SSH incompatibility issue ?

From: Dave Lewis (dave_at_dsl-co.com)
Date: 07/29/03

  • Next message: Dan Gapinski: "Re: Keyboard-interactive authentication refused?"
    Date: Tue, 29 Jul 2003 07:40:45 -0400
    To: secureshell@securityfocus.com
    
    

    Hey,

    I've got a rather odd issue that I'm hoping you have seen before and you
    can straighten out..

    I have a solaris 2.6 box running OpenSSH_3.6.1p1, SSH protocols 1.5/2.0,
    OpenSSL 0x0090702f
    (openssl 0.9.7b) and I'm trying to connect to an existing solaris box
    running SSH-1.4-1.2.14
    using ssh1..

    I'll work no problem for a while and then my users will start getting

    Warning: Server lies about size of server public key: actual size is 1151
    bits vs. announced 1152.
    Warning: This may be due to an old implementation of ssh.
    respond_to_rsa_challenge: server_key 1151 < host_key 1024 +
    SSH_KEY_BITS_RESERVED 128

    And it stops working..

    Unfortunately I have no control over the other box so I can't make any
    changes to it but I can do
    whatever I want on the one running openssh/openssl. Is there anyway I can
    stop this from
    happening and can anyone explain why this keeps happening ?
    I fixed it once by deleting my host keys and recreating them.. but I don't
    see how that could
    fix it so maybe it was just a fluke..

    below is a -v connection so you can see what's happening..

    server1% ssh -v dlewis@server2
    OpenSSH_3.6.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090702f
    debug1: Reading configuration data /usr/local/etc/ssh_config
    debug1: Rhosts Authentication disabled, originating port will not be
    trusted.
    debug1: Connecting to server2 [10.10.10.10] port 22.
    debug1: Connection established.
    debug1: identity file /opt/home/reach/.ssh/identity type -1
    debug1: identity file /opt/home/reach/.ssh/id_rsa type -1
    debug1: identity file /opt/home/reach/.ssh/id_dsa type -1
    debug1: Remote protocol version 1.4, remote software version 1.2.14
    debug1: match: 1.2.14 pat 1.2.1*,1.2.2*,1.2.3*
    debug1: Enabling compatibility mode for protocol 1.3
    debug1: Local version string SSH-1.3-OpenSSH_3.6.1p1
    debug1: Waiting for server public key.
    Warning: Server lies about size of server public key: actual size is
    1151 bits vs. announced 1152.
    Warning: This may be due to an old implementation of ssh.
    debug1: Received server public key (1151 bits) and host key (1024 bits).
    debug1: Host 'server2' is known and matches the RSA1 host key.
    debug1: Found key in /opt/home/reach/.ssh/known_hosts:1
    respond_to_rsa_challenge: server_key 1151 < host_key 1024 +
    SSH_KEY_BITS_RESERVED 128
    debug1: Calling cleanup 0x2cae4(0x0)
    server1%

    Thanks in advance for any help you can provide.

    Dave


  • Next message: Dan Gapinski: "Re: Keyboard-interactive authentication refused?"