Hi, mancha and me debugged a problem with OpenSSH 7.3p1 that was reported on the #openssh freenode channel. Symptoms were that this message was popping on the console during a busy X11 session: kex protocol error: type 7 seq 1234 I managed to reproduce the problem, it is related to the SSH_EXT_INFO packet that is send by the server every time it is sending an SSH_NEWKEYS packet, hence after every rekeying. I reproduced it on my system with OpenSSH 7.3p1 and manually rekeying with escape R http://pastebin.com/Xk0dF0mc on the client side: sshconnect2.c: void ssh_userauth2(const char *local_user, const char *server_user, char *host, Sensitive *sensitive) { ... ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ pubkey_cleanup(&authctxt); ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); debug("Authentication succeeded (%s).", authctxt.method->name); } Is the only place where the dispatch for that packet is set. However in kex.c: int kex_input_ext_info(int type, u_int32_t seq, void *ctxt) { ... debug("SSH2_MSG_EXT_INFO received"); ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error); ... } Ensuring this packet will only be accepted before authentication. However the server side is different: int kex_send_newkeys(struct ssh *ssh) { ... debug("SSH2_MSG_NEWKEYS sent"); debug("expecting SSH2_MSG_NEWKEYS"); ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_input_newkeys); if (ssh->kex->ext_info_c) if ((r = kex_send_ext_info(ssh)) != 0) return r; return 0; } There doesn't seem to have any logic in the client side that restricts sending ext-info-c in the list of kex algorithms after the first key exchange. However I couldn't find it in my kexinit proposal (even the first one): debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib at openssh.com,zlib debug2: compression stoc: none,zlib at openssh.com,zlib debug2: languages ctos: debug2: languages stoc: Mancha couldn't reproduce the issue, despite running both OpenSSH 7.3p1 client & server from upstream, with an empty configuration file. At this point I don't know why he's not affected. This bug is not very important anyway because the packet is simply dropped with no consequence. Aris
On Wed, Aug 24, 2016 at 07:06:29PM +0200, Aris Adamantiadis wrote:> Hi, > > mancha and me debugged a problem with OpenSSH 7.3p1 that was reported > on the #openssh freenode channel. Symptoms were that this message was > popping on the console during a busy X11 session: kex protocol error: > type 7 seq 1234 > > I managed to reproduce the problem, it is related to the SSH_EXT_INFO > packet that is send by the server every time it is sending an > SSH_NEWKEYS packet, hence after every rekeying. I reproduced it on my > system with OpenSSH 7.3p1 and manually rekeying with escape R > > [SNIP] > > Mancha couldn't reproduce the issue, despite running both OpenSSH > 7.3p1 client & server from upstream, with an empty configuration file. > At this point I don't know why he's not affected.Hello. I can shed a bit of light on why Aris hit the bug while I didn't when we both used 7.3p1. When sshd 7.3 *does* use privilege separation (UsePrivilegeSeparation), ssh->kex->ext_info_c == 0 on re-keys whether or not the client added ext-info-c to its kex algos in KEXINIT of first key exchange (setting ssh->kex->ext_info_c). When sshd 7.3 *does not* use privilege separation, if a client adds ext-info-c in KEXINIT for its first key exchange, ssh->kex->ext_info_c == 1 persists through re-keys and you get a client-side "kex protocol error: type 7 seq XX" response to the server sending a "server-sig-algs" SSH2_MSG_EXT_INFO packet after every SSH2_MSG_NEWKEYS. Operative code: kex.c:kex_send_newkeys() if (ssh->kex->ext_info_c) if ((r = kex_send_ext_info(ssh)) != 0) return r; Ref: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.112&r2=1.113 Cheers, --mancha -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20160824/6d181f36/attachment.bin>
I copy the content of the pasetbin because it's about to expire. Aris aris at MacBook-Pro-de-Aris[master]:~/git/openssh-portable$ $(which sshd) -p 2222 -Dd -o UsePrivilegeSeparation=no debug1: sshd version OpenSSH_7.3, OpenSSL 1.0.2h 3 May 2016 debug1: private host key #0: ssh-rsa SHA256:RshcDcsrjxblhEKqY41SVjaknD5Y+5ItWoL0kUZzAto debug1: private host key #1: ssh-dss SHA256:abOvTYhsvsk1wP8zgmhctRASjh2w/6VT2QYhCetQilo debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:Ub1fnRft89IfzrANU6giRV6o6BxHU9gOOuyT+vyJssw debug1: private host key #3: ssh-ed25519 SHA256:ZDLir2+iDMnLGLpHz4objxkuIKK2fyOwjlrlr5IvcxE debug1: setgroups() failed: Operation not permitted debug1: rexec_argv[0]='/usr/local/sbin/sshd' debug1: rexec_argv[1]='-p' debug1: rexec_argv[2]='2222' debug1: rexec_argv[3]='-Dd' debug1: rexec_argv[4]='-o' debug1: rexec_argv[5]='UsePrivilegeSeparation=no' debug1: Bind to port 2222 on 0.0.0.0. Server listening on 0.0.0.0 port 2222. debug1: Bind to port 2222 on ::. Server listening on :: port 2222. debug1: fd 6 clearing O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9 debug1: inetd sockets after dupping: 5, 5 Connection from ::1 port 54145 on ::1 port 2222 debug1: Client protocol version 2.0; client software version OpenSSH_7.3 debug1: match: OpenSSH_7.3 pat OpenSSH* compat 0x04000000 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.3 debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 at libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_INIT debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user aris service ssh-connection method none debug1: attempt 0 failures 0 Failed none for aris from ::1 port 54145 ssh2 debug1: userauth-request for user aris service ssh-connection method publickey debug1: attempt 1 failures 0 debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:dKXKoU9kSKpA5JtMuxbu5vUlL2F6YwOvZi6dz9/9XoY debug1: temporarily_use_uid: 501/20 (e=501/20) debug1: trying public key file /Users/aris/.ssh/authorized_keys debug1: fd 6 clearing O_NONBLOCK debug1: matching key found: file /Users/aris/.ssh/authorized_keys, line 1 RSA SHA256:dKXKoU9kSKpA5JtMuxbu5vUlL2F6YwOvZi6dz9/9XoY debug1: restore_uid: (unprivileged) Postponed publickey for aris from ::1 port 54145 ssh2 debug1: userauth-request for user aris service ssh-connection method publickey debug1: attempt 2 failures 0 debug1: temporarily_use_uid: 501/20 (e=501/20) debug1: trying public key file /Users/aris/.ssh/authorized_keys debug1: fd 6 clearing O_NONBLOCK debug1: matching key found: file /Users/aris/.ssh/authorized_keys, line 1 RSA SHA256:dKXKoU9kSKpA5JtMuxbu5vUlL2F6YwOvZi6dz9/9XoY debug1: restore_uid: (unprivileged) Accepted publickey for aris from ::1 port 54145 ssh2: RSA SHA256:dKXKoU9kSKpA5JtMuxbu5vUlL2F6YwOvZi6dz9/9XoY debug1: Entering interactive session for SSH2. debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_global_request: rtype no-more-sessions at openssh.com want_reply 0 debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_pty_req: session 0 alloc /dev/ttys005 debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell Starting session: shell on ttys005 for aris from ::1 port 54145 id 0 debug1: Setting controlling tty using TIOCSCTTY. debug1: SSH2_MSG_KEXINIT received debug1: SSH2_MSG_KEXINIT sent debug1: kex: algorithm: curve25519-sha256 at libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_INIT debug1: set_newkeys: rekeying, input 4856 bytes 405 blocks, output 5408 bytes 0 blocks debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: set_newkeys: rekeying, input 4868 bytes 0 blocks, output 5476 bytes 8 blocks debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: Received SSH2_MSG_UNIMPLEMENTED for 43 debug1: SSH2_MSG_KEXINIT received debug1: SSH2_MSG_KEXINIT sent debug1: kex: algorithm: curve25519-sha256 at libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_INIT debug1: set_newkeys: rekeying, input 6360 bytes 185 blocks, output 6808 bytes 0 blocks debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: set_newkeys: rekeying, input 6372 bytes 0 blocks, output 6876 bytes 8 blocks debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: Received SSH2_MSG_UNIMPLEMENTED for 47 debug1: server_input_global_request: rtype keepalive at openssh.com want_reply 1 debug1: server_input_global_request: rtype keepalive at openssh.com want_reply 1 debug1: server_input_global_request: rtype keepalive at openssh.com want_reply 1 aris at MacBook-Pro-de-Aris[master]:~/git/openssh-portable$ ssh -p 2222 localhost The authenticity of host '[localhost]:2222 ([::1]:2222)' can't be established. ECDSA key fingerprint is SHA256:Ub1fnRft89IfzrANU6giRV6o6BxHU9gOOuyT+vyJssw. