Public bug reported: OpenSSH shipped in Ubuntu supports GSSAPI key exchange defined in RFC 4462 (the support is patched in, upstream OpenSSH does not have it).
The RFC specifies a "null" host key algorithm [1] to be used when the host does not wish or cannot use a public key. When attempting to use this "algorithm" in Ubuntu, the key exchange fails. Most of the key exchange succeeds (both parties send the NEWKEYS packet), but when the server sends the EXT_INFO packet, the client fails to decrypt it, reporting invalid packet length. Attached is a reproducer bash script derived from debian tests [2]. To reproduce, delete all host keys from /etc/ssh/ to make sure they are not used in key exchange, and run the reproducer as a superuser. [1] https://datatracker.ietf.org/doc/html/rfc4462#section-5 [2] https://salsa.debian.org/ssh-team/openssh/-/blob/master/debian/tests/ssh-gssapi ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: openssh-server 1:9.6p1-3ubuntu13.14 ProcVersionSignature: Ubuntu 6.14.0-37.37~24.04.1-generic 6.14.11 Uname: Linux 6.14.0-37-generic x86_64 ApportVersion: 2.28.1-0ubuntu3.8 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Wed Dec 10 10:49:56 2025 InstallationDate: Installed on 2025-12-10 (0 days ago) InstallationMedia: Ubuntu 24.04.3 LTS "Noble Numbat" - Release amd64 (20250805.1) ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: openssh (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug noble wayland-session ** Attachment added: "Reproducer" https://bugs.launchpad.net/bugs/2134527/+attachment/5932376/+files/ssh-gssapi-keyex-null-hostkey.sh -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2134527 Title: GSSAPI key exchange does not work with "null" hostkey To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2134527/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
