Erlang R13B01 ssh-1.1.3 cipher key matching bug and documentation errors

Kenji Rikitake kenji.rikitake@REDACTED
Sun Jul 12 04:56:46 CEST 2009 

Here's a list of bugs/documentation errors of ssh-1.1.3 for R13B01 which
I experienced yesterday.

* [bug] ssh:shell/3 and ssh:connect/3 do not crash immediately even if
  they fail to negotiate the cipher to use, and hang forever

  How to reproduce:
  set NOT to accept 3des-cbc as a cipher on the server
  (in OpenSSH, set Ciphers directive at sshd_config, *excluding* 3des-cbc)

  Possible reason: failure of finding a matching cipher does not throw
  an exception immediately (I haven't tested yet).

  FYI: on Portable OpenSSH 5.1 for FreeBSD slogin client, it will turn
  out to be something like the following:

-- quote --
debug1: match: OpenSSH_5.1p1 FreeBSD-20080901 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 FreeBSD-20080901
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
no matching cipher found: client 3des-cbc server aes128-ctr,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc
-- unquote --

* [documentation error] ssh manual should include that the current ssh
  module only supports the following crypto parameters of SSH Version 2
  protocol: (my opinion follows later in this message)

  cipher: 3des-cbc only
  MACs: hmac-sha1 only

* [documentation error] ssh manual should include that only an
  *unencrypted* private key is supported for ssh_rsa public key
  authentication.

  The manual should also note that private keys for public key
  authentication used for interactive logins are mostly encrypted so
  cannot be used for the time being.

* [documentation error] ssh:connect/1 and ssh:connect/2 no longer exist,
  but still documented. Description for those old functions should be
  eliminated, and requirement to use ssh:connect/3 instead should be
  described.

* [my opinion] I personally think only supporting 3des-cbc is *archaic*
  and insufficient; implementing at least stronger ciphers such as
  aes128-cbc and aes256-cbc, or even blowfish-cbc, should be considered
  ASAP, regarding the strength of the ciphers.

Regards,
Kenji Rikitake

More information about the erlang-questions mailing list