Bug 34797
| Summary: | linux openssh-2.5.2p2-1.7 can't connect to solaris openssh-2.5.1p1 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Ben Herrick <intrep> | ||||
| Component: | openssh | Assignee: | Nalin Dahyabhai <nalin> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | |||||
| Severity: | high | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 7.1 | CC: | pekkas | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | i386 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2001-04-18 17:42:01 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Ben Herrick
2001-04-05 02:18:13 UTC
This bug also surfaces with a HPUX version of openssh-2.5.1p1 When trying to connect from a RH7 box to the HPUX box the same thing happens. tail from ssh -v -v -v user@HPUX debug1: bits set: 1051/2049 debug1: len 55 datafellows 4096 debug1: ssh_dss_verify: signature correct debug1: Wait SSH2_MSG_NEWKEYS. debug1: GOT SSH2_MSG_NEWKEYS. debug1: send SSH2_MSG_NEWKEYS. debug1: done: send SSH2_MSG_NEWKEYS. debug1: done: KEX2. debug1: send SSH2_MSG_SERVICE_REQUEST Received disconnect from 129.125.21.5: 2: Bad packet length 2122562889. debug1: Calling cleanup 0x80615d0(0x0) Interim solution is to use: ssh -1 user@HPUX if the host hasn't disabled the ssh 1 protocol. This caused by buggy aes/rijndael implementation in openssh < 2.5.2p2.
There was a patch for this (aes-compat.diff), but unfortunately, it does not
work.
If you apply the patch:
20010330
- (djm) OpenBSD CVS Sync
- stevesk.org 2001/03/29 21:06:21
[sshconnect2.c sshd.c]
need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
It will work; I tried this by grabbing:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshconnect2.c.diff?r1=1.59&r2=1.60
and ignoring the first reject.
Note: you can also get around the problem by defining Ciphers statically, e.g., in ssh_config: Ciphers blowfish-cbc,arcfour No problems then. There are new packages on sunfreeware: ftp://ftp.sunfreeware.com/pub/freeware/sparc/8/openssh-2.5.2p2-sol8-sparc-local.gz These are not listed on the main sunfreeware web page, but they are up on the ftp site. I have tested with these new packages and the latest RPM updates for Redhat 7.0 (openssh-2.5.2p2-1.7.2.i386.rpm). Everything appears to be working smoothly. Hope this helps someone out there! I think this bug should probably be closed, but will leave it up to the ASSIGNED contact. Thanks! Created attachment 15364 [details]
This problem is fixed by this additional patch
*** Bug 36298 has been marked as a duplicate of this bug. *** The compatibility mode is fixed in Rawhide openssh-2.9p1-1. The same problem shows up when conntecting to a box running AIX 4 and OpenSSH_2.3.0p1. Could you (RH) please issue errata packages for 7.1. There were security problems found (you could delete other people's 'cookies' file due to X11 forwarding) lately, so this is probably going to happen, I think. |