Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 11 Mar 2001 22:20:04 -0800 (PST)
From:      David Xu <bsddiy@21cn.com>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: bin/25723: OpenSSH on 4.2 excessively regenerates RSA host key
Message-ID:  <200103120620.f2C6K4D46477@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR bin/25723; it has been noted by GNATS.

From: David Xu <bsddiy@21cn.com>
To: seraf@2600.com
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: bin/25723: OpenSSH on 4.2 excessively regenerates RSA host key
Date: Mon, 12 Mar 2001 14:21:35 +0800

 Hello seraf,
 
 Monday, March 12, 2001, 2:07:31 PM, you wrote:
 
 
 >>Number:         25723
 >>Category:       bin
 >>Synopsis:       OpenSSH on 4.2 excessively regenerates RSA host key
 >>Confidential:   no
 >>Severity:       non-critical
 >>Priority:       medium
 >>Responsible:    freebsd-bugs
 >>State:          open
 >>Quarter:        
 >>Keywords:       
 >>Date-Required:
 >>Class:          sw-bug
 >>Submitter-Id:   current-users
 >>Arrival-Date:   Sun Mar 11 22:10:01 PST 2001
 >>Closed-Date:
 >>Last-Modified:
 >>Originator:     Dominick LaTrappe
 >>Release:        4.2-20010212-STABLE
 >>Organization:
 >>Environment:
 s2c> FreeBSD pocks.tdl-m.sambuca 4.2-20010212-STABLE FreeBSD 4.2-20010212-STABLE #4: Wed Feb 13 08:09:25 UTC 2001     sysbuild@protopocks.tdl.dev.sambuca :/usr/src/sys/compile/POCKS_M  i386
 >>Description:
 s2c> When an SSH-2 session is started with FreeBSD 4.2's sshd in "Protocol 1,2" mode (i.e., accepting both SSH-1 and SSH-2 protocols), sshd maintains an RSA host key for use with SSH-1. The life of
 s2c> this key, ONCE IT HAS BEEN USED, is controlled by "KeyRegenerationInterval". However, when an SSH-2 connection is established, which does not utilize said key, said key is considered "used"
 s2c> anyway, increasing the number of key regenerations unnecessarily.
 >>How-To-Repeat:
 s2c> /etc/ssh/sshd_config contains "Protocols 1,2" and "KeyRegenerationInterval 1" (to make the bug dramatic ;-). Enter: "ssh -2 somebody@localhost" and then examine your sshd logs. You will see that
 s2c> each time an SSH-2 connection is formed, the SSH-1 RSA host key regenerates unnecessarily.
 >>Fix:
 
 I think this is a feature of SSH-2 to avoid key guess attack.
 
 -- 
 David Xu
 
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103120620.f2C6K4D46477>