Subject: bin/17023: OpenSSH 3.2.1 not compatible with older ssh
To: None <gnats-bugs@gnats.netbsd.org>
From: None <bouyer@antioche.lip6.fr>
List: netbsd-bugs
Date: 05/25/2002 19:43:24
>Number: 17023
>Category: bin
>Synopsis: OpenSSH 3.2.1 not compatible with older ssh
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat May 25 10:44:03 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:
>Release: NetBSD 1.6_BETA1 checked out 2 hours ago
>Organization:
LIP6, Universite Paris VI.
>Environment:
client: OpenSSH_3.0.2 NetBSD_Secure_Shell-20020307, SSH protocols 1.5/2.0, OpenSSL 0x0090581f, from 1.5.3_BETA2
server: SSH-1.99-OpenSSH_3.2.1 NetBSD_Secure_Shell-20020513 from 1.6_BETA1
>Description:
older ssh client can't connect to the recently-imported sshd:
armandeche:/users/cao/bouyer>ssh -v swing
OpenSSH_3.0.2 NetBSD_Secure_Shell-20020307, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug1: Reading configuration data /users/cao/bouyer/.ssh/config
debug1: Reading configuration data /etc/ssh.conf
debug1: Applying options for *
debug1: restore_uid
debug1: ssh_connect: getuid 373 geteuid 0 anon 0
debug1: Connecting to swing [132.227.63.66] port 22.
debug1: Allocated local port 614.
debug1: temporarily_use_uid: 373/20 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /users/cao/bouyer/.ssh/identity type 0
debug1: identity file /users/cao/bouyer/.ssh/id_rsa type -1
debug1: identity file /users/cao/bouyer/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.2.1 NetBSD_Secure_Shell-20020513
debug1: match: OpenSSH_3.2.1 NetBSD_Secure_Shell-20020513 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.0.2 NetBSD_Secure_Shell-20020307
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 131/256
debug1: bits set: 1631/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'swing' is known and matches the RSA host key.
debug1: Found key in /users/cao/bouyer/.ssh/known_hosts:217
debug1: bits set: 1595/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug1: next auth method to try is hostbased
e54b 9eed 6112 391c f0c8 d3fc 335b f57e
Disconnecting: Bad packet length -448028947.
debug1: Calling cleanup 0x8059e90(0x0)
armandeche:/users/cao/bouyer>ssh -v -1 swing
OpenSSH_3.0.2 NetBSD_Secure_Shell-20020307, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug1: Reading configuration data /users/cao/bouyer/.ssh/config
debug1: Reading configuration data /etc/ssh.conf
debug1: Applying options for *
debug1: restore_uid
debug1: ssh_connect: getuid 373 geteuid 0 anon 0
debug1: Connecting to swing [132.227.63.66] port 22.
debug1: Allocated local port 613.
debug1: temporarily_use_uid: 373/20 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /users/cao/bouyer/.ssh/identity type 0
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.2.1 NetBSD_Secure_Shell-20020513
debug1: match: OpenSSH_3.2.1 NetBSD_Secure_Shell-20020513 pat OpenSSH*
debug1: Local version string SSH-1.5-OpenSSH_3.0.2 NetBSD_Secure_Shell-20020307
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'swing' is known and matches the RSA1 host key.
debug1: Found key in /users/cao/bouyer/.ssh/known_hosts:221
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying rhosts or /etc/hosts.equiv with RSA host authentication.
Disconnecting: Corrupted check bytes on input.
debug1: Calling cleanup 0x8059e90(0x0)
connecting from a ssh 1.2.27 client still works, though.
>How-To-Repeat:
try to ssh from a 1.5.x, x>=2 client to a 1.6_BETA1 server.
>Fix:
unknown.
>Release-Note:
>Audit-Trail:
>Unformatted: