[Touch-packages] [Bug 1608965] Re: ssh GSSAPI rekey failure

Mon, 16 Jan 2017 07:27:05 -0800 

I've applied this patch to Debian unstable (thanks!), so it'll be in
Ubuntu 17.04.  I'd be happy to help somebody issue stable updates for
16.04 and 16.10, but am unlikely to have time to do that myself.

** Also affects: openssh (Ubuntu Yakkety)
   Importance: Undecided
       Status: New

** Also affects: openssh (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: openssh (Ubuntu Xenial)
       Status: New => Triaged

** Changed in: openssh (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: openssh (Ubuntu Yakkety)
       Status: New => Triaged

** Changed in: openssh (Ubuntu Yakkety)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1608965

Title:
  ssh GSSAPI rekey failure

Status in openssh package in Ubuntu:
  Triaged
Status in openssh source package in Xenial:
  Triaged
Status in openssh source package in Yakkety:
  Triaged

Bug description:
  If I have ssh set up using GSSAPI with rekeying enabled, then the
  connection fails on rekey, and tries to do host-based verification
  'mid-session'.

  Steps to reproduce:

  $ ssh -vvv server.example.com
  <snip...>
  debug1: Authenticating to ssh.example.com:22 as 'user'
  <snip...>
  debug2: local client KEXINIT proposal
  debug2: KEX algorithms: 
gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group14-sha1-A/vxljAEU54gt9a48EiANQ==,gss-gex-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group1-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group14-sha1-bontcUwnM6aGfWCP21alxQ==,gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
  <snip...>
  debug2: peer server KEXINIT proposal
  debug2: KEX algorithms: 
gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
  <snip...>
  Last login: Tue Aug 02 10:47:20 2016 from foo

  # Then do 'kinit' on the client to get a new ticket...

  debug1: need rekeying
  debug1: SSH2_MSG_KEXINIT sent
  debug1: rekeying in progress
  debug1: SSH2_MSG_KEXINIT received
  debug2: local client KEXINIT proposal
  debug2: KEX algorithms: 
curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
  debug2: host key algorithms: 
ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,null
  [...]
  debug2: peer server KEXINIT proposal
  debug2: KEX algorithms: 
gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
  [...]
  debug1: kex: algorithm: curve25519-sha...@libssh.org
  debug1: kex: host key algorithm: ecdsa-sha2-nistp256
  debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: 
<implicit> compression: none
  debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: 
<implicit> compression: none
  debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
  debug1: rekeying in progress
  debug1: rekeying in progress
  debug1: Server host key: ecdsa-sha2-nistp256 
SHA256:w7yxbCZNBX4d5EAgmCrFYa3XUpDjvWiDOw4/YOY9q8E
  The authenticity of host 'server.example.com (10.0.0.1)' can't be established.
  ECDSA key fingerprint is SHA256:w7yxbCZNBX4d5EAgmCrFYa3XUpDjvWiDOw4/YOY9q8E.
  Are you sure you want to continue connecting (yes/no)? 
  Host key verification failed.

  It looks like the list of KEX algorithms differs between the initial
  connection, and the rekeying.

  This behaviour seems to occur with a client running 16.04 (openssh-
  client 1:7.2p2-4ubuntu1) but not on 15.10 (openssh-client
  1:6.9p1-2ubuntu0.2).

  ssh_config is as follows:

  HashKnownHosts no
  GSSAPIAuthentication yes
  GSSAPIDelegateCredentials yes
  GSSAPIRenewalForcesRekey yes
  GSSAPITrustDNS yes
  GSSAPIKeyExchange yes
  ForwardX11 yes
  ForwardX11Trusted yes

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1608965/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to