current-users: anyone else having problems with OpenSSH-3.6.1 and SSH-3.2.x?

Subject: anyone else having problems with OpenSSH-3.6.1 and SSH-3.2.x?
To: NetBSD-current Discussion List <current-users@NetBSD.ORG>
From: Greg A. Woods <woods@weird.com>
List: current-users
Date: 05/04/2003 15:21:25
I can't get a working connection between SSH Secure Shell 3.2.2 and:

OpenSSH_3.6.1 NetBSD_Secure_Shell-20030403, SSH protocols 1.5/2.0, OpenSSL 0x0090607f

The debug output on the SSH-3.2.2 end says:

14:40 [69] $ slogin -v current-host
debug: SshAppCommon/sshappcommon.c:138/ssh_app_get_global_regex_context: Allocating global SshRegex context.
debug: SshConfig/sshconfig.c:2797/ssh2_parse_config_ext: Metaconfig parsing stopped at line 3.
debug: SshConfig/sshconfig.c:2704/ssh2_parse_config_ext: Unable to open /home/proven/woods/.ssh2/ssh2_config
debug: Connecting to current-host, port 22... (SOCKS not used)
debug: Ssh2/ssh2.c:2298/main: Entering event loop.
debug: Ssh2Client/sshclient.c:1421/ssh_client_wrap: Creating transport protocol.
debug: SshAuthMethodClient/sshauthmethodc.c:85/ssh_client_authentication_initialize: Added "hostbased" to usable methods.
debug: SshAuthMethodClient/sshauthmethodc.c:85/ssh_client_authentication_initialize: Added "publickey" to usable methods.
debug: SshAuthMethodClient/sshauthmethodc.c:85/ssh_client_authentication_initialize: Added "keyboard-interactive" to usable methods.
debug: SshAuthMethodClient/sshauthmethodc.c:85/ssh_client_authentication_initialize: Added "password" to usable methods.
debug: Ssh2Client/sshclient.c:1462/ssh_client_wrap: Creating userauth protocol.
debug: client supports 4 auth methods: 'hostbased,publickey,keyboard-interactive,password'
debug: Ssh2Common/sshcommon.c:530/ssh_common_wrap: local ip = 204.92.254.15, local port = 63527
debug: Ssh2Common/sshcommon.c:532/ssh_common_wrap: remote ip = 204.92.254.138, remote port = 22
debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...
debug: SshReadLine/sshreadline.c:2414/ssh_readline_eloop_initialize: Initializing ReadLine...
debug: Remote version: SSH-1.99-OpenSSH_3.6.1 NetBSD_Secure_Shell-20030403
debug: OpenSSH: Major: 3 Minor: 6 Revision: 1
debug: Ssh2Transport/trcommon.c:1518/ssh_tr_input_version: All versions of OpenSSH handle kex guesses incorrectly.
debug: Ssh2Transport/trcommon.c:1901/ssh_tr_negotiate: lang s to c: `', lang c to s: `'
debug: Ssh2Transport/trcommon.c:1967/ssh_tr_negotiate: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1970/ssh_tr_negotiate: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Remote host key found from database.
debug: Ssh2Common/sshcommon.c:331/ssh_common_special: Received SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:381/ssh_common_special: Received SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: server offers auth methods 'publickey,password,keyboard-interactive'.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1591/ssh_client_auth_pubkey_add_file_keys: adding keyfile "/home/proven/woods/.ssh2/id_dsa_1024_a" to candidates
debug: server offers auth methods 'publickey,password,keyboard-interactive'.
debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method 'publickey' disabled.
debug: server offers auth methods 'publickey,password,keyboard-interactive'.
debug: server offers auth methods 'publickey,password,keyboard-interactive'.
debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting password query...
woods@current-host's password: 
debug: Ssh2Common/sshcommon.c:299/ssh_common_special: Received SSH_CROSS_AUTHENTICATED packet from connection protocol.
debug: SshReadLine/sshreadline.c:2472/ssh_readline_eloop_uninitialize: Uninitializing ReadLine...
debug: Authentication successful.

debug: Ssh2Common/sshcommon.c:840/ssh_common_new_channel: num_channels now 1
debug: Ssh2Common/sshcommon.c:168/ssh_common_disconnect: DISCONNECT received: Corrupted MAC on input.
debug: Ssh2/ssh2.c:168/client_disconnect: locally_generated = FALSE
Disconnected; protocol error (Corrupted MAC on input.).
debug: Ssh2Client/sshclient.c:1497/ssh_client_destroy: Destroying client.
debug: SshConnection/sshconn.c:1997/ssh_conn_destroy: Destroying SshConn object.
debug: Ssh2Common/sshcommon.c:807/ssh_common_destroy_channel: num_channels now 0
debug: Got session close with exit_status=0
debug: destroying client struct...
Connection to current-host closed.
debug: Ssh2Client/sshclient.c:1565/ssh_client_destroy_finalize: Destroying client completed.
debug: SshAuthMethodClient/sshauthmethodc.c:89/ssh_client_authentication_uninitialize: Destroying authentication method array.
debug: SshAppCommon/sshappcommon.c:151/ssh_app_free_global_regex_context: Freeing global SshRegex context.


The other end, started with -ddd, just says (beginning with the
successful authentication):

Accepted password for woods from 204.92.254.15 port 62098 ssh2
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_send_keystate: Sending new keys: 0x8098500 0x80984c0
debug3: mm_request_receive_expect entering: type 24
debug3: mm_newkeys_to_blob: converting 0x8098500
debug3: mm_request_receive entering
debug3: mm_newkeys_to_blob: converting 0x80984c0
debug3: mm_send_keystate: New keys have been sent
debug3: mm_send_keystate: Sending compression state
debug3: mm_request_send entering: type 24
debug3: mm_newkeys_from_blob: 0x8095900(123)
debug3: mm_send_keystate: Finished sending state
debug2: mac_init: found hmac-sha1
debug3: mm_get_keystate: Waiting for second key
debug3: mm_newkeys_from_blob: 0x8095900(123)
debug2: mac_init: found hmac-sha1
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug2: User child is on pid 3872
debug2: set_newkeys: mode 0
debug3: mm_request_receive entering
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug1: fd 5 setting O_NONBLOCK
debug1: fd 9 setting O_NONBLOCK
debug1: server_init_dispatch_20
Disconnecting: Corrupted MAC on input.
debug1: Calling cleanup 0x8067f38(0x0)


Sounds a bit like shades of the HMAC bug from SSH-2.x days.....

I don't have any problem with OpenSSH-3.5p1 on NetBSD (or FreeBSD) though.

I don't know of any non-NetBSD host running OpenSSH-3.6.1 that I have
access to to test on, so I'm unsure whether this is a NetBSD problem or
a generic OpenSSh problem....  However I can successfully connect to the
OpenBSD CVS server with anonymous SSH authentication and it appears to
be using the same cipher negotiations of "aes128-cbc, mac hmac-sha1,
compression none", and that's what's making me think this is a
NetBSD-specific problem.

I haven't yet tried SSH-3.2.3, but that may be next....

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>