FreeBSD 4.2 OpenSSH2.3.0 client vs Red Hat 6.2 OpenSSH2.5.1p1 sshd

Mark D. Baushke mdb at juniper.net
Tue Feb 20 06:19:44 EST 2001 

mdb-bsd is a FreeBSD 4.2-STABLE box morpheus is a Red Hat Linux 6.2
box with openssl 0.9.6 on it.

Attempts to use SSHv2 fail. Using SSHv1 succeeds.

sshd from OpenSSH2.5.1p1 is getting a
fatal: xfree: NULL pointer given as argument

Full client and server interaction given below.

	-- Mark

Script started on Mon Feb 19 10:47:01 2001
1:mdb at mdb-bsd$ ssh -v -v -v -2 -x morpheus date
SSH Version OpenSSH_2.3.0, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /homes/mdb/.ssh/config
debug: Applying options for *
debug: Reading configuration data /etc/ssh/ssh_config
debug: ssh_connect: getuid 1513 geteuid 1513 anon 1
debug: Connecting to dsl-mdb-home2.juniper.net [172.16.165.75] port 22.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p1
debug: no match: OpenSSH_2.5.1p1
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.3.0
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit: 
debug: got kexinit: 
debug: first kex follow: 0 
debug: reserved: 0 
debug: done
debug: kex: server->client 3des-cbc hmac-sha1 none
debug: kex: client->server 3des-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug: bits set: 1044/2049
debug: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
Connection closed by 172.16.165.75
debug: Calling cleanup 0x8058114(0x0)
2:mdb at mdb-bsd$ exit
Script done on Mon Feb 19 10:47:24 2001

The above is the client and below is the server for the same
transaction

Script started on Mon Feb 19 10:46:39 2001
1:mdb at morpheus$ sudo /usr/sbin/sshd -d -d -d
debug1: sshd version OpenSSH_2.5.1p1
debug1: load_private_key_autodetect: type 0 RSA1
debug3: Bad RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read SSH2 private key done: name dsa w/o comment success 1
debug1: load_private_key_autodetect: type 2 DSA
debug1: Seeding random number generator
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
debug1: Seeding random number generator
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 172.17.12.132 port 3160
debug1: Client protocol version 2.0; client software version OpenSSH_2.3.0
debug1: match: OpenSSH_2.3.0 pat ^OpenSSH_2\.3\.0
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_2.5.1p1
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: list_hostkey_types: ssh-dss
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug1: got kexinit: ssh-dss
debug1: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug1: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug1: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug1: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug1: got kexinit: none
debug1: got kexinit: none
debug1: got kexinit: 
debug1: got kexinit: 
debug1: first kex follow: 0 
debug1: reserved: 0 
debug1: done
debug2: mac_init: found hmac-sha1
debug1: kex: client->server 3des-cbc hmac-sha1 none
debug2: mac_init: found hmac-sha1
debug1: kex: server->client 3des-cbc hmac-sha1 none
debug1: Wait SSH2_MSG_KEX_DH_GEX_REQUEST.
debug1: Sending SSH2_MSG_KEX_DH_GEX_GROUP.
debug1: bits set: 1042/2049
debug1: Wait SSH2_MSG_KEX_DH_GEX_INIT.
debug1: bits set: 1044/2049
fatal: xfree: NULL pointer given as argument
debug1: Calling cleanup 0x80638a0(0x0)
2:mdb at morpheus$ exit
Script done on Mon Feb 19 10:47:25 2001

More information about the openssh-unix-dev mailing list