Re: bin/53670: openssl/openssh compat broken

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,martin%NetBSD.org@localhost
Subject: Re: bin/53670: openssl/openssh compat broken
From: Martin Husemann <martin%duskware.de@localhost>
Date: Mon, 15 Oct 2018 08:50:01 +0000 (UTC)

The following reply was made to PR bin/53670; it has been noted by GNATS.

From: Martin Husemann <martin%duskware.de@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/53670: openssl/openssh compat broken
Date: Mon, 15 Oct 2018 10:46:15 +0200

 Adding -o HostKeyAlgorithms=ssh-rsa makes the connection work.
 So:

 debug1: kex: algorithm: curve25519-sha256%libssh.org@localhost
 debug1: kex: host key algorithm: ssh-rsa
 debug1: REQUESTED ENC.NAME is 'chacha20-poly1305%openssh.com@localhost'
 debug1: kex: server->client cipher: chacha20-poly1305%openssh.com@localhost MAC: <implicit> compression: none
 debug1: REQUESTED ENC.NAME is 'chacha20-poly1305%openssh.com@localhost'
 debug1: kex: client->server cipher: chacha20-poly1305%openssh.com@localhost MAC: <implicit> compression: none
 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
 debug1: Server host key: ssh-rsa SHA256:NaSg1AiUlL5WWOjnfjKzWtaYWwbQ/XITJWbm0JrnTYY

 This all seems to also depend on details in .ssh/known_hosts - if there is no
 entry, it will fail if not restricted with an option like above, but if there
 is a proper ssh-rsa entry, it will just use that, so afterwards it works
 without any options.

 Martin

Prev by Date: Re: bin/53670: openssl/openssh compat broken
Next by Date: Re: kern/53666: tcpdump for i386 does not work with COMPAT_NETBSD32 on amd64
Previous by Thread: Re: bin/53670: openssl/openssh compat broken
Next by Thread: Re: bin/53670: openssl/openssh compat broken
Indexes:

Home | Main Index | Thread Index | Old Index