From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.7) Gecko/20011226 Description of problem: connecting to or from 1.x version of openssh fails with Disconnecting: Corrupted check bytes on input Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.ssh from v1.x openssh client to new 3.1p1-1 server 2.or ssh to a v1.x server from a v3.1p1-1 server 3. Actual Results: (with -v). ... stuff deleted here debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: Installing crc compensation attack detector. Disconnecting: Corrupted check bytes on input. debug1: Calling cleanup 0x8061038(0x0) ... end Expected Results: It should have connected and authenticated further. Additional info: It happens with the RPM's for 7.2, 7.1, 7.0 (and my back ported 6.2) RPMs. Need to test if this is a packaging problem, or an OpenSSH bug. Haven't tested other non-x86 platform yet, will do when I get my alpha booted up.
Ok. Ill take that back.. it seems to ONLY be happening in my 6.2 back port of the Redhat SRPMS.. Wierd.. Damn these old 6.2 sites I have to support.. Something very strange going on here though.. Heres the 6.2 binary connecting to a 1.x server.. ... stuff deleted ... debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: cipher_init: set keylen (16 -> 32) debug1: cipher_init: set keylen (16 -> 32) debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. ... deleted... and heres a 7.1 client talking to the 1.x server.. ... stuff deleted ... debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: Installing crc compensation attack detector. Disconnecting: Corrupted check bytes on input. debug1: Calling cleanup 0x8061038(0x0) .. end .. It seems to not be setting that key len.. Notes here.. running RH 6.2 all errata installed and openssl-0.9.6-9 back-ported. Any ideas?
sorry.. last examples are around the wrong way..
Ok. I think I have gotten to the bottom of this now. It seems the openssl095a patch that is turned on when you set the RH 6.x open in the spec file removes some code that seems to be important for openssh 3.xx. I removed this patch, and used openssl-0.9.6-9 (same as you have done for RH 7.1, with the openssl095a rpm to link for older stuff).. And that fixed it fine. Redhat have not maintained OpenSSH for RH 6.2, as it never origionally came with 6.2, however, there are a LOT of sites out there using 6.2 and using OpenSSH.. a 6.2-crypto channel in RHN would be REALLY nice.
Can you please give a little more detail's about what you did to fix this problem. I did not quite understand the last comment. I have the excact same problem as you have described. Thanks, Anders Hermansen
No problem, I've put my RPM's of openssl, and openssh (including SRPMS) here. http://www.linuxhelp.com.au/downloads/openssh/6.2/ The openssl rpm's have an openssl095a rpm this is required to keep the dependancies of existing SSL applications. You will need to use --upgrade on them as one.. Ie/ rpm --upgrade openssl-0.9.6-9.i386.rpm openssl095a-0.9.5a-9.i386.rpm This is to satisfy the dependancy tree. Please grab the SRPMS and compile them yourself if you have the time/knowhow. As for what I did.. I back ported openssl-0.9.6-9 and openssl095a-0.9.5a from the RH 7.1 errata. Then in the spec file of openssh-3.1p1-1, I commented out patch 9 titled "openssl095a", and rebuilt. Anthony
That did the trick! Thanks!
Thank you! I have to support a lot of RHs 6.2 on Sparc platform (there is no official RH >6.2 for this platform). See my bug 61146. I'll try your patches ASAP. However, there is newer openssh-3.1p1-2 on RawHide. P.S. The "standart way" to mark back-ported SRPMS to specific RH version is to give them extension: like openssh-3.1p1-2.6.2.src.rpm or openssh-3.1p1- 2.6.x.src.rpm . Try http://www.rpmfind.net/
This is not supported by Red Hat.