Bug 132 - connects to 1.2.2? vintage sshd sometimes gets "Server lies" about host key size off by 1 bit
Summary: connects to 1.2.2? vintage sshd sometimes gets "Server lies" about host key s...
Status: CLOSED WONTFIX
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: -current
Hardware: All Other
: P2 normal
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-03-02 02:27 AEDT by Dave Dykstra
Modified: 2004-04-14 12:24 AEST (History)
1 user (show)

See Also:

Attachments
Patch against CVS of March 1, 2003 (1.90 KB, patch)
2002-03-02 02:29 AEDT, Dave Dykstra 		no flags Details | Diff
New patch changing server lies log()s to verbose()s (2.59 KB, patch)
2002-03-05 03:35 AEDT, Dave Dykstra 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dave Dykstra 2002-03-02 02:27:49 AEDT 
sshd versions 1.2.20+ sometimes lies about the host key size by one bit and the
OpenSSH ssh client reports a message like
  Warning: Server lies about size of server host key: actual size is 1023 bits
vs. announced 1024.
I've only observed it to report even numbers and have an actual size of one
less.
Similarly, ssh clients of the same vintage require reported sizes that are even
numbers which can be a problem if one of old host keys that are actually one bit
off are moved forward from the old SSH to OpenSSH.  I will attach a patch.
Comment 1 Dave Dykstra 2002-03-02 02:29:15 AEDT 
Created attachment 30 [details]
Patch against CVS of March 1, 2003
Comment 2 Markus Friedl 2002-03-02 08:08:23 AEDT 
what is this for? the warning is in ssh intentionally.

the error has nothing to do with the software version
of the server, it's a problem with the key.
Comment 3 Dave Dykstra 2002-03-02 08:44:59 AEDT 
Since this is a normal case, I don't think the warning belongs
there in the client.  I have many users who have no control
over what the remote end is, and the warning will mess up their
scripts.  On the server side, it would be unacceptable to 
regenerate SSH1 host keys when I upgrade from old SSH to OpenSSH,
and some of those old keys are an odd size and the old SSH client
chokes on them if we don't round them up to an even number like
the old SSH server did.  Compat.c already simulates many old bugs
so I don't think one more would hurt.
Comment 4 Markus Friedl 2002-03-02 10:06:10 AEDT 
but the warning is for the case you try to disable.

and it does not depend on a specific versions of the sshd.

another option would be: change the log() to verbose()
so it's not in the default
Comment 5 Dave Dykstra 2002-03-05 03:33:21 AEDT 
That would be fine with me to have it be only in verbose mode.

However, SSH_BUG_SERVERLIESSIZE is still needed because the old
clients require key sizes to be reported as an even number of
bits, and we wouldn't want to emulate that bug for newer clients.
You say that it doesn't depend on the version of sshd and I assume
that extends to the ssh client, but I think it's fair to only 
accommodate the clients known to be picky and which are still
pretty commonly found.

I will attach a new suggested patch.  I have added a comment
explaining the known scenario which the warning is for so people
who look will know that it is intentionally for this case.
Comment 6 Dave Dykstra 2002-03-05 03:35:08 AEDT 
Created attachment 31 [details]
New patch changing server lies log()s to verbose()s
Comment 7 Kevin Steves 2002-03-31 05:46:48 AEST 
assign to markus
Comment 8 Ben Lindstrom 2002-04-06 14:35:38 AEST 
*** Bug 34 has been marked as a duplicate of this bug. ***
Comment 9 Markus Friedl 2003-01-26 22:46:56 AEDT 
it's unlikely that this gets changed in the near future. these
keys are IMHO broken.
Comment 10 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED