When I compile dbclient without ECDSA support I get underneath error. However same source compiled with ECDSA the same connection works.
part of the debug output, added some extra output in kexdh_init and kexdh_reply to see what values where given Seems that something goes wrong in buf_rsa_verify. Compiled with #define DROPBEAR_ECDSA 0 TRACE (32763) 0.008984: send_msg_kexdh_init() init : 0 init = normal_DH TRACE (32763) 0.009065: enter gen_kexdh_vals TRACE (32763) 0.208185: leave cli_sessionloop: done with KEXINIT_RCVD TRACE (32763) 0.208220: enter set_connect_fds TRACE (32763) 0.208305: process_packet: packet type = 31, len 567 TRACE (32763) 0.208368: got expected packet 31 during kexinit TRACE (32763) 0.208421: enter recv_msg_kexdh_reply TRACE (32763) 0.208453: type is 0 TRACE (32763) 0.208776: checkpubkey: base64_decode success TRACE (32763) 0.208847: good matching key TRACE (32763) 0.208886: enter buf_get_rsa_pub_key TRACE (32763) 0.209013: leave buf_get_rsa_pub_key: success reply = NORMAL_DH TRACE (32763) 0.406192: enter buf_put_rsa_pub_key TRACE (32763) 0.406592: leave buf_put_rsa_pub_key TRACE (32763) 0.408458: enter buf_verify TRACE (32763) 0.408546: enter buf_rsa_verify TRACE (32763) 0.409296: leave buf_rsa_verify: ret -1 TRACE (32763) 0.409367: enter session_cleanup TRACE (32763) 0.409392: enter chancleanup TRACE (32763) 0.409426: leave chancleanup TRACE (32763) 0.409477: enter cli_tty_cleanup TRACE (32763) 0.409538: leave cli_tty_cleanup: not in raw mode TRACE (32763) 0.409621: empty queue dequeing TRACE (32763) 0.409822: leave session_cleanup dbclient: Connection to [email protected]:22 exited: Bad hostkey signature Compiled with #define DROPBEAR_ECDSA 1 TRACE (651) 0.009374: send_msg_kexdh_init() init : 0 init = normal_DH TRACE (651) 0.009419: enter gen_kexdh_vals TRACE (651) 0.204902: leave cli_sessionloop: done with KEXINIT_RCVD TRACE (651) 0.204943: enter set_connect_fds TRACE (651) 0.205012: maybe_empty_reply_queue - no data allowed TRACE (651) 0.205078: enter handle_connect_fds TRACE (651) 0.205103: leave handle_connect_fds - end iter TRACE (651) 0.205274: empty queue dequeing TRACE (651) 0.205309: leave cli_sessionloop: kex_state != KEX_NOTHING TRACE (651) 0.205356: enter set_connect_fds TRACE (651) 0.267174: process_packet: packet type = 31, len 567 TRACE (651) 0.267236: got expected packet 31 during kexinit TRACE (651) 0.267277: enter recv_msg_kexdh_reply TRACE (651) 0.267355: type is 0 TRACE (651) 0.267643: checkpubkey: base64_decode success TRACE (651) 0.267685: good matching key TRACE (651) 0.267722: enter buf_get_rsa_pub_key TRACE (651) 0.267820: leave buf_get_rsa_pub_key: success reply = NORMAL_DH TRACE (651) 0.462904: enter buf_put_rsa_pub_key TRACE (651) 0.463227: leave buf_put_rsa_pub_key TRACE (651) 0.465734: enter buf_verify TRACE (651) 0.465765: enter buf_rsa_verify TRACE (651) 0.466463: success! TRACE (651) 0.466526: leave buf_rsa_verify: ret 0 TRACE (651) 0.466593: enter send_msg_newkeys TRACE (651) 0.466709: enter gen_new_keys TRACE (651) 0.467408: leave gen_new_keys TRACE (651) 0.467438: switch_keys trans TRACE (651) 0.467701: leave send_msg_newkeys .. .. dbclient: Connection to [email protected]:22 exited: No auth methods could be used. I cannot seem to find a reason for that... anybody ? Hans
