297 – sshd version 3.3 incompatible with pre-3.3 clients in ssh1 mode

Bug 297 - sshd version 3.3 incompatible with pre-3.3 clients in ssh1 mode

Summary: sshd version 3.3 incompatible with pre-3.3 clients in ssh1 mode

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	-current
Hardware:	ix86 Linux

Importance:	P2 normal
Assignee:	OpenSSH Bugzilla mailing list

URL:
Keywords:

Depends on:
Blocks:

Reported:	2002-06-26 02:31 AEST by Henrik Stoerner
Modified:	2004-04-14 12:24 AEST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Henrik Stoerner 2002-06-26 02:31:52 AEST

After installing the 3.3p1 release on our webserver, I have received a couple of
reports from users who can no longer login.

It seems to be a problem only when using ssh v1 protocol. The connection is
terminated with a message "Disconnecting: Corrupted check bytes on input."

The output from "ssh -v1" is:
$ ssh -v -1 sslug.dk
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 0 anon 1
debug1: Connecting to sslug.dk [130.228.2.150] port 22.
debug1: temporarily_use_uid: 501/504 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/504 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/tange/.ssh/identity type 0
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.3
debug1: match: OpenSSH_3.3 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.9p2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'sslug.dk' is known and matches the RSA1 host key.
debug1: Found key in /home/tange/.ssh/known_hosts:3
debug1: Encryption type: blowfish
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
Disconnecting: Corrupted check bytes on input.
debug1: Calling cleanup 0x8067590(0x0)

I have an identical report from a user running a 3.1p1 client. However, I cannot
reproduce it myself with neither a 3.3p1 nor a 3.1p1 client.

The logs on the server does not indicate anything unusual.

Server is a heavily patched Red Hat 6.2 installation, running a Linux
2.4.19-pre10 kernel with OpenSSH 3.3p1 (rebuilt from the openssh.com
distribution). UsePrivilegeSeparation is enabled.

Comment 1 Andreas Metzler 2002-06-28 00:15:33 AEST

OpenSSH >= 3 does not work well with openssl 0.9.5, recompile against 0.9.6 and your Problem is gone (Fetch src.rpm from RH7.3, compile and install 
it (--nodeps) temporarily, and rebuild ssh with
%define static_libcrypto 1
reinstall the old ssl Version and the new ssh. Voila!
               cu andreas
PS: http://bugzilla.mindrot.org/show_bug.cgi?id=141

Comment 2 Kevin Steves 2002-07-18 16:30:15 AEST

what are we doing with openssl 0.9.5 issues?

Comment 3 Markus Friedl 2002-07-18 17:43:09 AEST

we should apply the patch from bug#138

http://bugzilla.mindrot.org/showattachment.cgi?attach_id=121

that makes ssh1-bf work with OpenSSL 0.9.5
but recommend >= 0.9.6

we should also disable AES in OpenSSL 0.9.5

Comment 4 Damien Miller 2002-09-10 22:27:11 AEST

blowfish patch has been applied.

What are the problems with AES?

Comment 5 Damien Miller 2003-05-14 22:54:38 AEST

Patch was applied long ago

Comment 6 Damien Miller 2004-04-14 12:24:18 AEST

Mass change of RESOLVED bugs to CLOSED