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:2222' (ECDSA) to the list of known hosts. Attempt to write login records by non-root user (aborting) Last login: Tue Aug 16 17:56:10 2016 Environment: USER=aris LOGNAME=aris HOME=/Users/aris PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/Cellar/openssh/7.3p1/bin MAIL=/var/mail/aris SHELL=/bin/bash SSH_CLIENT=::1 50924 2222 SSH_CONNECTION=::1 50924 ::1 2222 SSH_TTY=/dev/ttys005 TERM=xterm-256color aris at MacBook-Pro-de-Aris:~$ exit logout Connection to localhost closed. aris at MacBook-Pro-de-Aris[master]:~/git/openssh-portable$ man ssh_config aris at MacBook-Pro-de-Aris[master]:~/git/openssh-portable$ ssh -p 2222 -o EscapeChar=* localhost ssh: connect to host localhost port 2222: Connection refused aris at MacBook-Pro-de-Aris[master]:~/git/openssh-portable$ ssh -p 2222 -o EscapeChar=* localhost Attempt to write login records by non-root user (aborting) Last login: Tue Aug 16 17:56:10 2016 Environment: USER=aris LOGNAME=aris HOME=/Users/aris PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/Cellar/openssh/7.3p1/bin MAIL=/var/mail/aris SHELL=/bin/bash SSH_CLIENT=::1 54145 2222 SSH_CONNECTION=::1 54145 ::1 2222 SSH_TTY=/dev/ttys005 TERM=xterm-256color aris at MacBook-Pro-de-Aris:~$ aris at MacBook-Pro-de-Aris:~$ aris at MacBook-Pro-de-Aris:~$ *? Supported escape sequences: *. - terminate connection (and any multiplexed sessions) *B - send a BREAK to the remote system *C - open a command line *R - request rekey *V/v - decrease/increase verbosity (LogLevel) *^Z - suspend ssh *# - list forwarded connections *& - background ssh (when waiting for connections to terminate) *? - this message ** - send the escape character by typing it twice (Note that escapes are only recognized immediately after newline.) kex protocol error: type 7 seq 43 kex protocol error: type 7 seq 47 aris at MacBook-Pro-de-Aris:~$ ssh -V OpenSSH_7.3p1, OpenSSL 1.0.2h 3 May 2016 aris at MacBook-Pro-de-Aris:~$ exit logout Connection to localhost closed. aris at MacBook-Pro-de-Aris[master]:~/git/openssh-portable$ On 24/08/16 21:53, mancha wrote:> On Wed, Aug 24, 2016 at 07:06:29PM +0200, Aris Adamantiadis wrote: >> Hi, >> >> mancha and me debugged a problem with OpenSSH 7.3p1 that was reported >> on the #openssh freenode channel. Symptoms were that this message was >> popping on the console during a busy X11 session: kex protocol error: >> type 7 seq 1234 >> >> I managed to reproduce the problem, it is related to the SSH_EXT_INFO >> packet that is send by the server every time it is sending an >> SSH_NEWKEYS packet, hence after every rekeying. I reproduced it on my >> system with OpenSSH 7.3p1 and manually rekeying with escape R >> >> [SNIP] >> >> Mancha couldn't reproduce the issue, despite running both OpenSSH >> 7.3p1 client & server from upstream, with an empty configuration file. >> At this point I don't know why he's not affected. > Hello. > > I can shed a bit of light on why Aris hit the bug while I didn't when we > both used 7.3p1. > > When sshd 7.3 *does* use privilege separation (UsePrivilegeSeparation), > ssh->kex->ext_info_c == 0 on re-keys whether or not the client added > ext-info-c to its kex algos in KEXINIT of first key exchange (setting > ssh->kex->ext_info_c). > > When sshd 7.3 *does not* use privilege separation, if a client adds > ext-info-c in KEXINIT for its first key exchange, ssh->kex->ext_info_c > == 1 persists through re-keys and you get a client-side "kex protocol > error: type 7 seq XX" response to the server sending a "server-sig-algs" > SSH2_MSG_EXT_INFO packet after every SSH2_MSG_NEWKEYS. > > Operative code: kex.c:kex_send_newkeys() > > if (ssh->kex->ext_info_c) > if ((r = kex_send_ext_info(ssh)) != 0) > return r; > > Ref: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.112&r2=1.113 > > Cheers, > > --mancha > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 859 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20160829/04caf3b9/attachment-0001.bin>
