netbsd-bugs: bin/17023: OpenSSH 3.2.1 not compatible with older ssh

Subject: bin/17023: OpenSSH 3.2.1 not compatible with older ssh
To: None <gnats-bugs@gnats.netbsd.org>
From: None <bouyer@antioche.lip6.fr>
List: netbsd-bugs
Date: 05/25/2002 19:43:24
>Number:         17023
>Category:       bin
>Synopsis:       OpenSSH 3.2.1 not compatible with older ssh
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat May 25 10:44:03 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        NetBSD 1.6_BETA1 checked out 2 hours ago
>Organization:

LIP6, Universite Paris VI.

>Environment:
	
client: OpenSSH_3.0.2 NetBSD_Secure_Shell-20020307, SSH protocols 1.5/2.0, OpenSSL 0x0090581f, from 1.5.3_BETA2 
server: SSH-1.99-OpenSSH_3.2.1 NetBSD_Secure_Shell-20020513 from 1.6_BETA1
>Description:
	older ssh client can't connect to the recently-imported sshd:
	armandeche:/users/cao/bouyer>ssh -v swing
	OpenSSH_3.0.2 NetBSD_Secure_Shell-20020307, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
	debug1: Reading configuration data /users/cao/bouyer/.ssh/config
	debug1: Reading configuration data /etc/ssh.conf
	debug1: Applying options for *
	debug1: restore_uid
	debug1: ssh_connect: getuid 373 geteuid 0 anon 0
	debug1: Connecting to swing [132.227.63.66] port 22.
	debug1: Allocated local port 614.
	debug1: temporarily_use_uid: 373/20 (e=0)
	debug1: restore_uid
	debug1: Connection established.
	debug1: read PEM private key done: type DSA
	debug1: read PEM private key done: type RSA
	debug1: identity file /users/cao/bouyer/.ssh/identity type 0
	debug1: identity file /users/cao/bouyer/.ssh/id_rsa type -1
	debug1: identity file /users/cao/bouyer/.ssh/id_dsa type 2
	debug1: Remote protocol version 1.99, remote software version OpenSSH_3.2.1 NetBSD_Secure_Shell-20020513
	debug1: match: OpenSSH_3.2.1 NetBSD_Secure_Shell-20020513 pat OpenSSH*
	Enabling compatibility mode for protocol 2.0
	debug1: Local version string SSH-2.0-OpenSSH_3.0.2 NetBSD_Secure_Shell-20020307
	debug1: SSH2_MSG_KEXINIT sent
	debug1: SSH2_MSG_KEXINIT received
	debug1: kex: server->client aes128-cbc hmac-md5 none
	debug1: kex: client->server aes128-cbc hmac-md5 none
	debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
	debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
	debug1: dh_gen_key: priv key bits set: 131/256
	debug1: bits set: 1631/3191
	debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
	debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
	debug1: Host 'swing' is known and matches the RSA host key.
	debug1: Found key in /users/cao/bouyer/.ssh/known_hosts:217
	debug1: bits set: 1595/3191
	debug1: ssh_rsa_verify: signature correct
	debug1: kex_derive_keys
	debug1: newkeys: mode 1
	debug1: SSH2_MSG_NEWKEYS sent
	debug1: waiting for SSH2_MSG_NEWKEYS
	debug1: newkeys: mode 0
	debug1: SSH2_MSG_NEWKEYS received
	debug1: done: ssh_kex2.
	debug1: send SSH2_MSG_SERVICE_REQUEST
	debug1: service_accept: ssh-userauth
	debug1: got SSH2_MSG_SERVICE_ACCEPT
	debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased
	debug1: next auth method to try is hostbased
	e54b 9eed 6112 391c f0c8 d3fc 335b f57e

	Disconnecting: Bad packet length -448028947.
	debug1: Calling cleanup 0x8059e90(0x0)

	armandeche:/users/cao/bouyer>ssh -v -1 swing
	OpenSSH_3.0.2 NetBSD_Secure_Shell-20020307, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
	debug1: Reading configuration data /users/cao/bouyer/.ssh/config
	debug1: Reading configuration data /etc/ssh.conf
	debug1: Applying options for *
	debug1: restore_uid
	debug1: ssh_connect: getuid 373 geteuid 0 anon 0
	debug1: Connecting to swing [132.227.63.66] port 22.
	debug1: Allocated local port 613.
	debug1: temporarily_use_uid: 373/20 (e=0)
	debug1: restore_uid
	debug1: Connection established.
	debug1: read PEM private key done: type DSA
	debug1: read PEM private key done: type RSA
	debug1: identity file /users/cao/bouyer/.ssh/identity type 0
	debug1: Remote protocol version 1.99, remote software version OpenSSH_3.2.1 NetBSD_Secure_Shell-20020513
	debug1: match: OpenSSH_3.2.1 NetBSD_Secure_Shell-20020513 pat OpenSSH*
	debug1: Local version string SSH-1.5-OpenSSH_3.0.2 NetBSD_Secure_Shell-20020307
	debug1: Waiting for server public key.
	debug1: Received server public key (768 bits) and host key (1024 bits).
	debug1: Host 'swing' is known and matches the RSA1 host key.
	debug1: Found key in /users/cao/bouyer/.ssh/known_hosts:221
	debug1: Encryption type: 3des
	debug1: Sent encrypted session key.
	debug1: Installing crc compensation attack detector.
	debug1: Received encrypted confirmation.
	debug1: Trying rhosts or /etc/hosts.equiv with RSA host authentication.
	Disconnecting: Corrupted check bytes on input.
	debug1: Calling cleanup 0x8059e90(0x0)

	connecting from a ssh 1.2.27 client still works, though.

>How-To-Repeat:
	try to ssh from a 1.5.x, x>=2 client to a 1.6_BETA1 server.
>Fix:
	unknown.
>Release-Note:
>Audit-Trail:
>Unformatted: