sshd and consequences of HostKeyAgent
Zev Weiss
zev at bewilderbeest.net
Sun Jun 21 06:34:46 AEST 2015
On Sat, Jun 20, 2015 at 09:12:45PM +0200, Igor Bukanov wrote:
>Hello,
>
>I tried to use HostKeyAgent with sshd 6.7 under Linux. That worked for
>Linux clients. However, when I tried to connect from OpenSSH 6.2 under
>Mac OS X, the server disconnects:
>
>debug2: bits set: 1026/2048
>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>Connection closed by 84.22.97.209
>
>When I disabled HostKeyAgent and switched HostKey back to the private
>keys, then I could connect from the Mac client again.This implies that
>HostKeyAgent somehow affects the bytes that are sent to the client.
>
>Why is it so? I.e. shouldn't HostKeyAgent just be an implementation
>detail that should not affect the client in any way?
>
Apologies if this is overly obvious, but are you certain you added a key
of a type supported by the client to the hostkey agent? The
Apple-supplied, nominally-6.2 ssh client on my OSX machine doesn't seem
to support anything but RSA and DSS, so with that client I get the same
behavior you note above with only ECDSA & ED25519 hostkeys added to the
server's agent, but after also adding an RSA key it works fine. (A 6.7
client I have from MacPorts does support ECDSA and ED25519 though, for
what it's worth.)
Zev
More information about the openssh-unix-dev
mailing list