Is the Key Config correct for Ver. openssh 6.7p1?

[ghost]

Aligo 你好， 当我从ofc-ssh 6.1p升级到6.7p之后，发现建立连接时有错误提示，无法完成服务端handshake。 Client‘s Logs： 13:13:15.188 Connection established. 13:13:15.561 Server version: SSH-2.0-OpenSSH_6.7 13:13:15.591 First key exchange started. 13:13:16.006 Received a new host key from the server. Algorithm: RSA, size: 2048 bits, MD5 fingerprint: b2:d6:4f:8c:73:fd:90:1b:c7:6a:18:64:9b:54:33:c0, Bubble-Babble: xitac-mokoc-gasek-zukod-besif-gopov-cutyk-tozak-kibak-dysul-caxex. 13:13:16.208 The SSH2 session has terminated with error. Reason: Error class: LocalSshDisconn, code: HostKeyNotVerifiable, message: FlowSshKexDhClient: verification of server's signature failed.

Logs in Server for security: Mar 2 13:41:49 localhost sshd_ofc[9297]: error: Received disconnect from 124.93.243.96: 9: FlowSshKexDhClient: verification of server's signature failed [preauth] Mar 2 13:44:10 localhost sshd_ofc[9362]: error: Received disconnect from 124.93.243.96: 9: FlowSshKexDhClient: verification of server's signature failed [preauth] Mar 2 13:49:42 localhost sshd_ofc[9474]: Magic value check failed (1570863034) on obfuscated handshake.

发现新版本的etc多了一组ed25519key 。 客户端在win下，用bitvise, x-wall和potty都同样出错。 但server使用之前的6.1和brl的5.2时一切正常。

[clarkwang]

I compiled 6.7 yesterday on OS X Yosemite. When I connected to a server it failed with error messages like "key_verify: incorrect signature". The brl 5.2 version works fine for me.

[hlherrera]

I'm working in Ubuntu 14.04. I have the same error when I run the ssh client to connect to my obfuscated server running in port 443:

... debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: setup [email protected] debug1: kex: server->client aes128-ctr [email protected] none debug2: mac_setup: setup [email protected] debug1: kex: client->server aes128-ctr [email protected] none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA 29:3f:b9:5f:fd:8b:fc:8c:7a:37:8d:69:5d:af:fa:81 debug3: put_host_port: [x.x.x.x]:443 debug3: load_hostkeys: loading entries for host "[x.x.x.x]:443" from file "/root/.ssh/known_hosts" debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:6 debug3: load_hostkeys: loaded 1 keys debug1: Host '[x.x.x.x]:443' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:6 key_verify: incorrect signature key_verify failed for server_host_key

[aligo]

Confirmed that, thx all of you @wszf5560 @clarkwang @hlherrera Sorry for that mistake i made, I will fix this as soon as possible, For now you guys can use version 6.1 temporary, it works works properly.

[dwgeneral]

when I type $ ssh root@example -p 12345 -Z helloword , it shows illegal option -Z . I checkout version6.1 already.

[hlherrera]

Do you have installed the correct ssh client? Maybe you have calling the default ssh client installed in your system.

[ghost]

Yes, I used the SSH client with obfuscation supported in Windows environment, and haven't tried the ssh client in the Linux, The previous version like v6.1 or v5.2 could work well in the same working environment. We could use the v6.1 temporarily :)

[zypA13510]

Is this issue still not fixed? v6.1 works just fine. but v6.7 will get the error "HostKeyNotVerifiable, message: FlowSshKexEcdhClient: verification of server's signature failed."

I know it takes a lot of effort but please fix this soon, @aligo . Thanks.

[zypA13510]

@aligo Delete 6.7 from the list of released version, please. It is unusable without correct key exchange. I installed it once again without realizing it failed the last time. 🤦‍♂️