[Bug 148] New: Key Exchange Guesses not supported
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Mar 8 07:33:07 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=148
Summary: Key Exchange Guesses not supported
Product: Portable OpenSSH
Version: 3.0p1
Platform: All
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: Darren.Moffat at Sun.COM
This was discovered at Connectathon 2002 while testing against SSH.COM
with their compat flags disabled (they currently don't send guess to
any OpenSSH server since they know it isn't implemented).
draft-ietf-secsh-transport-13.txt
5. Key Exchange
Key exchange begins by each side sending lists of supported
algorithms. Each side has a preferred algorithm in each category,
and it is assumed that most implementations at any given time will
use the same preferred algorithm. Each side MAY guess which
algorithm the other side is using, and MAY send an initial key
exchange packet according to the algorithm if appropriate for the
preferred method.
Guess is considered wrong, if:
o the kex algorithm and/or the host key algorithm is guessed wrong
(server and client have different preferred algorithm), or
o if any of the other algorithms cannot be agreed upon (the
procedure is defined below in Section Section 5.1).
Otherwise, the guess is considered to be right and the optimistically
sent packet MUST be handled as the first key exchange packet.
The current code for kex in OpenSSH assumes that they only acceptable
packet is a NEWKEYS by using this code fragment:
packet_read_expect(SSH2_MSG_NEWKEYS);
SSH2_MSG_KEXDH_INIT can arrive if the other side sends a guess.
I have a partial solution (only works if the client guess was our prefered),
solution for the server side but this needs client support as well.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list