Re: "Host key did not match signature" error during rekey
- From: Ben Harris <bjharris@xxxxxxxxxxxxxxxxxxxxxx>
- Date: 28 Sep 2007 23:07:33 +0100 (BST)
In article <1190992774.120972.298880@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Chet Vora <chetanvora@xxxxxxxxx> wrote:
The spec (RFC 4253
Section 9) says that the re-exchange is performed identically to the
first key exchange except the session identifier is reused which I
interpret to mean that the hash H is to be calculated only the first
time and reused afterwards.
That's wrong. A new exchange hash, H, gets generated, and used
everywhere the spec specifies H. It's just the session identifier that
doesn't change, and retains the value generated during the first key
exchange.
As an example, the first block of key material is specified to be:
K1 = HASH(K || H || X || session_id) (X is e.g., "A")
Where this mentions 'H', that's the exchange hash from the current key
exchange, whereas where it mentions 'session_id', that's the session
identifier, i.e. the exchange hash from the first key exchange.
So basically, I save H and recalculate everything. Note even though H
is the old one, signature of H will be different as the new signature
is obtained using the newly generated keypair.
Um, the signature is generated using the host key, which doesn't
(usually) change between key exchanges, so I'm not sure how you get a
different signature.
--
Ben Harris
.
- References:
- "Host key did not match signature" error during rekey
- From: Chet Vora
- "Host key did not match signature" error during rekey
- Prev by Date: Re: Incorrect protocol implementation by OpenSSH?
- Next by Date: Re: Incorrect protocol implementation by OpenSSH?
- Previous by thread: Re: "Host key did not match signature" error during rekey
- Index(es):
Relevant Pages
|
