[Bug 3663] New: KEX host signature length wrong since strict kex introduced

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Feb 5 21:00:53 AEDT 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3663

            Bug ID: 3663
           Summary: KEX host signature length wrong since strict kex
                    introduced
           Product: Portable OpenSSH
           Version: 9.6p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: neal.gooch at techmahindra.com

Created attachment 3786
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3786&action=edit
Wireshark decode of single packet

When running openssh-clients-8.0p1-19.el8_9.2.x86_64.rpm (Redhat
derivative which includes the strict kex changes in 9.6p1) we are
unable to using Putty v0.80 which includes its strict kex changes.

Putty reports “Incorrect MAC received on packet”

This on its own doesn't say which end is at fault.

Wireshark decode of my SSH connection gives a Expert warning that the
KEX host signature (ssh-ed25519) has a host signature length of 83
bytes (packet length) but it decoded 19 bytes.

This leads me to think it is OpenSSH at fault.

Interestingly an ssh session from another server running the same
version of openssh doesn't spot this issue and will connect - so there
might be two issues - one the server end not building this packet
correctly and one on the client end not detecting it.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list