Openssh-2.3.0p1 protocol 2 problem

SOETE Joël JSO at EUROPAY.COM
Wed Nov 15 20:39:31 EST 2000


Hi all,

I just implemented (compiled from tarball) Openssh-2.3.0p1 on two different
platform: an HP-UX 11.00 (the client) and a Redhat 6.2 (the server).

On server (Linux RH-6.2) side the following compile options are considered:

# CC="egcs" \
> ./configure \
> --prefix=/opt/openssh \
> --sysconfdir=/etc/opt/openssh \
> --with-tcp-wrappers \
> --with-ipv4-default \
> --with-ssl-dir=/opt/openssl \
> --disable-gnome-askpass

OpenSSH configured has been configured with the following options.
                 User binaries: /opt/openssh/bin
                 User binaries: /opt/openssh/bin
               System binaries: /opt/openssh/sbin
           Configuration files: /etc/opt/openssh
               Askpass program: /opt/openssh/libexec/ssh-askpass
                  Manual pages: /opt/openssh/man/manX
                      PID file: /var/run
      Random number collection: Device (/dev/urandom)
                Manpage format: man
                   PAM support: yes
            KerberosIV support: no
                   AFS support: no
                 S/KEY support: no
          TCP Wrappers support: yes
          MD5 password support: no
   IP address in $DISPLAY hack: no
      Use IPv4 by default hack: yes
       Translate v4 in v6 hack: yes

             Host: i586-pc-linux-gnu
         Compiler: egcs
   Compiler flags: -O3 -funroll-loops -ffast-math -malign-double
-mcpu=pentium -march=pentium -fomit-frame-pointer -fforce-mem -fforce-addr
-fno-exceptions -Wall -I. -I. -I/opt/openssl/include
     Linker flags:  -L/opt/openssl/lib -L/opt/openssl
        Libraries: -ldl -lnsl -lz  -lutil -lpam -lcrypto  -lwrap

and the server sshd_config file is:

# This is ssh server systemwide configuration file.

Port 22
Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/opt/openssh/ssh_host_key
ServerKeyBits 1024
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin no
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in
/etc/opt/openssh/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords 
#SkeyAuthentication no
#KbdInteractiveAuthentication yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

CheckMail no
#UseLogin no

# Uncomment if you want to enable sftp
#Subsystem	sftp	/opt/openssh/libexec/sftp-server
#MaxStartups 10:30:60

On client (HP-UX 11.00) the following compile options were foreseen:

./configure --prefix=/opt/openssh \
--sysconfdir=/etc/opt/openssh \
--localstatedir=/var/opt/openssh \
--without-pam --without-shadow \
--with-egd-pool=/etc/egd/entropy \
--with-ssl-dir=/opt/openssl \
--disable-gnome-askpass 

OpenSSH configured has been configured with the following options.
                 User binaries: /opt/openssh/bin
                 User binaries: /opt/openssh/bin
               System binaries: /opt/openssh/sbin
           Configuration files: /etc/opt/openssh
               Askpass program: /opt/openssh/libexec/ssh-askpass
                  Manual pages: /opt/openssh/man/catX
                      PID file: /var/run
      Random number collection: EGD (/etc/egd/entropy)
                Manpage format: cat
                   PAM support: disabled
            KerberosIV support: no
                   AFS support: no
                 S/KEY support: no
          TCP Wrappers support: no
          MD5 password support: no
   IP address in $DISPLAY hack: yes
      Use IPv4 by default hack: no
       Translate v4 in v6 hack: no

             Host: hppa1.1-hp-hpux11.00
         Compiler: gcc
   Compiler flags: -O2 -I/opt/zlib/include -Wall -I. -I. -D_HPUX_SOURCE
-I/opt/openssl/include
     Linker flags: -L/opt/zlib/lib -L/opt/openssl/lib -L/opt/openssl
        Libraries: -lnsl -lz  -lsec -lcrypto 

and the client ssh_config file is:

# This is ssh client systemwide configuration file.  This file provides 
# defaults for users, and the values can be changed in per-user
configuration
# files or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for various options

Host *
    ForwardAgent no
    ForwardX11 no
    RhostsAuthentication no
    RhostsRSAAuthentication no
    RSAAuthentication yes
    PasswordAuthentication yes
    FallBackToRsh no
    UseRsh no
    BatchMode no
    CheckHostIP yes
    StrictHostKeyChecking no
    IdentityFile ~/.ssh/identity
    Port 22
#    Protocol 2,1
    Cipher blowfish
    EscapeChar ~
# Debug Log
    LogLevel	DEBUG

Well everything works fine with protocol 1 but failed with protocol 2.
And here is some debug info:

[client] > ssh -v -2 me at server # being login as user "me"
SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /etc/opt/openssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 375 geteuid 0 anon 1
debug: Connecting to wslin [172.16.250.170] port 22.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1
debug: no match: OpenSSH_2.3.0p1
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.3.0p1
debug: Seeding random number generator
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,r
ijndael128-cbc
,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,r
ijndael128-cbc
,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit:
debug: got kexinit:
debug: first kex follow: 0
debug: reserved: 0
debug: done
debug: kex: server->client blowfish-cbc hmac-sha1 none
debug: kex: client->server blowfish-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
 2f 65 74 63 2f 6f 70 74
Disconnecting: Bad packet length 795178083.
debug: Calling cleanup 0x40009332(0x0)

NOTES: As I change default configuration files I do regenerate server keys
with make host-key-force as well as I generate user ("me") keys after those
changes.

I used openssl-0.9.6 ssl libraries with compile options:
client > ./Configure hpux-parisc-gcc -D_REENTRANT --prefix=/opt/openssl
--openssldir=/etc/opt/openssl
server > ./Configure linux-elf --prefix=/opt/openssl
--openssldir=/etc/opt/openssl no-asm no-shared.

Is somebody as some idea regarding this problem?

Thanks in advance for help,
	Joel

NB: which ftp client could be used with sftp_server?




**********************************************************************
This e-mail and any attachments to it may contain confidential information which is strictly intended for the use of the authorised recipient.  If you have received this e-mail in error, please delete it and notify the sender by replying to this e-mail.
Thank you for your co-operation.
**********************************************************************





More information about the openssh-unix-dev mailing list