[Bug 1526357] Re: Fix broken handling of first_kex_follows clients
Matt Johnston
matt at ucc.asn.au
Tue Dec 15 15:08:12 UTC 2015
** Description changed:
- OpenSSH 6.8 to 7.1 has a regression that breaks connections from clients
- that use SSH first_kex_follows feature. This affects connections from
- the Dropbear SSH client (dbclient), they fail with "bad hostkey
- signature" or similar. It may affect ssh.com clients too.
+ OpenSSH versions between 6.8 and 7.1 inclusive have a regression that
+ breaks connections from clients that use SSH first_kex_follows feature.
+ This affects connections from the Dropbear SSH client (dbclient), they
+ fail with "bad hostkey signature" or similar. It may affect ssh.com
+ clients too.
This has been fixed in upstream in the attached patch, it would be
worthwhile including in Xenial if it's going to ship with the current
OpenSSH 7.1. Upstream change 1.115 http://cvsweb.openbsd.org/cgi-
bin/cvsweb/src/usr.bin/ssh/kex.c
https://bugzilla.mindrot.org/show_bug.cgi?id=2515#c6 Comment 6 is the
upstream bug report (ignore the rest of the bug about new diffie-hellman
algorithms)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1526357
Title:
Fix broken handling of first_kex_follows clients
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1526357/+subscriptions
More information about the Ubuntu-server-bugs
mailing list