On-going portability issue with 9.9p2

Dennis Clarke dclarke at blastwave.org
Sun Mar 2 13:41:51 AEDT 2025 

On 3/1/25 20:42, Damien Miller wrote:
> On Sat, 1 Mar 2025, Dennis Clarke wrote:
> 
>> Looks good here :
>>
>> sparc64$ ./ssh -V
>> OpenSSH_9.9p2, OpenSSL 3.4.1 11 Feb 2025
>> sparc64$
>>
>>
>> sparc64$
>> sparc64$ ./ssh -oKEXAlgorithms=mlkem768x25519-sha256 -v hermes
>> OpenSSH_9.9p2, OpenSSL 3.4.1 11 Feb 2025
> ...
>> Unable to negotiate with 172.16.35.24 port 22: no matching key exchange method
>> found. Their offer:
>> sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ext-info-s,kex-strict-s-v00 at openssh.com
>> sparc64$
> 
> So that tested compilation but not whether the algorithm in question was
> actually working. If you don't have a 9.9+ host handy, try
> anongit.mindrot.org
> 
> -d

Looks to be working :

sparc64$
sparc64$ which ssh
/opt/bw/bin/ssh
sparc64$


sparc64$
sparc64$ /opt/bw/bin/ssh -v -F none 
-oKEXAlgorithms=mlkem768x25519-sha256 -l anon anongit.mindrot.org
OpenSSH_9.9p2, OpenSSL 3.4.1 11 Feb 2025
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to anongit.mindrot.org [130.102.96.5] port 22.
debug1: Connection established.
debug1: identity file /export/home/dclarke/.ssh/id_rsa type -1
debug1: identity file /export/home/dclarke/.ssh/id_rsa-cert type -1
debug1: identity file /export/home/dclarke/.ssh/id_ecdsa type -1
debug1: identity file /export/home/dclarke/.ssh/id_ecdsa-cert type -1
debug1: identity file /export/home/dclarke/.ssh/id_ecdsa_sk type -1
debug1: identity file /export/home/dclarke/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /export/home/dclarke/.ssh/id_ed25519 type -1
debug1: identity file /export/home/dclarke/.ssh/id_ed25519-cert type -1
debug1: identity file /export/home/dclarke/.ssh/id_ed25519_sk type -1
debug1: identity file /export/home/dclarke/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /export/home/dclarke/.ssh/id_xmss type -1
debug1: identity file /export/home/dclarke/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.9
debug1: compat_banner: match: OpenSSH_9.9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to anongit.mindrot.org:22 as 'anon'
debug1: load_hostkeys: fopen /export/home/dclarke/.ssh/known_hosts2: No 
such file or directory
debug1: load_hostkeys: fopen /opt/bw/etc/ssh_known_hosts: No such file 
or directory
debug1: load_hostkeys: fopen /opt/bw/etc/ssh_known_hosts2: No such file 
or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: mlkem768x25519-sha256
debug1: kex: host key algorithm: ssh-ed25519-cert-v01 at openssh.com
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: 
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: 
<implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host certificate: ssh-ed25519-cert-v01 at openssh.com 
SHA256:43S30LGUkc2f9dDcLZG6O5KPKtPn7Xw2WkR2vCO/nnU, serial 1002 ID 
"haru.mindrot.org" CA ssh-ed25519 
SHA256:HLdf6CO2YbWTHJj2MAJ5x2iGGruFxodFM00N3IiP1x0 valid forever
debug1: load_hostkeys: fopen /export/home/dclarke/.ssh/known_hosts2: No 
such file or directory
debug1: load_hostkeys: fopen /opt/bw/etc/ssh_known_hosts: No such file 
or directory
debug1: load_hostkeys: fopen /opt/bw/etc/ssh_known_hosts2: No such file 
or directory
debug1: No matching CA found. Retry with plain key
debug1: Host 'anongit.mindrot.org' is known and matches the ED25519 host 
key.
debug1: Found key in /export/home/dclarke/.ssh/known_hosts:16
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: Sending SSH2_MSG_EXT_INFO
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: 
server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,rsa-sha2-512,rsa-sha2-256>
debug1: kex_ext_info_check_ver: publickey-hostbound at openssh.com=<0>
debug1: kex_ext_info_check_ver: ping at openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: 
server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,rsa-sha2-512,rsa-sha2-256>
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Will attempt key: /export/home/dclarke/.ssh/id_rsa
debug1: Will attempt key: /export/home/dclarke/.ssh/id_ecdsa
debug1: Will attempt key: /export/home/dclarke/.ssh/id_ecdsa_sk
debug1: Will attempt key: /export/home/dclarke/.ssh/id_ed25519
debug1: Will attempt key: /export/home/dclarke/.ssh/id_ed25519_sk
debug1: Will attempt key: /export/home/dclarke/.ssh/id_xmss
debug1: Trying private key: /export/home/dclarke/.ssh/id_rsa
debug1: Trying private key: /export/home/dclarke/.ssh/id_ecdsa
debug1: Trying private key: /export/home/dclarke/.ssh/id_ecdsa_sk
debug1: Trying private key: /export/home/dclarke/.ssh/id_ed25519
debug1: Trying private key: /export/home/dclarke/.ssh/id_ed25519_sk
debug1: Trying private key: /export/home/dclarke/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
anon at anongit.mindrot.org: Permission denied 
(publickey,keyboard-interactive).
sparc64$


How's that ?

Looking good ?



-- 
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken

More information about the openssh-unix-dev mailing list