touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #93478
[Bug 1287222] Re: openssh-client 6.5 regression bug with certain servers
This was fixed upstream according to the changelog.
http://www.openssh.com/txt/release-6.9:
* ssh(1), sshd(8): cap DH-GEX group size at 4Kbits for Cisco
implementations as some would fail when attempting to use group
sizes >4K; bz#2209
HTH,
Simon
** Bug watch added: OpenSSH Portable Bugzilla #2209
https://bugzilla.mindrot.org/show_bug.cgi?id=2209
** Also affects: openssh via
https://bugzilla.mindrot.org/show_bug.cgi?id=2209
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1287222
Title:
openssh-client 6.5 regression bug with certain servers
Status in portable OpenSSH:
Unknown
Status in openssh package in Ubuntu:
Confirmed
Status in openssh package in Debian:
New
Status in openssh package in Fedora:
Unknown
Bug description:
Previous working versions of SSH (6.2p2) work fine on certain host
machines as follows:
penSSH_6.2p2 Ubuntu-6, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to hostname [IPAddress] port 22.
debug1: Connection established.
debug1: identity file /home/nelsot08/.ssh/identity type -1
debug1: identity file /home/nelsot08/.ssh/identity-cert type -1
debug1: identity file /home/nelsot08/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/nelsot08/.ssh/id_rsa-cert type -1
debug1: identity file /home/nelsot08/.ssh/id_dsa type -1
debug1: identity file /home/nelsot08/.ssh/id_dsa-cert type -1
debug1: identity file /home/nelsot08/.ssh/id_ecdsa type -1
debug1: identity file /home/nelsot08/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 24:75:76:a1:80:0e:6c:4e:a8:c4:a6:a9:d3:34:98:18
Warning: Permanently added 'hostname,IPAddress' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
But in 6.5p1 the following bug occurs:
OpenSSH_6.5, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to hostname [IPAddress] port 22.
debug1: Connection established.
debug1: identity file /home/nelsot08/.ssh/identity type -1
debug1: identity file /home/nelsot08/.ssh/identity-cert type -1
debug1: identity file /home/nelsot08/.ssh/id_rsa type 1
debug1: identity file /home/nelsot08/.ssh/id_rsa-cert type -1
debug1: identity file /home/nelsot08/.ssh/id_dsa type -1
debug1: identity file /home/nelsot08/.ssh/id_dsa-cert type -1
debug1: identity file /home/nelsot08/.ssh/id_ecdsa type -1
debug1: identity file /home/nelsot08/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/nelsot08/.ssh/id_ed25519 type -1
debug1: identity file /home/nelsot08/.ssh/id_ed25519-cert type -1
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.5p1 Ubuntu-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by IPAddress
This is a regression and there are multiple references to this bug occurring previously:
http://www.held.org.il/blog/2011/05/the-myterious-case-of-broken-ssh-
client-connection-reset-by-peer/
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1287222/+subscriptions