As a first step I tried to make sure this actually is a change in openssh.
Because my reading of the issues referred above has shown that not all of the verification is done inside ssh but partially in glibc.
So I upgraded on the bionic test system step by step.
The upgrade dependency list for openssh-client is "libc-bin libc6 libgssapi-krb5-2 libkrb5-3 libkrb5support0 locales"
I found that the bug is reproducible with openssh-client 1:7.6p1-4ubuntu0.3 running against the newer glibc.
I can switch in/out the reported bug be switching on a Bionic system between glibc
2.27-3ubuntu1.2 - Bionic - Good
2.31-0ubuntu9.1 - Focal - Bad
As a first step I tried to make sure this actually is a change in openssh.
Because my reading of the issues referred above has shown that not all of the verification is done inside ssh but partially in glibc.
So I upgraded on the bionic test system step by step.
The upgrade dependency list for openssh-client is "libc-bin libc6 libgssapi-krb5-2 libkrb5-3 libkrb5support0 locales"
I found that the bug is reproducible with openssh-client 1:7.6p1-4ubuntu0.3 running against the newer glibc.
I can switch in/out the reported bug be switching on a Bionic system between glibc
2.27-3ubuntu1.2 - Bionic - Good
2.31-0ubuntu9.1 - Focal - Bad