SSH 2.2.0

Thu Jun 22 10:48:08 EST 2000

On Wed, Jun 21, 2000 at 03:21:23PM -0700, Gary E. Miller wrote:
> Yo All!
> 
> I have been playing with SSH 2.2.0 from www.ssh.com.  I can not
> connect to openssh 2.2.1p1 using Ver 2 protocol from ssh Ver 2.2.0.
> Ver 1 works fine.
> 
> See below for the debug output from both ends
> 
> If I force hmac-md5 (-m hmac-md5) from the sender it works!
> The other 3 choices fail: hmac-sha1; hmac-md5-96; and none.
> 
> I have no problem connecting to this openssh host (hobbes) from
> SeccureCRT Ver 3.1b2 or SSH V 2.0.13.
> 
> I also have no problem connecting from SecureCRT 3.1b2 to ssh 2.2.0
> (after I select "Standard Server" on the client end).
> 
> Any ideas?

i don't agree with what ssh.com uses as authkey size for hmac-sha1.
hmac-md5-96 is not implemented by openssh.

try the attached patches.

-markus
-------------- next part --------------
Index: compat.c
===================================================================
RCS file: /home/markus/cvs/ssh/compat.c,v
retrieving revision 1.14
retrieving revision 1.17
diff -IRCSID -u -r1.14 -r1.17

--- compat.c	2000/05/22 18:42:01	1.14
+++ compat.c	2000/06/20 01:39:40	1.17
@@ -61,6 +61,7 @@
 		char	*version;
 		int	bugs;
 	} check[] = {
+		{"2.2.0",	SSH_BUG_HMAC|SSH_COMPAT_SESSIONID_ENCODING},
 		{"2.1.0",	SSH_BUG_SIGBLOB|SSH_BUG_HMAC},
 		{"2.0.1",	SSH_BUG_SIGBLOB|SSH_BUG_HMAC|SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD},
 		{NULL,		0}
Index: compat.h
===================================================================
RCS file: /home/markus/cvs/ssh/compat.h,v
retrieving revision 1.7
retrieving revision 1.9
diff -IRCSID -u -r1.7 -r1.9
--- compat.h	2000/05/08 17:42:24	1.7
+++ compat.h	2000/06/20 01:39:40	1.9
@@ -40,6 +40,7 @@
 #define SSH_BUG_PUBKEYAUTH	0x02
 #define SSH_BUG_HMAC		0x04
 #define SSH_BUG_X11FWD		0x08
+#define SSH_COMPAT_SESSIONID_ENCODING		0x10
 
 void    enable_compat13(void);
 void    enable_compat20(void);
Index: sshconnect2.c
===================================================================
RCS file: /home/markus/cvs/ssh/sshconnect2.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -IRCSID -u -r1.13 -r1.14
--- sshconnect2.c	2000/06/02 02:00:19	1.13
+++ sshconnect2.c	2000/06/19 00:50:11	1.14
@@ -295,6 +295,7 @@
 	unsigned char *blob, *signature;
 	int bloblen, slen;
 	struct stat st;
+	int skip = 0;
 
 	if (stat(filename, &st) != 0) {
 		debug("key does not exist: %s", filename);
@@ -321,7 +322,13 @@
 
 	/* data to be signed */
 	buffer_init(&b);
-	buffer_append(&b, session_id2, session_id2_len);
+	if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) {
+		buffer_put_string(&b, session_id2, session_id2_len);
+		skip = buffer_len(&b);
+	} else {
+		buffer_append(&b, session_id2, session_id2_len);
+		skip = session_id2_len; 
+	}
 	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
 	buffer_put_cstring(&b, server_user);
 	buffer_put_cstring(&b,
@@ -357,9 +364,9 @@
 	xfree(signature);
 
 	/* skip session id and packet type */
-	if (buffer_len(&b) < session_id2_len + 1)
+	if (buffer_len(&b) < skip + 1)
 		fatal("ssh2_try_pubkey: internal error");
-	buffer_consume(&b, session_id2_len + 1);
+	buffer_consume(&b, skip + 1);
 
 	/* put remaining data from buffer into packet */
 	packet_start(SSH2_MSG_USERAUTH_REQUEST);
-------------- next part --------------
Index: kex.c
===================================================================
RCS file: /home/markus/cvs/ssh/kex.c,v
retrieving revision 1.8
diff -u -r1.8 kex.c
--- kex.c	2000/06/20 01:39:41	1.8
+++ kex.c	2000/06/22 00:47:37
@@ -360,11 +360,17 @@
 		mac->md = EVP_sha1();
 	} else if (strcmp(name, "hmac-ripemd160 at openssh.com") == 0) {
 		mac->md = EVP_ripemd160();
+	} else if (strcmp(name, "hmac-md5-96") == 0) {
+		mac->md = EVP_md5();
+	} else if (strcmp(name, "hmac-sha-96") == 0) {
+		mac->md = EVP_sha1();
 	} else {
 		fatal("unsupported mac %s", name);
 	}
 	mac->name = name;
 	mac->mac_len = mac->md->md_size;
+	if (strstr(name, "-96") == 0 && mac->mac_len > 96)
+		mac->mac_len = 96/8;
 	mac->key_len = (datafellows & SSH_BUG_HMAC) ? 16 : mac->mac_len;
 	mac->key = NULL;
 	mac->enabled = 0;
