Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dropbear (2024.86 - 22 October 2024) can't connect to an SSH-2.0-CerberusFTPServer_9.0 server -- "Bad hostkey signature" #329

Open
JohnHughesAtlantech opened this issue Nov 11, 2024 · 4 comments
Open

dropbear (2024.86 - 22 October 2024) can't connect to an SSH-2.0-CerberusFTPServer_9.0 server -- "Bad hostkey signature" #329

JohnHughesAtlantech opened this issue Nov 11, 2024 · 4 comments

Comments

@JohnHughesAtlantech
Copy link

When I try connecting with an empty known hosts file the RSA key is accepted, but then the connection is immediately cut with a bad hostkey signature.

Connections with OpenSSH 9.9 work ok (with HostKeyAlgorithms +ssh-rsa).

The RSA public key received by OpenSSH and dropbear are the same:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzU2lGKpdz59OB7UuWP0Vo3VzrOzyZANK2LXNuL7TiqW81HcJxbImzcDvpEVqHQ/a3Ok+7dRnYZ8iwFzJjy5noydMJ1F+dIRWTtumh2gFJ2T5Avv2OQoc+cNwRg0e1XOvRIGf5wZXcdrzZGysl9EaiKJC2yp4d6wdRfE3IW/ITP2QUMZsl+cTRzjMFQskhNonIRavURoxnYai0BkjqJTavf8rj+DBvpkzFvAaQfXEYRGbxGQprp416I1dYd7jE6fxE13Pasyx7MuskmmpK0nTRnpkYYQYuPhhrwPhZLFNj9ln2i1qBOMHptVF3ghPD/pXgnTboAs/olX3/e9eTohUd

Here's the end of the trace info:

TRACE4 (10455) 0.073984: process_packet: packet type = 31, len 701
TRACE4 (10455) 0.073992: got expected packet 31 during kexinit
TRACE4 (10455) 0.074003: enter recv_msg_kexdh_reply
TRACE4 (10455) 0.074010: keytype is 0
TRACE4 (10455) 0.078853: checkpubkey: base64_decode success
TRACE1 (10455) 0.078901: server match SHA256:i0kZ44976ponB8KhSoZp5A0Y38ginfUJ8fLlSdSw/00
TRACE4 (10455) 0.080019: enter buf_get_rsa_pub_key
TRACE4 (10455) 0.080108: leave buf_get_rsa_pub_key: success
TRACE4 (10455) 0.080125: enter buf_get_ecc_raw_pubkey
TRACE4 (10455) 0.087662: enter buf_put_rsa_pub_key
TRACE4 (10455) 0.087710: leave buf_put_rsa_pub_key
TRACE4 (10455) 0.087796: enter buf_verify
TRACE4 (10455) 0.087830: enter buf_rsa_verify
TRACE4 (10455) 0.087994: leave buf_rsa_verify: ret -1
TRACE4 (10455) 0.088025: Exited, cleaning up: Bad hostkey signature
TRACE4 (10455) 0.088034: enter session_cleanup
TRACE4 (10455) 0.088041: enter chancleanup
TRACE4 (10455) 0.088048: leave chancleanup
TRACE4 (10455) 0.088059: enter cli_tty_cleanup
TRACE4 (10455) 0.088066: leave cli_tty_cleanup: not in raw mode
TRACE4 (10455) 0.088075: leave session_cleanup

./dbclient: Connection to john@xxx:22 exited: Bad hostkey signature

What more information could I usefully provide?
@mkj
Copy link
Owner

mkj commented Nov 11, 2024 via email

@JohnHughesAtlantech
Copy link
Author

Here's the dbclient trace-4 output:
trace-4.txt

@JohnHughesAtlantech
Copy link
Author

JohnHughesAtlantech commented Nov 13, 2024
edited
Loading

Heres a pcap capture of the session (uuencoded for old school vibes)
zz-cerberus.txt

@mkj
Copy link
Owner

mkj commented Nov 13, 2024

It looks like CerberusFTP doesn't support Dropbear setting first_kex_packet_follows. If you can build Dropbear, try setting in localoptions.h in the build dir:

#define DROPBEAR_KEX_FIRST_FOLLOWS 0

In the pcap summary below:
4 Dropbear client sends a kexdh_init, with a "first follows" guess of a curve25519 KEX. (wireshark decodes it wrong, but can tell it's curve25519 from the algo list, and from the packet length). Since negotiated algorithms don't match, the server should discard that kexdh_init and wait for a subsequent one
7 Cerberus server sends a kexdh_reply. That shouldn't happen since the real kexdh_init (9) hasn't been sent yet.

    1   0.000000 213.32.71.159 → 80.76.70.70  TCP 74 49612 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=709837321 TSecr=0 WS=128
    2   0.019958  80.76.70.70 → 213.32.71.159 TCP 66 22 → 49612 [SYN, ACK] Seq=0 Ack=1 Win=8190 Len=0 MSS=1436 WS=256 SACK_PERM=1
    3   0.020004 213.32.71.159 → 80.76.70.70  TCP 54 49612 → 22 [ACK] Seq=1 Ack=1 Win=64256 Len=0
    4   0.021870 213.32.71.159 → 80.76.70.70  SSH 784 Client: Protocol (SSH-2.0-dropbear_2024.86), Key Exchange Init, Diffie-Hellman Key Exchange Init
    5   0.041471  80.76.70.70 → 213.32.71.159 SSHv2 85 Server: Protocol (SSH-2.0-CerberusFTPServer_9.0)
    6   0.041509 213.32.71.159 → 80.76.70.70  TCP 54 49612 → 22 [ACK] Seq=731 Ack=32 Win=64256 Len=0
    7   0.062055  80.76.70.70 → 213.32.71.159 SSHv2 1486 Server: Key Exchange Init, Elliptic Curve Diffie-Hellman Key Exchange Reply, New Keys
    8   0.062090 213.32.71.159 → 80.76.70.70  TCP 54 49612 → 22 [ACK] Seq=731 Ack=1464 Win=64128 Len=0
    9   0.081188 213.32.71.159 → 80.76.70.70  SSHv2 206 Client: Elliptic Curve Diffie-Hellman Key Exchange Init
   10   0.104994  80.76.70.70 → 213.32.71.159 SSHv2 794 Server: Encrypted packet (len=740)
   11   0.148070 213.32.71.159 → 80.76.70.70  TCP 54 49612 → 22 [ACK] Seq=883 Ack=2204 Win=63616 Len=0
   12   0.169018  80.76.70.70 → 213.32.71.159 SSHv2 90 Server: Encrypted packet (len=36)
   13   0.169054 213.32.71.159 → 80.76.70.70  TCP 54 49612 → 22 [ACK] Seq=883 Ack=2240 Win=63616 Len=0
   14   5.062231 213.32.71.159 → 80.76.70.70  TCP 54 49612 → 22 [RST, ACK] Seq=883 Ack=2240 Win=64128 Len=0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mkj @JohnHughesAtlantech