Fwd: need help in ssh client: key exchange

foo foo foomail123 at yahoo.com
Thu Apr 25 08:08:49 EST 2002 

more info, I see:


<..clipped.. >
Wait SSH2_MSG_KEX_DH_GEX_REPLY.
Got SSH2_MSG_KEXDH_REPLY.
ssh_rsa_verify: RSA_verify failed: error:04077077:rsa
routines:RSA_verify:wrong signature length
ssh_rsa_verify: signature incorrect
key_verify failed for server_host_key


<..clipped..>

Is there a known/incompatibility issue with
2.3.1 OpenSSH client and higher software version
Open_sshd ?


Thank you,

--- foo foo <foomail123 at yahoo.com> wrote:
> 
> This is debugs seen on server, whose keys are
> not accepted by the client:
> 
> 
> debug1: Seeding random number generator
> debug1: sshd version OpenSSH_2.5.2p2
> debug1: load_private_key_autodetect: type 0 RSA1
> debug1: read SSH2 private key done: name rsa w/o
> comment success 1
> debug1: load_private_key_autodetect: type 1 RSA
> debug1: read SSH2 private key done: name dsa w/o
> comment success 1
> debug1: load_private_key_autodetect: type 2 DSA
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug1: Server will not fork when running in
> debugging
> mode.
> Connection from a.b.c.d port xxx
> debug1: Client protocol version 2.0; client software
> version OpenSSH_2.3.1p1
> debug1: match: OpenSSH_2.3.1p1 pat ^OpenSSH
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string
> SSH-1.99-OpenSSH_2.5.2p2
> debug1: Rhosts Authentication disabled, originating
> port not trusted.
> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> debug1: send KEXINIT
> debug1: done
> debug1: wait KEXINIT
> debug1: got kexinit:
>
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug1: got kexinit: ssh-rsa,ssh-dss
> debug1: got kexinit:
>
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192
>
-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lys
> ator.liu.se
> debug1: got kexinit:
>
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192
>
-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lys
> ator.liu.se
> debug1: got kexinit:
> hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
> debug1: got kexinit:
> hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
> debug1: got kexinit: none
> debug1: got kexinit: none
> debug1: got kexinit:
> debug1: got kexinit:
> debug1: first kex follow: 0
> debug1: reserved: 0
> debug1: done
> debug1: kex: client->server 3des-cbc hmac-sha1 none
> debug1: kex: server->client 3des-cbc hmac-sha1 none
> debug1: Wait SSH2_MSG_KEX_DH_GEX_REQUEST.
> debug1: Sending SSH2_MSG_KEX_DH_GEX_GROUP.
> debug1: dh_gen_key: priv key bits set: 197/384
> debug1: bits set: 1016/2049
> debug1: Wait SSH2_MSG_KEX_DH_GEX_INIT.
> debug1: bits set: 1039/2049
> debug1: send SSH2_MSG_NEWKEYS.
> debug1: done: send SSH2_MSG_NEWKEYS.
> debug1: Wait SSH2_MSG_NEWKEYS.
> Connection closed by a.b.c.d
> debug1: Calling cleanup 0x8065fa0(0x0)              
>  
>                         
> 
> 
> 
> Note: forwarded message attached.
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Games - play chess, backgammon, pool and more
> http://games.yahoo.com/

> ATTACHMENT part 2 message/rfc822 
> From: foo foo <foomail123 at yahoo.com>
> Subject: need help in ssh client: key exchange
> To: openssh-unix-dev at mindrot.org
> Date: Wed, 24 Apr 2002 13:13:16 -0700 (PDT)
> 
> Hello,
> 
> I have a problem with ssh client.
> I have:
> 
> SSH-2.0-OpenSSH_2.3.1p1
> 
> When I try to connect to a sshd server (USING V2):
> Remote protocol version 1.99, remote software
> version
> OpenSSH_2.5.2p2
> 
> or
> 
> Remote protocol version 2.0, remote software version
> OpenSSH_3.0.1p1
> 
> 
> I get error (looking at codebase):
> 
> In sshconnect2.c:
> 
>         ssh_dhgex_client(kex, host, hostaddr,
> client_kexinit,
>                  server_kexinit);
> 
> 
>     if (key_verify(server_host_key, (u_char
> *)signature, slen, hash, 20) != 1){
>         fatal("key_verify failed for
> server_host_key");
>         exit(-109);
>     }
> 
> 
> I see:
> (gdb) p key->type
> $1 = 1
> 
> which would mean: KEY_RSA.
> 
> Can someone please let me know: why in
> file key.c:
>     case KEY_RSA:
>         return ssh_rsa_verify(key, signature,
> signaturelen, data, datalen);
>         break;
> 
> when would  routine:
> 
> ssh_rsa_verify(..) fail and why ?
> 
> I am trying to do password based authentication
> on V2. Is it mandatory that v2 used only RSA based
> authentication ?
> 
> Any help/info is appreciated.
> 
> Thank you,
> 
> 
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Games - play chess, backgammon, pool and more
> http://games.yahoo.com/
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
>
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev


__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/

More information about the openssh-unix-dev mailing list