search for: mm_answer_sign

I have a Putty variant that works well with openSSH up until 7.4. After git bisecting I found that after the application of c38ea634893a1975dbbec798fb968c9488013f4a the client fails with host key mismatch. The commit in question appears to remove vestiges of ssh-1 support but my client is using 2.0. I am trying to work out what in that commit would lead to the symptoms. I have been through the

...g1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 130/256 debug1: bits set: 1619/3191 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1655/3191 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 0x809efa8(143) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_rece...

...the reply. I?ll give that a try and report back. Damien, Thank you; that was an absolutely golden recommendation. Turning on SANDBOX_SECCOMP_FILTER_DEBUG was the magic, that did, in fact, uncover an unexpected system call violation: ? debug3: monitor_read: checking request 6 debug3: mm_answer_sign: entering debug3: mm_answer_sign: ecdsa-sha2-nistp256 KEX signature len=101 debug3: mm_request_send: entering, type 7 debug2: monitor_read: 6 used once, disabling now debug3: send packet: type 31 [preauth] debug3: send packet: type 21 [preauth] debug2: ssh_set_newkeys: mode...

...2_MSG_KEXDH_INIT debug1: bits set: 487/1024 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 0x80975c8(143) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: Enabling compression at level 6. debug1: SSH2_MSG_NEWKEYS sent debug...

...ebug3: mm_request_receive entering debug1: dh_gen_key: priv key bits set: 119/256 debug1: bits set: 1552/3191 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1613/3191 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 20038b08(143) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_recei...

...n me here. When it works, it continues: debug2: dh_gen_key: priv key bits set: 178/384 debug2: bits set: 505/1024 debug1: expecting SSH2_MSG_KEXDH_INIT debug2: bits set: 505/1024 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 103580(55) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive...

...ng: type 6 [preauth] debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth] debug3: mm_request_receive_expect entering: type 7 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_sign debug3: mm_answer_sign: hostkey proof signature 0x1164880(100) debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: send packet: type 31 [preauth] debug3: send packet: type 21 [preauth] debug2: set_newkeys: mode 1 [preauth] de...

...debug3: mm_request_receive entering debug2: dh_gen_key: priv key bits set: 133/256 debug2: bits set: 786/1535 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug2: bits set: 780/1535 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 12b3c0(55) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive...

...g1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 121/256 debug1: bits set: 1612/3191 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1595/3191 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive entering debug3: mm_answer_sign: signature 0x809f278(55) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_recei...

...receive entering debug1: bits set: 547/1024 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 121938(143) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: wa...

...2_MSG_KEXDH_INIT debug1: bits set: 513/1024 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 116990(143) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newk...

...ug3: mm_request_send entering: type 6 [preauth] debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth] debug3: mm_request_receive_expect entering: type 7 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_sign debug3: mm_answer_sign: hostkey proof signature 0x7fd190fb2a60(271) debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug2: set_newkeys: mode 1 [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug2: set_newkey...

...g1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 132/256 debug1: bits set: 1566/3191 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1626/3191 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive entering debug3: mm_answer_sign: signature 0x80a09a0(143) debug3: mm_request_send entering: type 5 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: n...

...tted request 6 Damien Miller proposed setting up a pipe shared between the monitor and child, and making the child wait until the monitor end closes, which it should do after permitting the monitor calls. I believe the pipe close (granting permission to continue) should be at the end of monitor.c:mm_answer_sign, right after the line: monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); Of course, I could be wrong. On the other hand, I have not been able to figure out where to place the pipe read (waiting for permission) call. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --...

...ebug3: mm_request_receive entering debug1: dh_gen_key: priv key bits set: 201/384 debug1: bits set: 2088/4095 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 2006/4095 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 1ea800(143) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive...

After upgrading a Linux system from OpenSSH 6.7 to 6.9, Cisco switches/routers can no longer scp config files to/from the system. The last debug entry before the Cisco device closes the connection is "debug1: server_input_channel_open: confirm session". The next line is "Connection closed by x.x.x.x". Anyone else seen this or know of a fix? The Cisco device gives

...g1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 145/256 debug1: bits set: 1565/3191 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1640/3191 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 0x80a4530(143) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_rece...

...lude "ssh2.h" #include "jpake.h" #include "roaming.h" +#include "authfd.h" #ifdef GSSAPI static Gssctxt *gsscontext = NULL; @@ -686,6 +687,8 @@ mm_answer_moduli(int sock, Buffer *m) return (0); } +extern AuthenticationConnection *auth_conn; + int mm_answer_sign(int sock, Buffer *m) { @@ -714,10 +717,16 @@ mm_answer_sign(int sock, Buffer *m) memcpy(session_id2, p, session_id2_len); } - if ((key = get_hostkey_by_index(keyid)) == NULL) + if ((key = get_hostkey_by_index(keyid)) != NULL) { + if (key_sign(key, &signature, &siglen, p, datlen) &l...

...bug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug2: dh_gen_key: priv key bits set: 115/256 debug2: bits set: 544/1024 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug2: bits set: 529/1024 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 0x8117390(143) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_rece...

...bug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug2: dh_gen_key: priv key bits set: 138/256 debug2: bits set: 493/1024 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug2: bits set: 505/1024 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_request_receive entering debug3: mm_answer_sign: signature 200426f8(143) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug3: mm_request_receive entering debug2: kex_derive_keys debug2: set_newkeys: mode...