Ubuntu
openssh package

Fix broken handling of first_kex_follows clients

Bug #1526357 reported by Matt Johnston
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Fix Released
High
Colin Watson

Bug Description

OpenSSH versions between 6.8 and 7.1 inclusive have a regression that breaks connections from clients that use SSH first_kex_follows feature. This affects connections from the Dropbear SSH client (dbclient), they fail with "bad hostkey signature" or similar. It may affect ssh.com clients too.

This has been fixed in upstream in the attached patch, it would be worthwhile including in Xenial if it's going to ship with the current OpenSSH 7.1. Upstream change 1.115 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c

https://bugzilla.mindrot.org/show_bug.cgi?id=2515#c6 Comment 6 is the upstream bug report (ignore the rest of the bug about new diffie-hellman algorithms)

See original description
Tags: patch
Revision history for this message
Matt Johnston (matt-ucc) wrote :
Matt Johnston (matt-ucc)
description: updated
Colin Watson (cjwatson)
Changed in openssh (Ubuntu):
status: New → Fix Committed
assignee: nobody → Colin Watson (cjwatson)
importance: Undecided → High
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "From http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.114&r2=1.115" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:7.1p1-4

---------------
openssh (1:7.1p1-4) unstable; urgency=medium

  * Backport upstream patch to unbreak connections with peers that set
    first_kex_follows (LP: #1526357).

 -- Colin Watson <email address hidden> Tue, 15 Dec 2015 15:40:18 +0000

Changed in openssh (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.