(I'm sorry - the securityfocus mailing list is dead
and there are no other SSH resources on the net)


Hello,

Client is (some netware installation) running:

Local version string SSH-2.0-OpenSSH_3.7.1p2

Server is plain old FreeBSD 6.2-RELEASE running:

OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1


When I attempt to connect from client (netware) to
server (freebsd) I see:

ssh -vvv user@host

<0> debug1: kex: client->server aes128-cbc hmac-md5
none
<0> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent

<0> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

<0> debug2: bits set: 1049/2048

<0> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

<0> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

<0> debug3: check_host_in_hostfile: filename
/etc/ssh/known_hosts
<0> debug3: check_host_in_hostfile: match line 1

<0> debug3: check_host_in_hostfile: filename
/etc/ssh/known_hosts
<0> debug3: check_host_in_hostfile: match line 1

<0> debug1: Host 'host' is known and matches the DSA
host key.
<0> debug1: Found key in /etc/ssh/known_hosts:1

<0> debug2: bits set: 1010/2048

<0> debug1: ssh_dss_verify: signature error

<0> fatal: key_verify failed for server_host_key

<0> debug1: Calling cleanup 0xa69a0ec0(0x0)

<0> debug1: Calling cleanup 0xa6994630(0x0)

<0> debug3: DecrementThreadCount() Thread count is now
1
<0> debug1: SSH_NWExit(0) calling SSH_NetWareExit()


The key pieces of the error being:


<0> debug1: ssh_dss_verify: signature error

<0> fatal: key_verify failed for server_host_key


So then I connect forcing version 1:


ssh -vvv -1 user@host


and I get:


<0> fatal: Selected cipher type not
supported by server.


So if I specify DES:

ssh -vvv -1 -c des user@host


<0> fatal: Selected cipher type des not supported by
server.


Finally, I specify 3des, and I get no output at all:

ssh -vvv -1 -c 3des user@host

the command just completes and I get no output - as if
I did not run it at all.


Any suggestions ? Has anyone connected from netware
to a recent OpenSSH 4.5.x server ? This is one of the
newest, if not the very newest release distros of
OpenSSH for netware, so we are fairly up to date...


Thanks.


__________________________________________________ __________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev