From owner-freebsd-bugs Sun Mar 11 22:20:16 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 5AF3137B718 for ; Sun, 11 Mar 2001 22:20:04 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f2C6K4D46477; Sun, 11 Mar 2001 22:20:04 -0800 (PST) (envelope-from gnats) Date: Sun, 11 Mar 2001 22:20:04 -0800 (PST) Message-Id: <200103120620.f2C6K4D46477@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: David Xu Subject: Re: bin/25723: OpenSSH on 4.2 excessively regenerates RSA host key Reply-To: David Xu Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR bin/25723; it has been noted by GNATS. From: David Xu To: seraf@2600.com Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: bin/25723: OpenSSH on 4.2 excessively regenerates RSA host key Date: Mon, 12 Mar 2001 14:21:35 +0800 Hello seraf, Monday, March 12, 2001, 2:07:31 PM, you wrote: >>Number: 25723 >>Category: bin >>Synopsis: OpenSSH on 4.2 excessively regenerates RSA host key >>Confidential: no >>Severity: non-critical >>Priority: medium >>Responsible: freebsd-bugs >>State: open >>Quarter: >>Keywords: >>Date-Required: >>Class: sw-bug >>Submitter-Id: current-users >>Arrival-Date: Sun Mar 11 22:10:01 PST 2001 >>Closed-Date: >>Last-Modified: >>Originator: Dominick LaTrappe >>Release: 4.2-20010212-STABLE >>Organization: >>Environment: s2c> FreeBSD pocks.tdl-m.sambuca 4.2-20010212-STABLE FreeBSD 4.2-20010212-STABLE #4: Wed Feb 13 08:09:25 UTC 2001 sysbuild@protopocks.tdl.dev.sambuca :/usr/src/sys/compile/POCKS_M i386 >>Description: s2c> When an SSH-2 session is started with FreeBSD 4.2's sshd in "Protocol 1,2" mode (i.e., accepting both SSH-1 and SSH-2 protocols), sshd maintains an RSA host key for use with SSH-1. The life of s2c> this key, ONCE IT HAS BEEN USED, is controlled by "KeyRegenerationInterval". However, when an SSH-2 connection is established, which does not utilize said key, said key is considered "used" s2c> anyway, increasing the number of key regenerations unnecessarily. >>How-To-Repeat: s2c> /etc/ssh/sshd_config contains "Protocols 1,2" and "KeyRegenerationInterval 1" (to make the bug dramatic ;-). Enter: "ssh -2 somebody@localhost" and then examine your sshd logs. You will see that s2c> each time an SSH-2 connection is formed, the SSH-1 RSA host key regenerates unnecessarily. >>Fix: I think this is a feature of SSH-2 to avoid key guess attack. -- David Xu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message