openssh-client 6.5 regression bug with certain servers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
portable OpenSSH |
Unknown
|
Unknown
|
|||
openssh (Debian) |
Fix Released
|
Unknown
|
|||
openssh (Fedora) |
Fix Released
|
Undecided
|
|||
openssh (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
Previous working versions of SSH (6.2p2) work fine on certain host machines as follows:
penSSH_6.2p2 Ubuntu-6, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to hostname [IPAddress] port 22.
debug1: Connection established.
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: Checking blacklist file /usr/share/
debug1: Checking blacklist file /etc/ssh/
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_
debug1: expecting SSH2_MSG_
debug1: SSH2_MSG_
debug1: expecting SSH2_MSG_
debug1: Server host key: RSA 24:75:76:
Warning: Permanently added 'hostname,
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_
debug1: SSH2_MSG_
But in 6.5p1 the following bug occurs:
OpenSSH_6.5, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to hostname [IPAddress] port 22.
debug1: Connection established.
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: identity file /home/nelsot08/
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_
debug1: expecting SSH2_MSG_
Connection closed by IPAddress
This is a regression and there are multiple references to this bug occurring previously:
Changed in openssh (Ubuntu): | |
importance: | Undecided → High |
summary: |
- openssh-client 6.5p1 regression bug with certain servers + openssh-client 6.5 (multiple releases) regression bug with certain + servers |
summary: |
- openssh-client 6.5 (multiple releases) regression bug with certain - servers + openssh-client 6.5 regression bug with certain servers |
tags: | added: trusty |
tags: |
added: regression-release removed: trusty |
tags: | added: trusty |
Changed in openssh (Debian): | |
status: | Unknown → New |
Changed in openssh (Debian): | |
status: | New → Fix Released |
Changed in openssh (Fedora): | |
importance: | Unknown → Undecided |
status: | Unknown → Fix Released |
Description of problem: hellman- group-exchange- sha1 from the list of algorithms you can connect just fine.
OpenSSH can no longer connect to Cisco routers/switches using the default settings of KexAlgorithms. If you remove diffie-
Version-Release number of selected component (if applicable): 6.3p1-5. fc20.x86_ 64
openssh-
How reproducible:
Always
Steps to Reproduce:
1. slogin -vvv 10.6.0.14
Actual results: .ssh/config .ssh/config line 38: Applying options for * ctr,3des- cbc] ctr,3des- cbc] ctr,3des- cbc] jcollie/ .ssh/id_ rsa" as a RSA1 public key .ssh/id_ rsa type 1 .ssh/id_ rsa-cert type -1 .ssh/id_ dsa type -1 .ssh/id_ dsa-cert type -1 .ssh/id_ ecdsa type -1 .ssh/id_ ecdsa-cert type -1 jcollie/ .ssh/known_ hosts" .ssh/known_ hosts:807 .ssh/known_ hosts:808 ssh_known_ hosts" nistp256, ecdh-sha2- nistp384, ecdh-sha2- nistp521, diffie- hellman- group-exchange- sha256, diffie- hellman- group-exchange- sha1,diffie- hellman- group14- sha1,diffie- hellman- group1- sha1 ,ssh-rsa, <email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden> ,ecdsa- sha2-nistp256, ecdsa-sha2- nistp384, ecdsa-sha2- nistp521, ssh-dss ,hmac-sha2- ...
$ slogin -vvv 10.6.0.14
OpenSSH_6.3, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/jcollie/
debug1: /home/jcollie/
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 3: Applying options for *
debug3: cipher ok: aes256-ctr [aes256-
debug3: cipher ok: 3des-cbc [aes256-
debug3: ciphers ok: [aes256-
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.6.0.14 [10.6.0.14] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/
debug1: identity file /home/jcollie/
debug1: identity file /home/jcollie/
debug1: identity file /home/jcollie/
debug1: identity file /home/jcollie/
debug1: identity file /home/jcollie/
debug1: identity file /home/jcollie/
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.3
debug1: Remote protocol version 1.99, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "10.6.0.14" from file "/home/
debug3: load_hostkeys: found key type RSA in file /home/jcollie/
debug2: key_type_from_name: unknown key type '1024'
debug3: key_read: missing keytype
debug3: load_hostkeys: found key type RSA1 in file /home/jcollie/
debug3: load_hostkeys: loaded 2 keys
debug3: load_hostkeys: loading entries for host "10.6.0.14" from file "/etc/ssh/
debug3: load_hostkeys: loaded 0 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: <email address hidden>,<email address hidden>,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-
debug2: kex_parse_kexinit: <email address hidden>,<email address hidden>
debug2: kex_parse_kexinit: aes256-ctr,3des-cbc
debug2: kex_parse_kexinit: aes256-ctr,3des-cbc
debug2: kex_parse_kexinit: <email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>