SSH incompatibility issue ?

From: Dave Lewis (dave_at_dsl-co.com)
Date: 07/29/03

  • Next message: Dan Gapinski: "Re: Keyboard-interactive authentication refused?"
    Date: Tue, 29 Jul 2003 07:40:45 -0400
    To: secureshell@securityfocus.com
    
    

    Hey,

    I've got a rather odd issue that I'm hoping you have seen before and you
    can straighten out..

    I have a solaris 2.6 box running OpenSSH_3.6.1p1, SSH protocols 1.5/2.0,
    OpenSSL 0x0090702f
    (openssl 0.9.7b) and I'm trying to connect to an existing solaris box
    running SSH-1.4-1.2.14
    using ssh1..

    I'll work no problem for a while and then my users will start getting

    Warning: Server lies about size of server public key: actual size is 1151
    bits vs. announced 1152.
    Warning: This may be due to an old implementation of ssh.
    respond_to_rsa_challenge: server_key 1151 < host_key 1024 +
    SSH_KEY_BITS_RESERVED 128

    And it stops working..

    Unfortunately I have no control over the other box so I can't make any
    changes to it but I can do
    whatever I want on the one running openssh/openssl. Is there anyway I can
    stop this from
    happening and can anyone explain why this keeps happening ?
    I fixed it once by deleting my host keys and recreating them.. but I don't
    see how that could
    fix it so maybe it was just a fluke..

    below is a -v connection so you can see what's happening..

    server1% ssh -v dlewis@server2
    OpenSSH_3.6.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090702f
    debug1: Reading configuration data /usr/local/etc/ssh_config
    debug1: Rhosts Authentication disabled, originating port will not be
    trusted.
    debug1: Connecting to server2 [10.10.10.10] port 22.
    debug1: Connection established.
    debug1: identity file /opt/home/reach/.ssh/identity type -1
    debug1: identity file /opt/home/reach/.ssh/id_rsa type -1
    debug1: identity file /opt/home/reach/.ssh/id_dsa type -1
    debug1: Remote protocol version 1.4, remote software version 1.2.14
    debug1: match: 1.2.14 pat 1.2.1*,1.2.2*,1.2.3*
    debug1: Enabling compatibility mode for protocol 1.3
    debug1: Local version string SSH-1.3-OpenSSH_3.6.1p1
    debug1: Waiting for server public key.
    Warning: Server lies about size of server public key: actual size is
    1151 bits vs. announced 1152.
    Warning: This may be due to an old implementation of ssh.
    debug1: Received server public key (1151 bits) and host key (1024 bits).
    debug1: Host 'server2' is known and matches the RSA1 host key.
    debug1: Found key in /opt/home/reach/.ssh/known_hosts:1
    respond_to_rsa_challenge: server_key 1151 < host_key 1024 +
    SSH_KEY_BITS_RESERVED 128
    debug1: Calling cleanup 0x2cae4(0x0)
    server1%

    Thanks in advance for any help you can provide.

    Dave


  • Next message: Dan Gapinski: "Re: Keyboard-interactive authentication refused?"

    Relevant Pages

    • Re: port forwarding without the shell
      ... debug1: Connection established. ... Received server public key and host key. ... Trying RSA authentication with key '/home/andrius/.ssh/identity' ...
      (SSH)
    • Odd Openssh Error: buffer_get_int: buffer error
      ... I belive the connecting system is also using Openssl ... the one that can't login (we'll call it ... debug1: Host 'serving.host' is known and matches the RSA host key ... Only protocol 2 key ssh login is enabled on this host (here called ...
      (comp.security.ssh)
    • sshd core dump
      ... I've compiled successfully new versions of zlib, openssl and openssh. ... debug1: read PEM private key done: type RSA ... Server listening on:: port 12322. ...
      (comp.security.ssh)
    • Empty Windows
      ... I've got OpenSSH_4.2p1 with OpenSSL 0.9.7i and Xorg-6.8.2 running and am connecting to a host running OpenSSH_3.6.1p2 with OpenSSL 0.9.6 an XFree-4.3.0. ... debug1: confirm x11 ...
      (SSH)
    • Re: openssh-3.1p1 will not compile on slackware 7.1 system
      ... I applied the mindrot patch and got OpenSSH to compile on my Red Hat ... The mindrot patch is included in the current Red Hat SRPM for OpenSSH ... debug1: Rhosts Authentication disabled, originating port will not be trusted. ... Received server public key and host key. ...
      (comp.security.ssh)