[Bug 2725] can't login
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Jun 23 14:39:09 AEST 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2725
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #3 from Darren Tucker <dtucker at zip.com.au> ---
I tried reproducing this with a local build of that (12 year old!)
version of dropbear. Surprisingly I was able to reproduce it. On the
sever it says:
[32036] Jun 23 13:56:04 Child connection from 127.0.0.1:41420
[32036] Jun 23 13:56:04 exit before auth: bad buf_getwriteptr
After some experimentation, it seems to be related to the total size of
the KEX proposal (I'd guess <512 bytes). If we keep adding redundant
MACs to the proposal it fails when the MAC list gets to 350 bytes:
$ mac=hmac-sha1; while ssh -p 2022 -o hostkeyalgorithms=ssh-dss -o
kexalgorithms=diffie-hellman-group1-sha1 -caes128-cbc -m $mac localhost
echo ok; do mac="$mac,hmac-sha1"; echo -n "`echo $mac | wc -c` "; done
[...]
330 ok
340 ok
350 Connection closed by 127.0.0.1 port 2022
If you make any of the other algorithm lists longer then it'll fail
correspondingly earlier.
So, it's a bug or implementation limit in the server. You can work
around it on the client side as you have discovered.
The client could conceivably use the bug bits in compat.{c,h} to limit
what it sends in these cases but I'm not sure it's worth the
complexity.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list