On Fri, May 13, 2011 at 10:27:51AM -0700, Sam Gandhi wrote: > > What does a tcpdump or wireshark capture look like? After > > the first few packets there should be nothing intelligible > > in the byte stream (it's all encrypted). > > > I have attached wireshark capture -- at least -- I cant see anything > wrong that dropbear server is doing, I am running ssh (OpenSSH_5.8p1 > Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010 ) client.
That stream is full of debug output from the server, it's not encrypted. What software is printing the following? Key info version 1, encode_type 1 data length 568 Read 576 bytes for key rsa uudecoded 568 bytes got 426 bytes Key info version 1, encode_type 1 data length 612 Read 624 bytes for key dss uudecoded 612 bytes got 457 bytes Cheers, Matt