"Host key did not match signature" error during rekey

Hi

I am trying to implement rekey functionality for a ssh proxy
application which maintains Ssh sessions. The particular scenario that
concerns this question is where the proxy acts as a server to an ssh
client. I get the above error when the SSH_MSG_KEXDH_REPLY is sent to
the client. In all liklihood, i'm doing something wrong while
processing the SSH_MSG_KEXDH_INIT and generating the
SSH_MSG_KEXDH_REPLY, but I can't figure out what. The spec (RFC 4253
Section 9) says that the re-exchange is performed identically to the
first key exchange except the session identifier is reused which I
interpret to mean that the hash H is to be calculated only the first
time and reused afterwards. This is the steps I follow:

H has been generated for the first time as shown in RFC 4253 section 8
pg 23.

receive rekey SSH_MSG_KEXDH_INIT
extract mpint e (as per RFC 4253 section 8 for SSH_MSG_KEXDH_INIT)
save exchange hash H
generate new keys (incoming and outgoing encryption keys, mac keys)
extract mpint f (as required in RFC 4253 section 8 for
SSH_MSG_KEXDH_REPLY)
generate shared secret
generate signature of H
create SSH_MSG_KEXDH_REPLY from server hostkey, mpint f and signature
of F


So basically, I save H and recalculate everything. Note even though H
is the old one, signature of H will be different as the new signature
is obtained using the newly generated keypair. Also note that these
steps are pretty much exactly whats done for a new session which work
perfectly - the only different thing I do for rekey is reuse the H.

The error "Host key did not match signature" basically seems to
indicate that there was a mismatch in either key generation or
signature generation. I hope someone familiar with key implementations
can point out what I am doing wrong here. Would also appreciate
pointers as to what I should look for to pinpoint the error.

I can send detailed traces of the message bytestreams if required
(including putty client log).

Thanks in advance,
CV

.

Relevant Pages

  • Re: ssh behaviour: unexpectedly being logged out
    ... Sorry for the mix up of the message text with my signature, ... I am trying ssh to connect to my university: ... $> ssh -X -f username@univ.edu xterm ... I am able to connect okay when I am in Fedora. ...
    (Debian-User)
  • Re: a lot of talk about nothing
    ... "Rarely does anyone scream out what their signature ... If they discover one, it's only gonna last for an hour or ... A true contolled shooter will have the same signature number, session ...
    (rec.gambling.craps)
  • Signatures keep resetting to none
    ... Outlook 2003/TS 2003 Roaming profiles are used ... Users are reporting every once in a while when they log into their session ... under that option and use your old signature, it resets itself for some odd ...
    (microsoft.public.outlook.general)
  • Re: Signatures keep resetting to none
    ... > Users are reporting every once in a while when they log into their session ... > they notice that their Signature is set back to none, ... Use Outlook Profiler for something that important. ...
    (microsoft.public.outlook.general)
  • Re: a lot of talk about nothing
    ... "A true contolled shooter will have the same signature number, session ... Prev by Date: ...
    (rec.gambling.craps)