[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Can't connect with some clients
- Subject: Re: Can't connect with some clients
- From: Jakub Jelen <jjelen@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 13 Jan 2021 17:27:25 +0100
- To: libssh@xxxxxxxxxx
On 1/13/21 5:13 PM, Emiliano Gonzalez wrote:
Solved!!!I'm using mbedcrypto and do not have ChaCha20-Poly1305. Disabling this cypher works ok. But it is allowed to enable in this situation ChaCha20 and cipher->max_blocks = ((uint64_t)1 << 30) / cipher->blocksize crash with division by zero.Shouldn't this situation be controlled? It is not an error?
There were couple of bugs in chacha20-poly1350 implementation that should be fixed with the following PR:
https://gitlab.com/libssh/libssh-mirror/-/merge_requests/150 Can you check that the PR solves the for you? Jakub
El mié, 13 de ene. de 2021 a la(s) 07:58, Jakub Jelen (jjelen@xxxxxxxxxx <mailto:jjelen@xxxxxxxxxx>) escribió:On 1/12/21 4:09 PM, Emiliano Gonzalez wrote: > I have a ssh server. > > When I connect with the client on Fedora 32 ssh there are no problems. > > With PuTTY: Release 0.74 I can't connect with error: Couldn't agree a > host key algorithm (available: rsa-sha2-512, rsa-sha2-256) That sounds like an issue of PuTTY, that it can not use the RSA SHA2 hostkey algorithms from RFC8332. As a workaround, you can configure your server with different hostkeys (ed25519) so incompatible clients can connect too. > From Centos 7 ssh server crash. In packet.c (line 1862): > > |/* For smaller blocks use limit of 1 GB as recommended in RFC4253 */ > cipher->max_blocks = ((uint64_t)1 << 30) / cipher->blocksize; | > > cipher->blocksize is 0; What cipher is used for this connection? There is no cipher that would have blocksize == 0. Can you get a debug log? Regards,-- Jakub JelenSenior Software Engineer Crypto Team, Security Engineering Red Hat, Inc.
-- Jakub Jelen Senior Software Engineer Crypto Team, Security Engineering Red Hat, Inc.