Announce: OpenSSH 4.6 released
Damien Miller
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots and purchased
T-shirts or posters.
T-shirt, poster and CD sales directly support the project. Pictures
and more information can be found at:
http://www.openbsd.org/tshirts.html and
http://www.openbsd.org/orders.html
For international orders use http://https.openbsd.org/cgi-bin/order
and for European orders, use http://https.openbsd.org/cgi-bin/order.eu
Changes since OpenSSH 4.5:
============================
* sshd now allows the enabling and disabling of authentication
methods on a per user, group, host and network basis via the
Match directive in sshd_config.
* The following bugs have been fixed in this release:
- Clear SIGALRM when restarting due to SIGHUP. Prevents stray
signal from taking down sshd if a connection was pending at
the time SIGHUP was received
- sftp returned a zero exit status when upload failed due to write
errors (bugzilla #1252)
- fixed an inconsistent check for a terminal when displaying scp
progress meter (bugzilla #1265)
- Parsing of time values in Match blocks was incorrectly applied
to the global configuration (bugzilla #1275)
- Allow multiple forwarding options to work when specified in a
PermitOpen directive (bugzilla #1267)
- Interoperate with ssh.com versions that do not support binding
remote port forwarding sessions to a hostname (bugzilla #1019)
* Portable OpenSSH bugs fixed:
- "hang on exit" when background processes are running at the time
of exit on a ttyful/login session (bugzilla #52)
- Fix typos in the ssh-rand-helper(8) man page (bugzilla #1259)
- Check that some SIG records have been returned in getrrsetbyname
(bugzilla #1281)
- Fix contrib/findssl for platforms that lack "which" (bugzilla
#1237)
- Work around bug in OpenSSH 0.9.6e that broke aes256-ctr,
aes192-ctr, arcfour256 (bugzilla #1291)
Checksums:
==========
- SHA1 (openssh-4.6.tar.gz) = c1700845be464a769428f34ef727c1f530728afc
- SHA1 (openssh-4.6p1.tar.gz) = b2aefeb1861b4688b1777436035239ec32a47da8
Reporting Bugs:
===============
- please read http://www.openssh.com/report.html
and http://bugzilla.mindrot.org/
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Corinna Vinschen
On Mar 7 16:10, Damien Miller wrote:
> OpenSSH 4.6 has just been released. It will be available from the
> mirrors listed at http://www.openssh.com/ shortly.
>
> OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
> implementation and includes sftp client and server support.
A user on the Cygwin mailing list found a problem with 4.6p1 when
using protocol version 1. The bug report was rather short:
$ ssh -1 somemachine
Disconnecting: Corrupted check bytes on input.
I can reproduce this behaviour and when starting ssh with -vvv flags,
the above error message is printed in this context:
debug1: Found key in /home/corinna/.ssh/known_hosts:221
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug2: cipher_init: set keylen (16 -> 32)
debug2: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
Disconnecting: Corrupted check bytes on input.
The problem is that only the Cygwin 4.6p1 version seems to be affect.
I tested the following combinations, the rows are the ssh version
with which I tried to connect to the sshd versions in the columns,
always with version 1.5 protocol.
sshd: Linux 4.5 Linux 4.6 Cygwin 4.5 Cygwin 4.6
ssh:
Linux 4.5 ok ok ok corrupted
Linux 4.6 ok ok ok corrupted
Cygwin 4.5 ok ok ok corrupted
Cygwin 4.6 corrupted corrupted corrupted ok
Apparently it doesn't have anything to do with the last minute patch I
sent to this list a couple of days ago. It doesn't matter whether I use
text read/write, or text read/binary write, or binary read/write.
The effect is always the same. Since the checksums are transmitted
using sockets, and sockets are unconditionally using binary read/write
mode anyway, this was not to be expected.
So, my question is this: Is there any change in the protocol 1 code
which could explain this behaviour? Where shall I look if I try to
debug this further? I'm rather a bit stumped right now.
Thanks in advance,
Corinna
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
Darren Tucker
If you're using OpenSSL 0.9.8e you could try backing out this bit in
openbsd-compat/openssl-compat.h:
/* OpenSSL 0.9.8e returns cipher key len not context key len */
#if (OPENSSL_VERSION_NUMBER == 0x0090805fL)
# define EVP_CIPHER_CTX_key_length(c) ((c)->key_len)
#endif
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Darren Tucker
> Corinna Vinschen wrote:
[...]
> > $ ssh -1 somemachine
> > Disconnecting: Corrupted check bytes on input.
> >
> > I can reproduce this behaviour and when starting ssh with -vvv flags,
> > the above error message is printed in this context:
> >
> > debug1: Found key in /home/corinna/.ssh/known_hosts:221
> > debug1: Encryption type: 3des
> > debug1: Sent encrypted session key.
> > debug2: cipher_init: set keylen (16 -> 32)
> > debug2: cipher_init: set keylen (16 -> 32)
> > debug1: Installing crc compensation attack detector.
> > Disconnecting: Corrupted check bytes on input.
> >
> > The problem is that only the Cygwin 4.6p1 version seems to be affect.
