sshd and consequences of HostKeyAgent

Zev Weiss zev at bewilderbeest.net
Sun Jun 21 06:34:46 AEST 2015


On Sat, Jun 20, 2015 at 09:12:45PM +0200, Igor Bukanov wrote:
>Hello,
>
>I tried to use HostKeyAgent with sshd 6.7 under Linux. That worked for
>Linux clients. However, when I tried to connect from OpenSSH 6.2 under
>Mac OS X, the server disconnects:
>
>debug2: bits set: 1026/2048
>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>Connection closed by 84.22.97.209
>
>When I disabled HostKeyAgent and switched HostKey back to the private
>keys, then I could connect from the Mac client again.This implies that
>HostKeyAgent somehow affects the bytes that are sent to the client.
>
>Why is it so? I.e. shouldn't HostKeyAgent just be an implementation
>detail that should not affect the client in any way?
>

Apologies if this is overly obvious, but are you certain you added a key 
of a type supported by the client to the hostkey agent?  The 
Apple-supplied, nominally-6.2 ssh client on my OSX machine doesn't seem 
to support anything but RSA and DSS, so with that client I get the same 
behavior you note above with only ECDSA & ED25519 hostkeys added to the 
server's agent, but after also adding an RSA key it works fine.  (A 6.7 
client I have from MacPorts does support ECDSA and ED25519 though, for 
what it's worth.)


Zev



More information about the openssh-unix-dev mailing list