org/show_bug.cgi?id=148 Summary: Key Exchange Guesses not supported Product: Portable OpenSSH Version: 3.0p1 Platform: All OS/Version: other Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: Darren.Moffat at Sun.COM This was discovered at Connectathon 2002 while testing against SSH.COM with their compat flags disabled (they currently don't send guess to any OpenSSH server since they know it isn't implemented). draft-ietf-secsh-transport-13.txt 5. Key Exchange Key exchange begins by each side sending lists of supported algorithms. Each side has a preferred algorithm in each category, and it is assumed that most implementations at any given time will use the same preferred algorithm. Each side MAY guess which algorithm the other side is using, and MAY send an initial key exchange packet according to the algorithm if appropriate for the preferred method. Guess is considered wrong, if: o the kex algorithm and/or the host key algorithm is guessed wrong (server and client have different preferred algorithm), or o if any of the other algorithms cannot be agreed upon (the procedure is defined below in Section Section 5.1). Otherwise, the guess is considered to be right and the optimistically sent packet MUST be handled as the first key exchange packet. The current code for kex in OpenSSH assumes that they only acceptable packet is a NEWKEYS by using this code fragment: packet_read_expect(SSH2_MSG_NEWKEYS); SSH2_MSG_KEXDH_INIT can arrive if the other side sends a guess. I have a partial solution (only works if the client guess was our prefered), solution for the server side but this needs client support as well. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Reasonably Related Threads
- [Bug 148] Key Exchange Guesses not supported
- [Bug 187] New: ssh-keygen not converting from and to SECSH standard correctly
- [Bug 148] Key Exchange Guesses not supported
- [Bug 147] New: ssh dies if it gets SSH_MSG_USERAUTH_PASSWD_CHANGEREQ
- OpenSSH 2.9.2p2 passwd work but not publickey on HPUX 11