thanks for analyzing the issue. this should fix it: --- kex.c +++ kex.c @@ -753,10 +753,8 @@ kex_choose_conf(struct ssh *ssh) char *ext; ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL); - if (ext) { - kex->ext_info_c = 1; - free(ext); - } + kex->ext_info_c = (ext != NULL); + free(ext); } /* Algorithm Negotiation */ -- 2016-08-24 19:06 GMT+02:00 Aris Adamantiadis <aris at badcode.be>:> Hi, > > mancha and me debugged a problem with OpenSSH 7.3p1 that was reported on > the #openssh freenode channel. Symptoms were that this message was > popping on the console during a busy X11 session: > kex protocol error: type 7 seq 1234 > > I managed to reproduce the problem, it is related to the SSH_EXT_INFO > packet that is send by the server every time it is sending an > SSH_NEWKEYS packet, hence after every rekeying. I reproduced it on my > system with OpenSSH 7.3p1 and manually rekeying with escape R > http://pastebin.com/Xk0dF0mc > > on the client side: > sshconnect2.c: > void > ssh_userauth2(const char *local_user, const char *server_user, char *host, > Sensitive *sensitive) > { > ... > ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); > ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, > &input_userauth_service_accept); > ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt.success, > &authctxt); /* loop until success */ > > pubkey_cleanup(&authctxt); > ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, > SSH2_MSG_USERAUTH_MAX, NULL); > > debug("Authentication succeeded (%s).", authctxt.method->name); > } > > Is the only place where the dispatch for that packet is set. However in > kex.c: > int > kex_input_ext_info(int type, u_int32_t seq, void *ctxt) > { > ... > debug("SSH2_MSG_EXT_INFO received"); > ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error); > ... > } > > Ensuring this packet will only be accepted before authentication. > However the server side is different: > int > kex_send_newkeys(struct ssh *ssh) > { > ... > debug("SSH2_MSG_NEWKEYS sent"); > debug("expecting SSH2_MSG_NEWKEYS"); > ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_input_newkeys); > if (ssh->kex->ext_info_c) > if ((r = kex_send_ext_info(ssh)) != 0) > return r; > return 0; > } > > There doesn't seem to have any logic in the client side that restricts > sending ext-info-c in the list of kex algorithms after the first key > exchange. However I couldn't find it in my kexinit proposal (even the > first one): > debug2: local client KEXINIT proposal > debug2: KEX algorithms: > curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 > debug2: host key algorithms: > ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa > debug2: ciphers ctos: > chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc > debug2: ciphers stoc: > chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc > debug2: MACs ctos: > umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: MACs stoc: > umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: compression ctos: none,zlib at openssh.com,zlib > debug2: compression stoc: none,zlib at openssh.com,zlib > debug2: languages ctos: > debug2: languages stoc: > > Mancha couldn't reproduce the issue, despite running both OpenSSH 7.3p1 > client & server from upstream, with an empty configuration file. At this > point I don't know why he's not affected. > > This bug is not very important anyway because the packet is simply > dropped with no consequence. > > Aris > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev