[Twisted-Python] Twisted conch bad key signatures

Phil Mayers p.mayers at imperial.ac.uk
Wed Dec 21 10:51:54 EST 2005

Paul Swartz wrote:
> Run OpenSSH with debugging on.  I'm guessing that they're enabling a workaround for a non-compliant server.
> -p

Hmm. psftp (Putty SFTP) reports:

Server version: SSH-2.0-2.0.12 (non-commercial)
We believe remote version has SSH2 HMAC bug
We claim version: SSH-2.0-PuTTY-Release-0.54
Using SSH protocol version 2
Doing Diffie-Hellman key exchange
Host key fingerprint is:
ssh-dss 1024 51:11:e1:76:89:f8:cd:af:8c:09:42:9e:37:a8:0a:36
Initialised Blowfish client->server encryption
Initialised Blowfish server->client encryption
Using username "admin".

...but the Twisted SFTP bombs out in _continueGEX_GROUP, well before the 
HMAC bug becomes an issue.

The Putty, OpenSSH and (sadly) Twisted Conch code are more or less 
incomprehensible at first glance (dynamic imports, for hot rooting 
action!) so I think I'll have to leave this to one side.

More information about the Twisted-Python mailing list