Bad hostkey signature when compiling without ECDSA

Hans Harder hans at atbas.org
Wed Aug 10 23:59:55 AWST 2016


When I compile dbclient without ECDSA support I get underneath error.
However same source compiled with ECDSA the same connection works.




part of the debug output, added some extra output in kexdh_init and
kexdh_reply
to see what values where given
Seems that something goes wrong in buf_rsa_verify.

Compiled with  #define DROPBEAR_ECDSA 0


TRACE  (32763) 0.008984: send_msg_kexdh_init()
init : 0
init = normal_DH
TRACE  (32763) 0.009065: enter gen_kexdh_vals
TRACE  (32763) 0.208185: leave cli_sessionloop: done with KEXINIT_RCVD
TRACE  (32763) 0.208220: enter set_connect_fds
TRACE  (32763) 0.208305: process_packet: packet type = 31,  len 567
TRACE  (32763) 0.208368: got expected packet 31 during kexinit
TRACE  (32763) 0.208421: enter recv_msg_kexdh_reply
TRACE  (32763) 0.208453: type is 0
TRACE  (32763) 0.208776: checkpubkey: base64_decode success
TRACE  (32763) 0.208847: good matching key
TRACE  (32763) 0.208886: enter buf_get_rsa_pub_key
TRACE  (32763) 0.209013: leave buf_get_rsa_pub_key: success
reply = NORMAL_DH
TRACE  (32763) 0.406192: enter buf_put_rsa_pub_key
TRACE  (32763) 0.406592: leave buf_put_rsa_pub_key
TRACE  (32763) 0.408458: enter buf_verify
TRACE  (32763) 0.408546: enter buf_rsa_verify
TRACE  (32763) 0.409296: leave buf_rsa_verify: ret -1
TRACE  (32763) 0.409367: enter session_cleanup
TRACE  (32763) 0.409392: enter chancleanup
TRACE  (32763) 0.409426: leave chancleanup
TRACE  (32763) 0.409477: enter cli_tty_cleanup
TRACE  (32763) 0.409538: leave cli_tty_cleanup: not in raw mode
TRACE  (32763) 0.409621: empty queue dequeing
TRACE  (32763) 0.409822: leave session_cleanup

dbclient: Connection to test at 192.168.1.51:22 exited: Bad hostkey signature


Compiled with  #define DROPBEAR_ECDSA 1

TRACE  (651) 0.009374: send_msg_kexdh_init()
init : 0
init = normal_DH
TRACE  (651) 0.009419: enter gen_kexdh_vals
TRACE  (651) 0.204902: leave cli_sessionloop: done with KEXINIT_RCVD
TRACE  (651) 0.204943: enter set_connect_fds
TRACE  (651) 0.205012: maybe_empty_reply_queue - no data allowed
TRACE  (651) 0.205078: enter handle_connect_fds
TRACE  (651) 0.205103: leave handle_connect_fds - end iter
TRACE  (651) 0.205274: empty queue dequeing
TRACE  (651) 0.205309: leave cli_sessionloop: kex_state != KEX_NOTHING
TRACE  (651) 0.205356: enter set_connect_fds
TRACE  (651) 0.267174: process_packet: packet type = 31,  len 567
TRACE  (651) 0.267236: got expected packet 31 during kexinit
TRACE  (651) 0.267277: enter recv_msg_kexdh_reply
TRACE  (651) 0.267355: type is 0
TRACE  (651) 0.267643: checkpubkey: base64_decode success
TRACE  (651) 0.267685: good matching key
TRACE  (651) 0.267722: enter buf_get_rsa_pub_key
TRACE  (651) 0.267820: leave buf_get_rsa_pub_key: success
reply = NORMAL_DH
TRACE  (651) 0.462904: enter buf_put_rsa_pub_key
TRACE  (651) 0.463227: leave buf_put_rsa_pub_key
TRACE  (651) 0.465734: enter buf_verify
TRACE  (651) 0.465765: enter buf_rsa_verify
TRACE  (651) 0.466463: success!
TRACE  (651) 0.466526: leave buf_rsa_verify: ret 0
TRACE  (651) 0.466593: enter send_msg_newkeys
TRACE  (651) 0.466709: enter gen_new_keys
TRACE  (651) 0.467408: leave gen_new_keys
TRACE  (651) 0.467438: switch_keys trans
TRACE  (651) 0.467701: leave send_msg_newkeys
..
..
dbclient: Connection to test at 192.168.1.51:22 exited: No auth methods could
be used.


I cannot seem to find a reason for that...   anybody ?

Hans
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20160810/093a156a/attachment.htm 


More information about the Dropbear mailing list