On Sun, Jun 5, 2016 at 7:40 AM, Alex Greif <[email protected]> wrote:
[...]
> hash mismatch
> debug1: ssh_rsa_verify: signature incorrect
> key_verify failed for server_host_key
Thanks for the report. We believe we've identified the problem and
backed out the offending commit in usr.bin/ssh/kexgexs.c rev 1.29.
The original change was this one to kexgexs.c:
revision 1.28
date: 2016/06/01 04:19:49; author: dtucker; state: Exp; lines: +9
-9; commitid: H7nQMlahTocwHINf;
Check min and max sizes sent by the client against what we support before
passing them to the monitor. ok djm@
It caused the problem because it modified the value that had already
been sent to the client so it computed the exchange hash it didn't
match what the server computed.
It didn't cause more problems (or fail the regression tests, which I
ran, honest!) because any client that send a min group size >-
DH_GRP_MIN (2048 since OpenBSD 5.9) thus didn't cause the min value to
be modified, and any client that preferred another key exchange method
(most recent versions of OpenSSH) never triggered the problem.
Sorry for the inconvenience.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
