Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

[Craig Rodrigues]

On Friday, December 2, 2016, Glyph Lefkowitz 
wrote:
>
> I think there might be a regression in 16.6.0.
>
> For every version up to 16.6.0, I can do 'conch twistedmatrix.com' in a
> shell and it works fine.
>

I believe that I have fixed this in trunk.
Can you try this with conch in trunk?

This works for me in trunk:

1.  Start with an empty ~/.ssh/known_hosts file , or one with an ecdsa key
for myhost.com
2.  ssh myhost.com
3.  log out of myhost.com
3.  see that ~/.ssh/known_hosts contains an ecdsa host key for myhost.com
4.  conch myhost.com
5.  successfully log into myhost.com with conch

Before the latest fixes, I would get a bad host key error in step 5.

Many thanks to the0id and acabhishek942 for providing the ecdsa fixes to
conch.

--
Craig
___
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

[Glyph Lefkowitz]

It works:

$ conch twistedmatrix.com echo hooray
hooray
  $ conch --version
Twisted version: 16.6.0dev0
$ 

That's using an RSA host key though.  It seems that the hosts I have using 
ECDSA keys (buildbot.twistedmatrix.com , 
for example) still don't work with conch.  Is that expected at this point?

-glyph

> On Dec 20, 2016, at 2:32 PM, Craig Rodrigues  wrote:
> 
> On Friday, December 2, 2016, Glyph Lefkowitz  > wrote:
> I think there might be a regression in 16.6.0.
> 
> For every version up to 16.6.0, I can do 'conch twistedmatrix.com 
> ' in a shell and it works fine.
> 
> I believe that I have fixed this in trunk.
> Can you try this with conch in trunk?
> 
> This works for me in trunk:
> 
> 1.  Start with an empty ~/.ssh/known_hosts file , or one with an ecdsa key 
> for myhost.com 
> 2.  ssh myhost.com 
> 3.  log out of myhost.com 
> 3.  see that ~/.ssh/known_hosts contains an ecdsa host key for myhost.com 
> 
> 4.  conch myhost.com 
> 5.  successfully log into myhost.com  with conch
> 
> Before the latest fixes, I would get a bad host key error in step 5.
> 
> Many thanks to the0id and acabhishek942 for providing the ecdsa fixes to 
> conch.
> 
> --
> Craig
>  
> ___
> Twisted-Python mailing list
> Twisted-Python@twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

___
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

[Craig Rodrigues]

I'm not sure. I was able to use conch to log into a box where the ecdsa key
looked like this in my ~/.ssh/known_hosts

192.168.1.2 ecdsa-sha2-nistp256 XX

--

Craig



On Tue, Dec 20, 2016 at 4:10 PM, Glyph Lefkowitz 
wrote:

> It works:
>
> $ conch twistedmatrix.com echo hooray
> hooray
>   $ conch --version
> Twisted version: 16.6.0dev0
> $
>
>
> That's using an RSA host key though.  It seems that the hosts I have using
> ECDSA keys (buildbot.twistedmatrix.com, for example) still don't work
> with conch.  Is that expected at this point?
>
> -glyph
>
> On Dec 20, 2016, at 2:32 PM, Craig Rodrigues 
> wrote:
>
> On Friday, December 2, 2016, Glyph Lefkowitz 
> wrote:
>>
>> I think there might be a regression in 16.6.0.
>>
>> For every version up to 16.6.0, I can do 'conch twistedmatrix.com' in a
>> shell and it works fine.
>>
>
> I believe that I have fixed this in trunk.
> Can you try this with conch in trunk?
>
> This works for me in trunk:
>
> 1.  Start with an empty ~/.ssh/known_hosts file , or one with an ecdsa key
> for myhost.com
> 2.  ssh myhost.com
> 3.  log out of myhost.com
> 3.  see that ~/.ssh/known_hosts contains an ecdsa host key for myhost.com
> 4.  conch myhost.com
> 5.  successfully log into myhost.com with conch
>
> Before the latest fixes, I would get a bad host key error in step 5.
>
> Many thanks to the0id and acabhishek942 for providing the ecdsa fixes to
> conch.
>
> --
> Craig
>
> ___
> Twisted-Python mailing list
> Twisted-Python@twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
>
>
> ___
> Twisted-Python mailing list
> Twisted-Python@twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
>
___
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

[Glyph Lefkowitz]

Here's buildbot's key:

buildbot.twistedmatrix.com ecdsa-sha2-nistp256 
E2VjZHNhLXNoYTItbmlzdHAyNTYIbmlzdHAyNTYAAAcw4pr6WdgDMw7PbkvsuEdCqKQTtpLYPGoe7qkuQucuexYBiCkO/BeoB0wANX2cVmxUP0llpYJQL4w3cAR0csA=

I think you should be able to validate that even if you can't auth :)

-g


> On Dec 20, 2016, at 4:54 PM, Craig Rodrigues  wrote:
> 
> I'm not sure. I was able to use conch to log into a box where the ecdsa key 
> looked like this in my ~/.ssh/known_hosts
> 
> 192.168.1.2 ecdsa-sha2-nistp256 XX
> 
> --
> 
> Craig
> 
> 
> 
> 
> On Tue, Dec 20, 2016 at 4:10 PM, Glyph Lefkowitz  > wrote:
> It works:
> 
> $ conch twistedmatrix.com  echo hooray
> hooray
>   $ conch --version
> Twisted version: 16.6.0dev0
> $ 
> 
> That's using an RSA host key though.  It seems that the hosts I have using 
> ECDSA keys (buildbot.twistedmatrix.com , 
> for example) still don't work with conch.  Is that expected at this point?
> 
> -glyph
> 
>> On Dec 20, 2016, at 2:32 PM, Craig Rodrigues > > wrote:
>> 
>> On Friday, December 2, 2016, Glyph Lefkowitz > > wrote:
>> I think there might be a regression in 16.6.0.
>> 
>> For every version up to 16.6.0, I can do 'conch twistedmatrix.com 
>> ' in a shell and it works fine.
>> 
>> I believe that I have fixed this in trunk.
>> Can you try this with conch in trunk?
>> 
>> This works for me in trunk:
>> 
>> 1.  Start with an empty ~/.ssh/known_hosts file , or one with an ecdsa key 
>> for myhost.com 
>> 2.  ssh myhost.com 
>> 3.  log out of myhost.com 
>> 3.  see that ~/.ssh/known_hosts contains an ecdsa host key for myhost.com 
>> 
>> 4.  conch myhost.com 
>> 5.  successfully log into myhost.com  with conch
>> 
>> Before the latest fixes, I would get a bad host key error in step 5.
>> 
>> Many thanks to the0id and acabhishek942 for providing the ecdsa fixes to 
>> conch.
>> 
>> --
>> Craig
>>  
>> ___
>> Twisted-Python mailing list
>> Twisted-Python@twistedmatrix.com 
>> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python 
>> 
> 
> 
> ___
> Twisted-Python mailing list
> Twisted-Python@twistedmatrix.com 
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python 
> 
> 
> 
> ___
> Twisted-Python mailing list
> Twisted-Python@twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

___
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

[Craig Rodrigues]

Ah, OK.  In my testing, I had this in my server's /etc/ssh/sshd_config file
to force
use of ECDSA keys during my testing:


# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key


If I then logged into the server with:
 *conch 192.168.1.2*

, then having an ecdsa key in ~/.ssh/known_hosts
worked fine and I could log in.  Before the latest patches, the ecdsa keys
were not
being parsed properly and this never worked at all.

If I changed the config on the server to:

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

I got a bad host key error with conch, same as if I tried to log into
buildbot.twistedmatrix.com.
I put this:

import pudb; pudb.set_trace()

on this line inside *_continue_KEX_ECDH_REPLY()* :
https://github.com/twisted/twisted/blob/trunk/src/twisted/conch/ssh/transport.py#L1671

What I then found was that on this line:

hostkey, pubKey, signature, packet = getNS(packet, 3)


The host key is an RSA key.  Then this line in the same function:

 d = self.verifyHostKey(hostKey, fingerprint)
tries to compare the hostKey for 192.168.1.2 (which is RSA), against
the key in ~/.ssh/known_hosts which is ecdsa.  It then fails and returns a
bad host key error.

I also get this problem when trying to do *conch buildbot.twistedmatrix.com
*


--
Craig


On Tue, Dec 20, 2016 at 5:13 PM, Glyph Lefkowitz 
wrote:

> Here's buildbot's key:
>
> buildbot.twistedmatrix.com ecdsa-sha2-nistp256
> E2VjZHNhLXNoYTItbmlzdHAyNTYIbmlzdHAyNTYAAAcw4pr6
> WdgDMw7PbkvsuEdCqKQTtpLYPGoe7qkuQucuexYBiCkO/
> BeoB0wANX2cVmxUP0llpYJQL4w3cAR0csA=
>
> I think you should be able to validate that even if you can't auth :)
>
> -g
>
>
> On Dec 20, 2016, at 4:54 PM, Craig Rodrigues 
> wrote:
>
> I'm not sure. I was able to use conch to log into a box where the ecdsa
> key looked like this in my ~/.ssh/known_hosts
>
> 192.168.1.2 ecdsa-sha2-nistp256 XX
>
> --
>
> Craig
>
>
>
> On Tue, Dec 20, 2016 at 4:10 PM, Glyph Lefkowitz 
> wrote:
>
>> It works:
>>
>> $ conch twistedmatrix.com echo hooray
>> hooray
>>   $ conch --version
>> Twisted version: 16.6.0dev0
>> $
>>
>>
>> That's using an RSA host key though.  It seems that the hosts I have
>> using ECDSA keys (buildbot.twistedmatrix.com, for example) still don't
>> work with conch.  Is that expected at this point?
>>
>> -glyph
>>
>> On Dec 20, 2016, at 2:32 PM, Craig Rodrigues 
>> wrote:
>>
>> On Friday, December 2, 2016, Glyph Lefkowitz 
>> wrote:
>>>
>>> I think there might be a regression in 16.6.0.
>>>
>>> For every version up to 16.6.0, I can do 'conch twistedmatrix.com' in a
>>> shell and it works fine.
>>>
>>
>> I believe that I have fixed this in trunk.
>> Can you try this with conch in trunk?
>>
>> This works for me in trunk:
>>
>> 1.  Start with an empty ~/.ssh/known_hosts file , or one with an ecdsa
>> key for myhost.com
>> 2.  ssh myhost.com
>> 3.  log out of myhost.com
>> 3.  see that ~/.ssh/known_hosts contains an ecdsa host key for myhost.com
>> 4.  conch myhost.com
>> 5.  successfully log into myhost.com with conch
>>
>> Before the latest fixes, I would get a bad host key error in step 5.
>>
>> Many thanks to the0id and acabhishek942 for providing the ecdsa fixes to
>> conch.
>>
>> --
>> Craig
>>
>> ___
>> Twisted-Python mailing list
>> Twisted-Python@twistedmatrix.com
>> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>>
>>
>>
>> ___
>> Twisted-Python mailing list
>> Twisted-Python@twistedmatrix.com
>> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>>
>>
> ___
> Twisted-Python mailing list
> Twisted-Python@twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
>
>
> ___
> Twisted-Python mailing list
> Twisted-Python@twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
>
___
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

[Glyph Lefkowitz]

> On Dec 20, 2016, at 5:50 PM, Craig Rodrigues  wrote:
> 
> Ah, OK.  In my testing, I had this in my server's /etc/ssh/sshd_config file 
> to force
> use of ECDSA keys during my testing:
> 
> 
> # HostKey for protocol version 1
> #HostKey /etc/ssh/ssh_host_key
> # HostKeys for protocol version 2
> #HostKey /etc/ssh/ssh_host_rsa_key
> #HostKey /etc/ssh/ssh_host_dsa_key
> HostKey /etc/ssh/ssh_host_ecdsa_key
> HostKey /etc/ssh/ssh_host_ed25519_key
> 
> 
> If I then logged into the server with:
>  conch 192.168.1.2
> 
> , then having an ecdsa key in ~/.ssh/known_hosts
> worked fine and I could log in.  Before the latest patches, the ecdsa keys 
> were not
> being parsed properly and this never worked at all.
> 
> If I changed the config on the server to:
> 
> # HostKey for protocol version 1
> #HostKey /etc/ssh/ssh_host_key
> # HostKeys for protocol version 2
> #HostKey /etc/ssh/ssh_host_rsa_key
> #HostKey /etc/ssh/ssh_host_dsa_key
> #HostKey /etc/ssh/ssh_host_ecdsa_key
> #HostKey /etc/ssh/ssh_host_ed25519_key
> 
> I got a bad host key error with conch, same as if I tried to log into 
> buildbot.twistedmatrix.com .
> I put this:
> 
> import pudb; pudb.set_trace()
> 
> on this line inside _continue_KEX_ECDH_REPLY() :
> https://github.com/twisted/twisted/blob/trunk/src/twisted/conch/ssh/transport.py#L1671
>  
> 
Did you mean 
https://github.com/twisted/twisted/blob/71643ca93e024d33dba8de9eef149876554c2dd7/src/twisted/conch/ssh/transport.py#L1674
 

 ?

> What I then found was that on this line:
> 
> hostkey, pubKey, signature, packet = getNS(packet, 3)
> 
> 
> The host key is an RSA key.  Then this line in the same function:
>  d = self.verifyHostKey(hostKey, fingerprint)
> 
> tries to compare the hostKey for 192.168.1.2 (which is RSA), against
> the key in ~/.ssh/known_hosts which is ecdsa.  It then fails and returns a 
> bad host key error.
> 
> I also get this problem when trying to do conch buildbot.twistedmatrix.com 
> 
So... is this because buildbot.twistedmatrix.com 
 has an RSA key as well, and when it offers 
it, our checking isn't correctly comparing the type before deciding that it 
doesn't match, or allowing for multiple keys?  I notice that if I manually add 
the RSA key and delete the ECDSA key it seems to work.

-g

> --
> Craig
> 
> 
> On Tue, Dec 20, 2016 at 5:13 PM, Glyph Lefkowitz  > wrote:
> Here's buildbot's key:
> 
> buildbot.twistedmatrix.com  
> ecdsa-sha2-nistp256 
> E2VjZHNhLXNoYTItbmlzdHAyNTYIbmlzdHAyNTYAAAcw4pr6WdgDMw7PbkvsuEdCqKQTtpLYPGoe7qkuQucuexYBiCkO/BeoB0wANX2cVmxUP0llpYJQL4w3cAR0csA=
> 
> I think you should be able to validate that even if you can't auth :)
> 
> -g
> 
> 
>> On Dec 20, 2016, at 4:54 PM, Craig Rodrigues > > wrote:
>> 
>> I'm not sure. I was able to use conch to log into a box where the ecdsa key 
>> looked like this in my ~/.ssh/known_hosts
>> 
>> 192.168.1.2 ecdsa-sha2-nistp256 XX
>> 
>> --
>> 
>> Craig
>> 
>> 
>> 
>> 
>> On Tue, Dec 20, 2016 at 4:10 PM, Glyph Lefkowitz > > wrote:
>> It works:
>> 
>> $ conch twistedmatrix.com  echo hooray
>> hooray
>>   $ conch --version
>> Twisted version: 16.6.0dev0
>> $ 
>> 
>> That's using an RSA host key though.  It seems that the hosts I have using 
>> ECDSA keys (buildbot.twistedmatrix.com , 
>> for example) still don't work with conch.  Is that expected at this point?
>> 
>> -glyph
>> 
>>> On Dec 20, 2016, at 2:32 PM, Craig Rodrigues >> > wrote:
>>> 
>>> On Friday, December 2, 2016, Glyph Lefkowitz >> > wrote:
>>> I think there might be a regression in 16.6.0.
>>> 
>>> For every version up to 16.6.0, I can do 'conch twistedmatrix.com 
>>> ' in a shell and it works fine.
>>> 
>>> I believe that I have fixed this in trunk.
>>> Can you try this with conch in trunk?
>>> 
>>> This works for me in trunk:
>>> 
>>> 1.  Start with an empty ~/.ssh/known_hosts file , or one with an ecdsa key 
>>> for myhost.com 
>>> 2.  ssh myhost.com 
>>> 3.  log out of myhost.com 
>>> 3.  see that ~/.ssh/known_hosts contains an ecdsa host key for myhost.com 
>>> 
>>> 4.  conch myhost.com 
>>> 5.  successfully log into myhost.com  with conch
>>> 
>>> Before the latest fixes, I would get a bad host key error in step 5.
>>> 
>>> Many thanks to the0id and acabhishek942 for providing the ecdsa fixes to 
>>> conch.
>>>

[Twisted-Python] hmac-sha2-512 - Corrupted MAC on input with OpenSSH

[陈健]

 hi:
|
|

I write a SSH server with Twisted(15.5.0)  Conch.  But it  don't support 
hmac-sha2-512 MAC algorithms

|
.  However I see this problem has been fixed in 
https://twistedmatrix.com/trac/ticket/8108 .  I asked the question in 
http://stackoverflow.com/questions/41254398/twisted-hmac-sha2-512-corrupted-mac-on-input-with-openssh
 .

Best regards,

 ---jianchen

___
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

[Craig Rodrigues]

On Tue, Dec 20, 2016 at 6:24 PM, Glyph Lefkowitz 
wrote:

>
>

>
> So... is this because buildbot.twistedmatrix.com has an RSA key as well,
> and when it offers it, our checking isn't correctly comparing the type
> before deciding that it doesn't match, or allowing for multiple keys?  I
> notice that if I manually add the RSA key and delete the ECDSA key it seems
> to work.
>
> -g
>
>

Yes, that is part of it.
What is happening is that the conch client sends a MSG_KEXINIT
packet to the server to negotatiate what the host key should be.
If I use an OpenSSH ssh client to connect to OpenSSH sshd server,
the negotiated host key algorithm is ecdsa-sha2-nistp256.

If I use a conch client to connect to the OpenSSH sshd server,
the negotiated host key algorithm is ssh-rsa.

I started a test instance of the sshd server with:

/usr/sbin/sshd -p 9000 -d -d -d

and captured the logs (see attached).

I think some problems are:
  (1)  conch proposes a list of *host key algorithms* in a different order
than
 OpenSSH.  It shouldn't matter, but conch proposes ssh-rsa first,
 while OpenSSH proposes it last.
  (2)  OpenSSH client seems to be able to receive multiple host keys back
 from the server, and can match the one it has.

--
Craig
Script started on Tue Dec 20 18:50:42 2016
Command: /usr/sbin/sshd -p 9000 -d -d -d
debug2: load_server_config: filename /etc/ssh/sshd_config

debug2: load_server_config: done config len = 197

debug2: parse_server_config: config /etc/ssh/sshd_config len 197

debug3: /etc/ssh/sshd_config:49 setting PermitRootLogin yes

debug3: /etc/ssh/sshd_config:131 setting Subsystem sftp /usr/libexec/sftp-server

debug1: sshd version OpenSSH_7.2, OpenSSL 1.0.2j-freebsd  26 Sep 2016

debug1: private host key #0: ssh-rsa 
SHA256:73H4OcFhNGdHY2sVsbBOVVOudub2EkvfYNlwpxWM1Xw

debug1: private host key #1: ssh-dss 
SHA256:6BQ11F0ejGONS1+d4O63t7fyyGKaEyW33a73x5G/3ic

debug1: private host key #2: ecdsa-sha2-nistp256 
SHA256:jkq3WG/EU+yyyg8xemPshcErRvPYmSbU202opbYgzHU

debug1: private host key #3: ssh-ed25519 
SHA256:59NbS+jIUH9ADjLpk5nQLKq229hrx89QpAd3Z3Ts6j4

debug1: rexec_argv[0]='/usr/sbin/sshd'

debug1: rexec_argv[1]='-p'

debug1: rexec_argv[2]='9000'

debug1: rexec_argv[3]='-d'

debug1: rexec_argv[4]='-d'

debug1: rexec_argv[5]='-d'

debug2: fd 3 setting O_NONBLOCK

debug3: Fssh_sock_set_v6only: set socket 3 IPV6_V6ONLY

debug1: Bind to port 9000 on ::.

debug1: Server TCP RWIN socket size: 65536

Server listening on :: port 9000.

debug2: fd 4 setting O_NONBLOCK

debug1: Bind to port 9000 on 0.0.0.0.

debug1: Server TCP RWIN socket size: 65536

Server listening on 0.0.0.0 port 9000.

debug1: fd 5 clearing O_NONBLOCK

debug1: Server will not fork when running in debugging mode.

debug3: send_rexec_state: entering fd = 8 config len 197

debug3: ssh_msg_send: type 0

debug3: send_rexec_state: done

debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8

debug1: inetd sockets after dupping: 3, 3

debug1: res_init()

Connection from 192.168.1.5 port 58546 on 192.168.1.2 port 9000

debug1: Client protocol version 2.0; client software version OpenSSH_7.2

debug1: match: OpenSSH_7.2 pat OpenSSH* compat 0x0400

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_7.2 FreeBSD-20160310

debug2: fd 3 setting O_NONBLOCK

debug3: ssh_sandbox_init: preparing capsicum sandbox

debug2: Network child is on pid 68979

debug3: preauth child monitor started

debug3: privsep user:group 22:22 [preauth]

debug1: permanently_set_uid: 22/22 [preauth]

debug3: list_hostkey_types: ssh-dss key not permitted by HostkeyAlgorithms 
[preauth]

debug1: list_hostkey_types: 
ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]

debug3: send packet: type 20 [preauth]

debug1: SSH2_MSG_KEXINIT sent [preauth]

debug3: receive packet: type 20 [preauth]

debug1: SSH2_MSG_KEXINIT received [preauth]

debug2: local server KEXINIT proposal [preauth]

debug2: KEX algorithms: 
curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
 [preauth]

debug2: host key algorithms: 
ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]

debug2: ciphers ctos: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
 [preauth]

debug2: ciphers stoc: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
 [preauth]

debug2: MACs ctos: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
 [preauth]

debug2: MACs stoc: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,h

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

[Craig Rodrigues]

On Tue, Dec 20, 2016 at 7:32 PM, Craig Rodrigues 
wrote:

> On Tue, Dec 20, 2016 at 6:24 PM, Glyph Lefkowitz 
> wrote:
>
>>
>>
>
>>
>> So... is this because buildbot.twistedmatrix.com has an RSA key as well,
>> and when it offers it, our checking isn't correctly comparing the type
>> before deciding that it doesn't match, or allowing for multiple keys?  I
>> notice that if I manually add the RSA key and delete the ECDSA key it seems
>> to work.
>>
>> -g
>>
>>
>
> Yes, that is part of it.
> What is happening is that the conch client sends a MSG_KEXINIT
> packet to the server to negotatiate what the host key should be.
> If I use an OpenSSH ssh client to connect to OpenSSH sshd server,
> the negotiated host key algorithm is ecdsa-sha2-nistp256.
>
> If I use a conch client to connect to the OpenSSH sshd server,
> the negotiated host key algorithm is ssh-rsa.
>
> I started a test instance of the sshd server with:
>
> /usr/sbin/sshd -p 9000 -d -d -d
>
> and captured the logs (see attached).
>
> I think some problems are:
>   (1)  conch proposes a list of *host key algorithms* in a different
> order than
>  OpenSSH.  It shouldn't matter, but conch proposes ssh-rsa first,
>  while OpenSSH proposes it last.
>   (2)  OpenSSH client seems to be able to receive multiple host keys back
>  from the server, and can match the one it has.
>
> --
> Craig
>
>
Here are the proper logs.
Script started on Tue Dec 20 18:50:57 2016
Command: /usr/sbin/sshd -p 9000 -d -d -d
debug2: load_server_config: filename /etc/ssh/sshd_config

debug2: load_server_config: done config len = 197

debug2: parse_server_config: config /etc/ssh/sshd_config len 197

debug3: /etc/ssh/sshd_config:49 setting PermitRootLogin yes

debug3: /etc/ssh/sshd_config:131 setting Subsystem sftp /usr/libexec/sftp-server

debug1: sshd version OpenSSH_7.2, OpenSSL 1.0.2j-freebsd  26 Sep 2016

debug1: private host key #0: ssh-rsa 
SHA256:73H4OcFhNGdHY2sVsbBOVVOudub2EkvfYNlwpxWM1Xw

debug1: private host key #1: ssh-dss 
SHA256:6BQ11F0ejGONS1+d4O63t7fyyGKaEyW33a73x5G/3ic

debug1: private host key #2: ecdsa-sha2-nistp256 
SHA256:jkq3WG/EU+yyyg8xemPshcErRvPYmSbU202opbYgzHU

debug1: private host key #3: ssh-ed25519 
SHA256:59NbS+jIUH9ADjLpk5nQLKq229hrx89QpAd3Z3Ts6j4

debug1: rexec_argv[0]='/usr/sbin/sshd'

debug1: rexec_argv[1]='-p'

debug1: rexec_argv[2]='9000'

debug1: rexec_argv[3]='-d'

debug1: rexec_argv[4]='-d'

debug1: rexec_argv[5]='-d'

debug2: fd 3 setting O_NONBLOCK

debug3: Fssh_sock_set_v6only: set socket 3 IPV6_V6ONLY

debug1: Bind to port 9000 on ::.

debug1: Server TCP RWIN socket size: 65536

Server listening on :: port 9000.

debug2: fd 4 setting O_NONBLOCK

debug1: Bind to port 9000 on 0.0.0.0.

debug1: Server TCP RWIN socket size: 65536

Server listening on 0.0.0.0 port 9000.

debug1: fd 5 clearing O_NONBLOCK

debug1: Server will not fork when running in debugging mode.

debug3: send_rexec_state: entering fd = 8 config len 197

debug3: ssh_msg_send: type 0

debug3: send_rexec_state: done

debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8

debug1: inetd sockets after dupping: 3, 3

debug1: res_init()

Connection from 192.168.1.5 port 58547 on 192.168.1.2 port 9000

debug1: Client protocol version 2.0; client software version Twisted

debug1: no match: Twisted

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_7.2 FreeBSD-20160310

debug2: fd 3 setting O_NONBLOCK

debug3: ssh_sandbox_init: preparing capsicum sandbox

debug2: Network child is on pid 69006

debug3: preauth child monitor started

debug3: privsep user:group 22:22 [preauth]

debug1: permanently_set_uid: 22/22 [preauth]

debug3: list_hostkey_types: ssh-dss key not permitted by HostkeyAlgorithms 
[preauth]

debug1: list_hostkey_types: 
ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]

debug3: send packet: type 20 [preauth]

debug1: SSH2_MSG_KEXINIT sent [preauth]

debug3: receive packet: type 20 [preauth]

debug1: SSH2_MSG_KEXINIT received [preauth]

debug2: local server KEXINIT proposal [preauth]

debug2: KEX algorithms: 
curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
 [preauth]

debug2: host key algorithms: 
ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]

debug2: ciphers ctos: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
 [preauth]

debug2: ciphers stoc: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
 [preauth]

debug2: MACs ctos: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
 [preauth]

debug2: MACs st