ietf-ssh3%denisbider.com@localhost <ietf-ssh3%denisbider.com@localhost> writes:
In our 8.xx versions up to 8.19, the SSH Server will unconditionally send
this global request after successful authentication to inform the client
of its other host keys. This allows a client to auto-verify those host
keys, allowing for host key rotation.
Do you have a test server up that we can run clients against?
We suspect some users may also be using ancient OpenSSH versions on their
production servers that cannot be upgraded. This may include versions
before 3.1, which first supported client-side receipt of global requests.
I ran into one only recently, 3.something, where something was probably 7,
which had an interesting bug: If you connected and sent a
SSH_MSG_KEX_DH_GEX_REQUEST, it returned in invalid keyex signature. If you
sent a SSH_MSG_KEX_DH_GEX_REQUEST_OLD, it worked. 3.7 is from 2003 whereas
RFC 4419 is from 2006, postdating the implementation. My guess is that it
computes the signature over some form of the _REQUEST_OLD information rather
than the newer _REQUEST info, but I haven't bothered looking at the code.
While I'm on the subject of OpenSSH, why the *&(*)&() does it disable all
the mandatory-to-implement symmetric ciphers in its default configuration
post 7.x? It can't really be called an implementation of the SSH spec if
no MTI ciphers are supported in its out-of-the-box config.
Peter.