[openssh 0005173]: Bug in sshd when using ed25519 keys

Mantis Bug Tracker via bug-notifications bug-notifications at lists.opencsw.org
Wed Jun 11 11:44:50 CEST 2014 

A NOTE has been added to this issue. 
====================================================================== 
https://www.opencsw.org/mantis/view.php?id=5173 
====================================================================== 
Reported By:                schwindt
Assigned To:                yann
====================================================================== 
Project:                    openssh
Issue ID:                   5173
Category:                   other
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     feedback
====================================================================== 
Date Submitted:             2014-05-22 15:11 CEST
Last Modified:              2014-06-11 11:44 CEST
====================================================================== 
Summary:                    Bug in sshd when using ed25519 keys
Description: 
Remember me reporting ed25519 keys not being generated ? 
If only I had kept my mouth shut .)

The keys get generated but they can't be used.
On setting up a fresh machine, which consequently did not have the rsa host
key,
I was not able to connect to a machine having an ed25519 hostkey.

Removing the key from the server and knownhosts, modifying
/opt/csw/sbin/sshd.smf_wrapper not to generate keys,
restarting sshd -> everything changes back to normal.

This happens for solaris clients as well as e.g. archlinux clients.

====================================================================== 

---------------------------------------------------------------------- 
 (0010861) schwindt (developer) - 2014-06-11 11:44
 https://www.opencsw.org/mantis/view.php?id=5173#c10861 
---------------------------------------------------------------------- 
The client :

schwindt at isg-1505 [/home/schwindt] ssh -p 1025 isg-1505 -v -v -v
OpenSSH_6.6, OpenSSL 1.0.1g 7 Apr 2014
debug1: Reading configuration data /home/schwindt/.ssh/config
debug1: Reading configuration data /etc/opt/csw/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to isg-1505 [192.168.15.105] port 1025.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/schwindt/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/schwindt/.ssh/id_rsa type 1
debug1: identity file /home/schwindt/.ssh/id_rsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/schwindt/.ssh/id_dsa" as a RSA1 public key
debug1: identity file /home/schwindt/.ssh/id_dsa type 2
debug1: identity file /home/schwindt/.ssh/id_dsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/schwindt/.ssh/id_ecdsa" as a RSA1 public key
debug1: identity file /home/schwindt/.ssh/id_ecdsa type 3
debug1: identity file /home/schwindt/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/schwindt/.ssh/id_ed25519 type -1
debug1: identity file /home/schwindt/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug3: put_host_port: [isg-1505]:1025
debug3: load_hostkeys: loading entries for host "[isg-1505]:1025" from file
"/home/schwindt/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit:
ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
debug2: kex_parse_kexinit:
hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit:
curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ssh-rsa,ssh-ed25519
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
debug2: kex_parse_kexinit:
hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib at openssh.com
debudebug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-md5-etm at openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm at openssh.com none
debug2: mac_setup: setup hmac-md5-etm at openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm at openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ED25519
c1:ad:de:47:7d:ad:a0:36:d3:5c:ed:4c:08:12:24:57
debug3: put_host_port: [192.168.15.105]:1025
debug3: put_host_port: [isg-1505]:1025
debug3: load_hostkeys: loading entries for host "[isg-1505]:1025" from file
"/home/schwindt/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug3: load_hostkeys: loading entries for host "[192.168.15.105]:1025"
from file "/home/schwindt/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: checking without port identifier
debug3: load_hostkeys: loading entries for host "isg-1505" from file
"/home/schwindt/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug3: load_hostkeys: loading entries for host "192.168.15.105" from file
"/home/schwindt/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
The authenticity of host '[isg-1505]:1025 ([192.168.15.105]:1025)' can't be
established.
ED25519 key fingerprint is
c1:ad:de:47:7d:ad:a0:36:d3:5c:ed:4c:08:12:24:57.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[isg-1505]:1025,[192.168.15.105]:1025'
(ED25519) to the list of known hosts.
debug2: ssh_ed25519_verify: crypto_sign_ed25519_open failed: -1
debug1: ssh_ed25519_verify: signature incorrect
key_verify failed for server_host_key
g2: kex_parse_kexinit: none,zlib at openssh.com

More information about the bug-notifications mailing list