[Twisted-Python] Twisted conch bad key signatures
p.mayers at imperial.ac.uk
Wed Dec 21 10:51:54 EST 2005
Paul Swartz wrote:
> Run OpenSSH with debugging on. I'm guessing that they're enabling a workaround for a non-compliant server.
Hmm. psftp (Putty SFTP) reports:
Server version: SSH-2.0-2.0.12 (non-commercial)
We believe remote version has SSH2 HMAC bug
We claim version: SSH-2.0-PuTTY-Release-0.54
Using SSH protocol version 2
Doing Diffie-Hellman key exchange
Host key fingerprint is:
ssh-dss 1024 51:11:e1:76:89:f8:cd:af:8c:09:42:9e:37:a8:0a:36
Initialised Blowfish client->server encryption
Initialised Blowfish server->client encryption
Using username "admin".
...but the Twisted SFTP bombs out in _continueGEX_GROUP, well before the
HMAC bug becomes an issue.
The Putty, OpenSSH and (sadly) Twisted Conch code are more or less
incomprehensible at first glance (dynamic imports, for hot rooting
action!) so I think I'll have to leave this to one side.
More information about the Twisted-Python