Public bug reported: OpenSSH 6.8 to 7.1 has a regression that breaks connections from clients that use SSH first_kex_follows feature. This affects connections from the Dropbear SSH client (dbclient), they fail with "bad hostkey signature" or similar. It may affect ssh.com clients too.
This has been fixed in upstream in the attached patch, it would be worthwhile including in Xenial if it's going to ship with the current OpenSSH 7.1. Upstream change 1.115 http://cvsweb.openbsd.org/cgi- bin/cvsweb/src/usr.bin/ssh/kex.c https://bugzilla.mindrot.org/show_bug.cgi?id=2515#c6 Comment 6 is the upstream bug report (ignore the rest of the bug about new diffie-hellman algorithms) ** Affects: openssh (Ubuntu) Importance: Undecided Status: New ** Patch added: "From http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.114&r2=1.115"; https://bugs.launchpad.net/bugs/1526357/+attachment/4535113/+files/kex.c-firstfollows.diff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1526357 Title: Fix broken handling of first_kex_follows clients To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1526357/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
