From owner-freebsd-questions@FreeBSD.ORG Fri Mar 7 01:22:32 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B1283F08 for ; Fri, 7 Mar 2014 01:22:32 +0000 (UTC) Received: from btw.pki2.com (btw.pki2.com [IPv6:2001:470:a:6fd::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 77E30800 for ; Fri, 7 Mar 2014 01:22:32 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by btw.pki2.com (8.14.8/8.14.8) with ESMTP id s271MKfL089853 for ; Thu, 6 Mar 2014 17:22:20 -0800 (PST) (envelope-from freebsd@pki2.com) Subject: OpenSSH 6.5 broken(?) From: Dennis Glatting To: freebsd-questions@freebsd.org Content-Type: text/plain; charset="ISO-8859-1" Date: Thu, 06 Mar 2014 17:22:20 -0800 Message-ID: <1394155340.8252.45.camel@btw.pki2.com> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit X-SoftwareMunitions-MailScanner-Information: Dennis Glatting X-SoftwareMunitions-MailScanner-ID: s271MKfL089853 X-SoftwareMunitions-MailScanner: Found to be clean X-MailScanner-From: freebsd@pki2.com X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2014 01:22:32 -0000 With the upgrade to 6.5 I can no longer log into Cisco devices. I traced the problem down to the code fragment below, which was a change made in late January. During the key exchange under 6.5 this is a clue: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<8192<8192) sent Compared to 6.2: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent I reverted the patch in my source and the problem goes away. I do not know if that was the correct thing to do. Index: kexgexc.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/kexgexc.c,v retrieving revision 1.15 diff -u -p -r1.15 kexgexc.c --- kexgexc.c 12 Jan 2014 08:13:13 -0000 1.15 +++ kexgexc.c 25 Jan 2014 10:04:23 -0000 @@ -55,7 +55,7 @@ kexgex_client(Kex *kex) int min, max, nbits; DH *dh; - nbits = dh_estimate(kex->we_need * 8); + nbits = dh_estimate(kex->dh_need * 8); if (datafellows & SSH_OLD_DHGEX) { /* Old GEX request */