openssh unix dev - Aug 2002 - kerberosIV authentication is broken in openssh-3.4p1

Hi,
  I think kerberosIV authentication is broken in openssh-3.4p1 in ssh2
version protocol:

nmrindy$ klist
Ticket file:    /tmp/tkt111_429097
Principal:      mmokrejs at NATUR.CUNI.CZ

  Issued           Expires          Principal
Aug 19 12:40:49  Aug 19 22:40:49  krbtgt.NATUR.CUNI.CZ at NATUR.CUNI.CZ
Aug 19 12:40:49  Aug 19 12:45:49  rcmd.nmrindy at NATUR.CUNI.CZ
Aug 19 12:40:49  Aug 19 22:40:49  afs at NATUR.CUNI.CZ
nmrindy$ ./ssh -v nmrindy -1
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090604f
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to nmrindy [195.113.59.111] port 22.
debug1: Connection established.
debug1: identity file /software/usr/home/mmokrejs/.ssh/identity type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Local version string SSH-1.5-OpenSSH_3.4p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
WARNING: RSA key found for host nmrindy
in /software/usr/home/mmokrejs/.ssh/known_hosts:4
RSA key fingerprint fe:fe:24:6b:3e:2a:18:8e:04:09:7b:de:20:01:4c:d0.
The authenticity of host 'nmrindy (195.113.59.111)' can't be
established,
but keys of different type are already known for this host.
RSA1 key fingerprint is b7:04:c0:bc:24:53:75:d1:75:23:61:d4:6b:f8:61:df.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'nmrindy,195.113.59.111' (RSA1) to the list
of known hosts.
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying Kerberos v4 authentication.
debug1: Kerberos v4 authentication accepted.
debug1: Kerberos v4 challenge successful.
debug1: Requesting pty.
debug1: fd 3 setting TCP_NODELAY
debug1: Requesting shell.
debug1: Entering interactive session.

nmrindy$ logout
Connection to nmrindy closed.
debug1: Transferred: stdin 1, stdout 555, stderr 31 bytes in 28.6 seconds
debug1: Bytes per second: stdin 0.0, stdout 19.4, stderr 1.1
debug1: Exit status 0
nmrindy$ ./ssh -v nmrindy -2
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090604f
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to nmrindy [195.113.59.111] port 22.
debug1: Connection established.
debug1: identity file /software/usr/home/mmokrejs/.ssh/id_rsa type -1
debug1: identity file /software/usr/home/mmokrejs/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 131/256
debug1: bits set: 1562/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'nmrindy' is known and matches the RSA host key.
debug1: Found key in /software/usr/home/mmokrejs/.ssh/known_hosts:4
debug1: bits set: 1621/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /software/usr/home/mmokrejs/.ssh/id_rsa
debug1: try privkey: /software/usr/home/mmokrejs/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is password
mmokrejs at nmrindy's password:


It happens to me when I test the client ./ssh against some other machines
running older openssh. I suspect a bug at least in a client. Tested on
Irix 6.5.15, cc, KTH kerberosIV 1.1.1.

I have one more note to the configure script:

checking for krb.h... yes
checking for main in -lkrb... yes
checking for des_cbc_encrypt in -ldes... no
checking for des_cbc_encrypt in -ldes425... no
configure: WARNING: Cannot find libdes nor libdes425, build may fail
checking for dn_expand in -lresolv... no
checking for xauth... /usr/bin/X11/xauth


The build went fine, as the des_cbc_encrypt is I guess in libcrypt.a from
OpenSSL and
was in older versions of libkrb.a (KTH kerberosIV). Maybe this is source of my
problems.
Thanks!
-- 
Martin Mokrejs <mmokrejs at natur.cuni.cz>, <m.mokrejs at gsf.de>
PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
MIPS / Institute for Bioinformatics <http://mips.gsf.de>
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
tel.: +49-89-3187 3683 , fax:?+49-89-3187 3585