[Bug 2725] can't login

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jun 23 14:39:09 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2725

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au

--- Comment #3 from Darren Tucker <dtucker at zip.com.au> ---
I tried reproducing this with a local build of that (12 year old!)
version of dropbear.  Surprisingly I was able to reproduce it.  On the
sever it says:

[32036] Jun 23 13:56:04 Child connection from 127.0.0.1:41420
[32036] Jun 23 13:56:04 exit before auth: bad buf_getwriteptr

After some experimentation, it seems to be related to the total size of
the KEX proposal (I'd guess <512 bytes).  If we keep adding redundant
MACs to the proposal it fails when the MAC list gets to 350 bytes:

$ mac=hmac-sha1; while ssh -p 2022 -o hostkeyalgorithms=ssh-dss -o
kexalgorithms=diffie-hellman-group1-sha1 -caes128-cbc -m $mac localhost
echo ok; do mac="$mac,hmac-sha1"; echo -n "`echo $mac | wc -c` "; done

[...]
330 ok
340 ok
350 Connection closed by 127.0.0.1 port 2022

If you make any of the other algorithm lists longer then it'll fail
correspondingly earlier.

So, it's a bug or implementation limit in the server.  You can work
around it on the client side as you have discovered.

The client could conceivably use the bug bits in compat.{c,h} to limit
what it sends in these cases but I'm not sure it's worth the
complexity.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list