https://bugzilla.mindrot.org/show_bug.cgi?id=2725
Darren Tucker <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #3 from Darren Tucker <[email protected]> --- I tried reproducing this with a local build of that (12 year old!) version of dropbear. Surprisingly I was able to reproduce it. On the sever it says: [32036] Jun 23 13:56:04 Child connection from 127.0.0.1:41420 [32036] Jun 23 13:56:04 exit before auth: bad buf_getwriteptr After some experimentation, it seems to be related to the total size of the KEX proposal (I'd guess <512 bytes). If we keep adding redundant MACs to the proposal it fails when the MAC list gets to 350 bytes: $ mac=hmac-sha1; while ssh -p 2022 -o hostkeyalgorithms=ssh-dss -o kexalgorithms=diffie-hellman-group1-sha1 -caes128-cbc -m $mac localhost echo ok; do mac="$mac,hmac-sha1"; echo -n "`echo $mac | wc -c` "; done [...] 330 ok 340 ok 350 Connection closed by 127.0.0.1 port 2022 If you make any of the other algorithm lists longer then it'll fail correspondingly earlier. So, it's a bug or implementation limit in the server. You can work around it on the client side as you have discovered. The client could conceivably use the bug bits in compat.{c,h} to limit what it sends in these cases but I'm not sure it's worth the complexity. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
