Re: OpenSSH 6.6.x sends invalid SSH_MSG_USERAUTH_INFO_REQUEST

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Peter Gutmann wrote:
> Darren Tucker <dtucker@xxxxxxxxxx> writes:
>
>> That's a vendor-modified version of OpenSSH.  Assuming it corresponds to
>> what's in FreeBSD head, there's about a thousand lines of changes. 
> Ugh.
>
>> Can you reproduce the problem with an unmodified version from openssh.com?
>> Failing that, can you get the server-side debug output from a failing
>> connection (ie /path/to/sshd -ddd)?
> I've cc'd this to the person who reported it in case he can shed more light on
> the specifics, in the meantime here's the level 3 debug output that he
> provided me with (this was previously posted to a public mailing list so I'm
> assuming it's not sensitive):

The problem was originally reported via IRC against "a couple different
Linux distros", and I found I could reproduce with my FreeBSD 11 box so
I added a local patch to work around it, sent it to the reporter who
confirmed that it solved his issue.  I can try to find out the specific
distros, though I suspect they have vendor patches as well.

His system also had all the CBC ciphers disabled by default, including
the mandatory 3des-cbc and recommended aes128-cbc, so I suspect a
reaction to some padding oracle attack (I don't really keep up) was
involved on his systems.  It seems that Cryptlib only does CBC, so I had
to walk him through re-enabling those.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux