Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 3663] KEX host signature length wrong since strict kex introduced
bugzilla-daemon at mindrot
Feb 5, 2024, 2:15 PM
Post #1 of 6 (106 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3663

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org

--- Comment #1 from Damien Miller <djm@mindrot.org> ---
Sorry, but I don't follow your report. Are you saying that you're
connecting with PuTTY to OpenSSH sshd 8.0?

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3663] KEX host signature length wrong since strict kex introduced [ In reply to ]
bugzilla-daemon at mindrot
Feb 5, 2024, 3:08 PM
Post #2 of 6 (106 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3663

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker@dtucker.net

--- Comment #2 from Darren Tucker <dtucker@dtucker.net> ---
Given that a) the problem is in strict kex and b) *our* 8.0p1 doesn't
have strict kex it sounds like the problem might be Redhat's patches to
8.0. If so, you need to report the problem to Redhat.

Can you reproduce the problem with stock OpenSSH 9.6p1 compiled from
source?

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3663] KEX host signature length wrong since strict kex introduced [ In reply to ]
bugzilla-daemon at mindrot
Feb 6, 2024, 6:29 PM
Post #3 of 6 (106 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3663

--- Comment #3 from Darren Tucker <dtucker@dtucker.net> ---
BTW, our interop tests for 9.6p1 test against PuTTY's plink if it's
found at configure time. (Older versions also had the tests, but they
needed to be manually enabled).

The tests don't report the plink version (and the tests run by the CI
will depend on what's on the runners Github supplies) but at least
some of our private VMs have 0.80 and pass the tests:

$ cd openssh-9.6p1
$ ./configure && make interop-tests
[...]
run test putty-transfer.sh ...
putty transfer data: compression 0
putty transfer data: compression 1
ok putty transfer data
run test putty-ciphers.sh ...
putty ciphers: cipher aes
putty ciphers: cipher 3des
putty ciphers: cipher aes128-ctr
putty ciphers: cipher aes192-ctr
putty ciphers: cipher aes256-ctr
putty ciphers: cipher chacha20
ok putty ciphers
run test putty-kex.sh ...
putty KEX: kex dh-gex-sha1
putty KEX: kex dh-group1-sha1
putty KEX: kex dh-group14-sha1
putty KEX: kex ecdh
ok putty KEX
[...]
all interop-tests passed

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3663] KEX host signature length wrong since strict kex introduced [ In reply to ]
bugzilla-daemon at mindrot
Feb 7, 2024, 4:30 AM
Post #4 of 6 (106 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3663

--- Comment #4 from Neal Gooch <neal.gooch@techmahindra.com> ---
Two updates:

1) Wireshark 4.2.2 (latest at time of writing) no longer gives that
expert warning (checked with original capture files) so this was a
red-herring and a Wireshark issue.

2) Oracle have removed openssh-8.0p1-19.el8_9.2.x86_64.rpm from their
yum repos....

So this looks to be an issue during backporting by either Redhat or
Oracle

On this basis happy to close!

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3663] KEX host signature length wrong since strict kex introduced [ In reply to ]
bugzilla-daemon at mindrot
Feb 7, 2024, 4:30 AM
Post #5 of 6 (106 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3663

Neal Gooch <neal.gooch@techmahindra.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3663] KEX host signature length wrong since strict kex introduced [ In reply to ]
bugzilla-daemon at mindrot
Feb 7, 2024, 4:46 AM
Post #6 of 6 (106 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3663

--- Comment #5 from Darren Tucker <dtucker@dtucker.net> ---
I've also added some explicit PuTTY interop tests against a bunch of
PuTTY versions
(https://github.com/openssh/openssh-portable/actions/runs/7814553545,
assuming I didn't make a mistake in the change).

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal