netbsd-bugs: Re: lib/32183: can't connect anymore with -current ssh/sshd on amd64

Subject: Re: lib/32183: can't connect anymore with -current ssh/sshd on amd64
To: None <gnats-bugs@netbsd.org, lib-bug-people@netbsd.org,>
From: Christos Zoulas <christos@zoulas.com>
List: netbsd-bugs
Date: 11/28/2005 11:29:49

On Nov 28,  4:17pm, njoly@pasteur.fr (njoly@pasteur.fr) wrote:
-- Subject: lib/32183: can't connect anymore with -current ssh/sshd on amd64

| >Number:         32183
| >Category:       lib
| >Synopsis:       can't connect anymore with -current ssh/sshd on amd64
| >Confidential:   no
| >Severity:       critical
| >Priority:       high
| >Responsible:    lib-bug-people
| >State:          open
| >Class:          sw-bug
| >Submitter-Id:   net
| >Arrival-Date:   Mon Nov 28 16:17:00 +0000 2005
| >Originator:     Nicolas Joly
| >Release:        NetBSD 3.99.12
| >Organization:
| Institut Pasteur, Paris.
| >Environment:
| System: NetBSD lanfeust.sis.pasteur.fr 3.99.12 NetBSD 3.99.12 (LANFEUST) #6: Mon Nov 28 15:35:05 CET 2005 njoly@lanfeust.sis.pasteur.fr:/local/src/NetBSD/obj/amd64/sys/arch/amd64/compile/LANFEUST amd64
| Architecture: x86_64
| Machine: amd64
| >Description:
| With recent openssl update, i can't connect from/to my NetBSD/amd64 box
| anymore. All connections fails with the same message:
| 
| njoly@lanfeust [~]> ssh -v xxx.sis.pasteur.fr
| OpenSSH_4.0 NetBSD_Secure_Shell-20050423, OpenSSL 0.9.8a 11 Oct 2005
| debug1: Reading configuration data /home/njoly/.ssh/config
| debug1: Reading configuration data /etc/ssh/ssh_config
| debug1: Applying options for *
| debug1: Connecting to xxx.sis.pasteur.fr [157.99.60.xxx] port 22.
| debug1: Connection established.
| debug1: identity file /home/njoly/.ssh/identity type -1
| debug1: identity file /home/njoly/.ssh/id_rsa type 1
| debug1: identity file /home/njoly/.ssh/id_dsa type -1
| debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8.1p1
| debug1: match: OpenSSH_3.8.1p1 pat OpenSSH_3.*
| debug1: Enabling compatibility mode for protocol 2.0
| debug1: Local version string SSH-2.0-OpenSSH_4.0 NetBSD_Secure_Shell-20050423
| debug1: SSH2_MSG_KEXINIT sent
| debug1: SSH2_MSG_KEXINIT received
| debug1: kex: server->client aes128-cbc hmac-md5 none
| debug1: kex: client->server aes128-cbc hmac-md5 none
| debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
| debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
| debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
| debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
| debug1: Host 'xxx.sis.pasteur.fr' is known and matches the RSA host key.
| debug1: Found key in /home/njoly/.ssh/known_hosts:15
| RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
| debug1: ssh_rsa_verify: signature incorrect
| key_verify failed for server_host_key
| 
| I checked that all `openssl speed' tests pass correctly ... It worked
| perfectly before recent openssl update.
| 
| >How-To-Repeat:
| Try to connect from or to a -current NetBSD/amd64 box using ssh.
| >Fix:
| Don't know.

Does make regress in /usr/src/lib/libcrypto pass?

christos