Re: Interop lsh and SSH-2.0-GitLab-SSHD

[Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>]

Niels Möller <nisse%lysator.liu.se@localhost> writes:

>I send a SSH_MSG_USERAUTH_REQUEST with "publickey", algorithm name "rsa-
>sha2-256", and signature included right away. With "ssh-rsa" in the key blob,
>and "rsa-sha2-256" in the signature blob.
>
>But authenticating in the same way to gitlab.com still fails. The curious
>thing is that the server appears to just close the connection, I don't get
>any SSH_MSG_USERAUTH_FAILURE, not even a SSH_MSG_DISCONNECT. So either the
>server is experiencing some kind of crash/exception/panic (if I understood it
>right, it's implemented in golang). Or it is rather impolite in not reporting
>errors to my client.

I'm doing the same thing:

Wrote SSH_MSG_USERAUTH_REQUEST (50) packet, length 497.
0000: 00 00 00 0A XX XX XX XX XX XX XX XX XX XX 00 00 ....XXXXXXXXXX..
0016: 00 0E 73 73 68 2D 63 6F 6E 6E 65 63 74 69 6F 6E ..ssh-connection
0032: 00 00 00 09 70 75 62 6C 69 63 6B 65 79 01 00 00 ....publickey...
0048: 00 0C 72 73 61 2D 73 68 61 32 2D 32 35 36 00 00 ..rsa-sha2-256..
0064: 00 D7 00 00 00 07 73 73 68 2D 72 73 61 00 00 00 ......ssh-rsa...
0080: 03 01 00 01 00 00 00 C1 00 E4 C5 6B 62 93 98 2F ...........kb../
[...]

and getting back the expected:

Read SSH_MSG_USERAUTH_FAILURE (51) packet, length 14.
0000: 00 00 00 09 70 75 62 6C 69 63 6B 65 79 00       ....publickey.

because it's some random key I made up.

>If I instead send a SSH_MSG_USERAUTH_REQUEST with method "none" (to query for
>supported methods), I get a proper SSH_MSG_USERAUTH_FAILURE in response,
>listing "publickey" as authentications that can continue.

This is a known bug in some implementations, but since I'm getting the
expected SSH_MSG_USERAUTH_FAILURE it must be something else in this case.

Peter.