Re: ssh braindamage (protocols, RSA auth)

To: debian-user@lists.debian.org
Subject: Re: ssh braindamage (protocols, RSA auth)
From: Mike McGuire <mjm19@po.cwru.edu>
Date: Mon, 17 Sep 2001 09:21:48 -0400
Message-id: <[🔎] 20010917092148.A1227@spoon>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 3BA5B524.E146C891@mclink.net>
References: <[🔎] 20010914222845.A23213@spoon> <[🔎] 20010914235240.A4847@spoon> <[🔎] 3BA5B524.E146C891@mclink.net>

On Mon, Sep 17, 2001 at 10:32:36AM +0200, Pietro Cagnoni wrote:
> ... 
> 
> i've always been able to solve my ssh problems using sshd -d and ssh -v

doh. yeah, I probably tried that. but now I've poked at it some more.

sshd -d -d -d, all protocols enabled:
not very interesting. just so you know what keys it finds:

debug1: private host key: #0 type 0 RSA1
debug1: private host key: #1 type 1 RSA
debug1: private host key: #2 type 2 DSA

and then ssh -2 -v -v -v:
eh, dumped to logs and ran diff.
< w/ all protocols enabled, > w/ only 2 (only let it see the DSA key)

17c17
< debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
---
> debug1: Remote protocol version 2.0, remote software version OpenSSH_2.9p2
36c36
< debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
---
> debug2: kex_parse_kexinit: ssh-dss
53,54c53,54
< debug1: dh_gen_key: priv key bits set: 122/256
< debug1: bits set: 1016/2049
---
> debug1: dh_gen_key: priv key bits set: 135/256
> debug1: bits set: 995/2049
62c62
< RSA key fingerprint is eb:a9:6b:36:7e:16:33:d7:38:80:48:61:c7:44:4f:e3.
---
> DSA key fingerprint is d0:51:d4:c5:b7:a5:93:de:05:aa:c1:ac:87:c3:a7:7a.

Yes, I actually have to hide the ssh_host_rsa_key to get it to use v2.
Just setting 'Protocol 2' isn't enough, it still falls back to protocol 
1 and finds the RSA key. Even though the debug output shows prot v2.0.

At first I thought the "protocol v1.99" threw it off, but the third case 
with the setting 'Protocol 2' produces this output, among others:

debug1: Remote protocol version 2.0, remote software version OpenSSH_2.9p2
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
RSA key fingerprint is ...

...so now I think that's it. Seems to me to be preferring protocol 1, 
ssh-rsa, if it's available regardless of the 'Protocol' setting. 
Which seems to me to be broken behavior. Which I'd file a bug report 
for, if I wasn't worried that I'm just being an idiot.

eh. Again, any comments? Anybody else trying to figure out why 
protocol 2 won't work? :)

Mike McGuire

Reply to:

Follow-Ups:
- Re: ssh braindamage (protocols, RSA auth) FIXED
  - From: Mike McGuire <mjm19@po.cwru.edu>

References:
- ssh braindamage (protocols, RSA auth)
  - From: Mike McGuire <mjm19@po.cwru.edu>
- Re: ssh braindamage (protocols, RSA auth)
  - From: Mike McGuire <mjm19@po.cwru.edu>
- Re: ssh braindamage (protocols, RSA auth)
  - From: Pietro Cagnoni <pcagnoni@mclink.net>

Prev by Date: Re: upgrade to kernel-2.4.9
Next by Date: Perl problem in Debian Linux?
Previous by thread: Re: ssh braindamage (protocols, RSA auth)
Next by thread: Re: ssh braindamage (protocols, RSA auth) FIXED
Index(es):
- Date
- Thread