search for: kexgex_serv

...E TO #define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha256," \ "diffie-hellman-group-exchange-sha1" IN sshd.c kex = kex_setup(myproposal); kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->server = 1; CHANGE TO kex = kex_setup(myproposal); kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->server = 1; IN kex.h #define KEX_DH1 "diffie-hellman-group1-sha1" #...

...ing to lsof and this is what gdb has to say (no debug version, sorry): #0 0x0000002a968b1a92 in __read_nocancel () from /lib64/tls/libc.so.6 #1 0x000000552aadea26 in packet_get_int () from /usr/sbin/sshd #2 0x000000552aae3f75 in kex_input_kexinit () from /usr/sbin/sshd #3 0x000000552aacdb60 in kexgex_server () from /usr/sbin/sshd #4 0x0000002a96eb1c27 in converse () from /lib/security/pam_opie.so #5 0x0000002a96eb1d7a in pam_sm_authenticate () from /lib/security/pam_opie.so #6 0x0000002a957787aa in _pam_dispatch () from /lib64/libpam.so.0 #7 0x0000002a9577a182 in pam_authenticate () from /lib64/...

...ot;kexdh_server: key_sign failed"); + kex->sign(server_host_private, server_host_public, &signature, &slen, + hash, hashlen); /* destroy_sensitive_data(); */ diff --git a/kexgexs.c b/kexgexs.c index a543dda..3ef7710 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -68,10 +68,6 @@ kexgex_server(Kex *kex) if (server_host_public == NULL) fatal("Unsupported hostkey type %d", kex->hostkey_type); server_host_private = kex->load_host_private_key(kex->hostkey_type); - if (server_host_private == NULL) - fatal("Missing private key for hostkey type %d", -...

...I noticed the user's sshd was stuck and got a backtrace: (gdb) where #0 0x.. in select () from /lib/libc.so.6 #1 0x.. in packet_read_seqnr () from /usr/lib/libssh.so.3 #2 0x.. in packet_read () from /usr/lib/libssh.so.3 #3 0x.. in packet_read_expect () from /usr/lib/libssh.so.3 #4 0x.. in kexgex_server (kex=0x538900) at kexgexs.c:99 #5 0x.. in kex_setup () from /usr/lib/libssh.so.3 #6 0x.. in kex_input_kexinit () from /usr/lib/libssh.so.3 #7 0x.. in dispatch_run () from /usr/lib/libssh.so.3 #8 0x.. in process_buffered_input_packets () at serverloop.c:475 #9 0x.. in server_loop2 (authctxt=0...

...nt library: - client connects to OpenSSH 5.9+ server and they choose hmac-sha2-512 with diffie-hellman-group-exchange-sha256. - client sends MSG_KEX_DH_GEX_REQUEST DH group request with parameters (1024, 1024, 8192). I.e. minimum and preferred group size is 1024-bit, - OpenSSH server in kexgexs.c:kexgex_server processes this message and selects 1024-bit group, sending it back to client. - however, later, when it goes to shared secret generation, in dh.c:dh_gen_key code checks group size to be 2 * need >= BN_num_bits(dh->p), where need is set to 512 bit (by the size of HMAC, i assume ), produc...

...uint32 n, preferred size in bits of the group the server will send uint32 max, maximal size in bits of an acceptable group The min, n and max values have been previously sent from the client to server in a SSH_MSG_KEY_DH_GEX_REQUEST message. The corresponding section of code is in function kexgex_server in kexgexs.c: case SSH2_MSG_KEX_DH_GEX_REQUEST: debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); min = packet_get_int(); nbits = packet_get_int(); max = packet_get_int(); min = MAX(DH_GRP_MIN, min); max = MIN(DH_GRP_MAX, max); br...

...int bits) sshbuf_free(state); ASSERT_PTR_NE(server2->kex, NULL); /* XXX we need to set the callbacks */ +#ifdef WITH_OPENSSL server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; #ifdef OPENSSL_HAS_ECC server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server; server2->kex-&...

...KEX_CURVE25519_SHA256 "curve25519-sha256 at libssh.org" #define COMP_NONE 0 #define COMP_ZLIB 1 @@ -74,6 +75,7 @@ enum kex_exchange { KEX_DH_GEX_SHA1, KEX_DH_GEX_SHA256, KEX_ECDH_SHA2, + KEX_C25519_SHA256, KEX_MAX }; @@ -161,6 +163,8 @@ void kexgex_client(Kex *); void kexgex_server(Kex *); void kexecdh_client(Kex *); void kexecdh_server(Kex *); +void kexc25519_client(Kex *); +void kexc25519_server(Kex *); void kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, @@ -177,6 +181,11 @@ kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, ch...

...I noticed the user's sshd was stuck and got a backtrace: (gdb) where #0 0x.. in select () from /lib/libc.so.6 #1 0x.. in packet_read_seqnr () from /usr/lib/libssh.so.3 #2 0x.. in packet_read () from /usr/lib/libssh.so.3 #3 0x.. in packet_read_expect () from /usr/lib/libssh.so.3 #4 0x.. in kexgex_server (kex=0x538900) at kexgexs.c:99 #5 0x.. in kex_setup () from /usr/lib/libssh.so.3 #6 0x.. in kex_input_kexinit () from /usr/lib/libssh.so.3 #7 0x.. in dispatch_run () from /usr/lib/libssh.so.3 #8 0x.. in process_buffered_input_packets () at serverloop.c:475 #9 0x.. in server_loop2 (authctxt=0...

...========================= RCS file: /cvs/src/usr.bin/ssh/sshd.c,v retrieving revision 1.348 diff -u -r1.348 sshd.c --- sshd.c 6 Nov 2006 21:25:28 -0000 1.348 +++ sshd.c 15 Nov 2006 14:14:40 -0000 @@ -1999,6 +1999,7 @@ kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; + kex->kex[KEX_DH_GEX_CERT] = kexgex_server; kex->server = 1; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; Index: sshd_config.5 =============================================...

Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |