[Twisted-Python] Bad signature using conch ssh

Jonathan Marshall junk at themilkyway.com
Wed Feb 11 08:30:53 MST 2009


I'm receiving 'Bad signature' when trying to connect to an SSH server,  
however I'm able to connect OK using OpenSSH. I'm hoping that somebody  
here can help me get to the bottom of this!

Using twisted:
$ python -m twisted.conch.scripts.conch -v xxx
[-] Log opened.
[-] Starting factory <twisted.conch.client.unix.SSHUnixClientFactory  
instance at 0x707a30>
[-] Stopping factory <twisted.conch.client.unix.SSHUnixClientFactory  
instance at 0x707a30>
[-] Starting factory <twisted.conch.client.direct.SSHClientFactory  
instance at 0x707a58>
[SSHClientTransport,client] kex alg, key alg: diffie-hellman-group- 
exchange-sha1 ssh-rsa
[SSHClientTransport,client] outgoing: aes256-cbc hmac-sha1 none
[SSHClientTransport,client] incoming: aes256-cbc hmac-sha1 none
[SSHClientTransport,client] Disconnecting with error, code 3
	reason: bad signature
[SSHClientTransport,client] connection lost
[SSHClientTransport,client] Stopping factory  
<twisted.conch.client.direct.SSHClientFactory instance at 0x707a58>
[-] Main loop terminated.
Connection to xxx closed.
conch: exiting with error [Failure instance: Traceback (failure with  
no frames): <class 'twisted.conch.error.ConchError'>: ('bad  
signature', 3)



Using ssh (some lines removed for brevity):
$ ssh -vvv xxx
OpenSSH_5.1p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Remote protocol version 2.0, remote software version 0.0
debug1: no match: 0.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie- 
hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman- 
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- 
cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se 
,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac- 
ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman- 
group-exchange-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,aes128-cbc,twofish- 
cbc,blowfish-cbc,3des-cbc,arcfour
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: zlib,none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 132/256
debug2: bits set: 515/1025
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /Users/jon/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 13
debug1: Host 'xxx' is known and matches the RSA host key.
debug1: Found key in /Users/jon/.ssh/known_hosts:13
debug2: bits set: 521/1025
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/jon/.ssh/id_rsa (0x107ec0)
debug2: key: /Users/jon/.ssh/identity (0x0)
debug2: key: /Users/jon/.ssh/id_dsa (0x0)
debug3: input_userauth_banner






More information about the Twisted-Python mailing list