> >
> > I tested the following combinations, the rows are the ssh version
> > with which I tried to connect to the sshd versions in the columns,
> > always with version 1.5 protocol.
> >
> > sshd: Linux 4.5 Linux 4.6 Cygwin 4.5 Cygwin 4.6
> > ssh:
> > Linux 4.5 ok ok ok corrupted
> > Linux 4.6 ok ok ok corrupted
> > Cygwin 4.5 ok ok ok corrupted
> > Cygwin 4.6 corrupted corrupted corrupted ok
>
> openbsd-compat/openssl-compat.h:
>
> /* OpenSSL 0.9.8e returns cipher key len not context key len */
> #if (OPENSSL_VERSION_NUMBER == 0x0090805fL)
> # define EVP_CIPHER_CTX_key_length(c) ((c)->key_len)
> #endif
In fact, if you're using OpenSSL 0.9.8e I suggest you apply the following
patch to it, recompile everything and see if your problem persists.
The symmetry of the problem (ie it works with itself but doesn't
interoperate) is the same as what I saw with the AES counter-mode
problems in OpenSSH bug #1291.
That workaround above only helps for the bits of OpenSSH that use
EVP_CIPHER_CTX_key_length, it doesn't help where OpenSSL itself uses it,
which may be the case here. See bugzilla #1291 for details.
Index: crypto/evp/evp_lib.c
===================================================================
RCS file: /home/dtucker/src/security/openssl/cvs/openssl-cvs/openssl/crypto/evp/evp_lib.c,v
retrieving revision 1.10.2.1
diff -u -p -r1.10.2.1 evp_lib.c
--- crypto/evp/evp_lib.c 29 Nov 2006 20:47:13 -0000 1.10.2.1
+++ crypto/evp/evp_lib.c 3 Mar 2007 23:54:00 -0000
@@ -225,7 +225,7 @@ int EVP_CIPHER_key_length(const EVP_CIPH
int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
{
- return ctx->cipher->key_len;
+ return ctx->key_len;
}
int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
Darren Tucker
> On Fri, Mar 09, 2007 at 07:25:22AM +1100, Darren Tucker wrote:
> > If you're using OpenSSL 0.9.8e you could try backing out this bit in
> > openbsd-compat/openssl-compat.h:
> >
> > /* OpenSSL 0.9.8e returns cipher key len not context key len */
> > #if (OPENSSL_VERSION_NUMBER == 0x0090805fL)
> > # define EVP_CIPHER_CTX_key_length(c) ((c)->key_len)
> > #endif
>
> In fact, if you're using OpenSSL 0.9.8e I suggest you apply the following
> patch to it, recompile everything and see if your problem persists.
I'm pretty sure this is it: Cipher 1 blowfish uses
EVP_CIPHER_CTX_key_length but doesn't include the header with the
workaround. You can also try this (untested):
Index: cipher-bf1.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh/cipher-bf1.c,v
retrieving revision 1.7
diff -u -p -r1.7 cipher-bf1.c
--- cipher-bf1.c 1 Sep 2006 05:38:36 -0000 1.7
+++ cipher-bf1.c 8 Mar 2007 22:08:54 -0000
@@ -35,6 +35,8 @@
#include "xmalloc.h"
#include "log.h"
+#include "openbsd-compat/openssl-compat.h"
+
#if OPENSSL_VERSION_NUMBER < 0x00906000L
#define SSH_OLD_EVP
#endif
Corinna Vinschen
> On Fri, Mar 09, 2007 at 07:25:22AM +1100, Darren Tucker wrote:
> [...]
> > > $ ssh -1 somemachine
> > > Disconnecting: Corrupted check bytes on input.
> In fact, if you're using OpenSSL 0.9.8e I suggest you apply the following
> patch to it, recompile everything and see if your problem persists.
>
> interoperate) is the same as what I saw with the AES counter-mode
> problems in OpenSSH bug #1291.
>
> That workaround above only helps for the bits of OpenSSH that use
> EVP_CIPHER_CTX_key_length, it doesn't help where OpenSSL itself uses it,
> which may be the case here. See bugzilla #1291 for details.
>
> Index: crypto/evp/evp_lib.c
> ===================================================================
> RCS file: /home/dtucker/src/security/openssl/cvs/openssl-cvs/openssl/crypto/evp/evp_lib.c,v
> retrieving revision 1.10.2.1
> diff -u -p -r1.10.2.1 evp_lib.c
> --- crypto/evp/evp_lib.c 29 Nov 2006 20:47:13 -0000 1.10.2.1
> +++ crypto/evp/evp_lib.c 3 Mar 2007 23:54:00 -0000
> @@ -225,7 +225,7 @@ int EVP_CIPHER_key_length(const EVP_CIPH
>
> int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
> {
> - return ctx->cipher->key_len;
> + return ctx->key_len;
> }
>
> int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
Thanks Darren, that did it! I first tried with just adding the missing
#include to cipher-bf1.c, but that didn't help. Only by applying the
above patch to openssl-0.9.8e I could connect to the Linux box using
openssh-4.5p1 with openssl-0.9.8d.
So, the bottom line is, I have to release a patched version of openssl.
Oh well.
Thanks again,
Corinna
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat