Subject: Re: Unable to exchange encryption keys

Re: Unable to exchange encryption keys

From: Peter Stuge <peter_at_stuge.se>
Date: Sat, 7 Jan 2012 06:13:23 +0100

Dave Hayden wrote:
> We're using libssh2 in an iOS SSH app and it's been working
> great--I rarely find myself diving into libssh2 to sort out
> problems and even more rarely find anything wrong inside libssh2.
> (I've got a couple of small bugs I've been meaning to file for
> ages.. Sorry about that, I'll get to it soon!) One odd one popped
> up yesterday, and it's easy to reproduce: libssh2 can't get past
> key exchange with the (public) server dante.u.washington.edu.

I'm analyzing this now.. It's strange. One datum I've found is that
if the client sends it's identification string too quickly after the
TCP connection has been opened, the server will never send anything
back.

I have also seen stop after KEX. Network tracing in addition
disagrees with library tracing. I'm still looking.

> Should I file that in the bug tracker, or would y'all rather have a
> look at it first?

A ping on the list is not a bad start, and if no solution surfaces in
a little while, two three days or so, then a ticket is a good way to
make sure that nothing gets forgotten.

> In general, would you rather have patches and bugs here or in the
> tracker?

Personally I prefer patches on the mailing list or even better in a
git repository that can be pulled from.

> Also, our top feature request for the app is authentication
> forwarding. If any of the libssh2 devs knows how that works and
> wants a consulting gig, please send me an email!

Hm, clarify what you need exactly? I guess you want SSH agent
forwarding? Do you know if there already exists an SSH agent for iOS?

On Linux, Windows and Mac OS X the agent runs as a separate process
in the background..

Are you using libssh2 with public key authentication, or always only
password?

//Peter
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2012-01-07