I used libssh to develop a Git SSH server that provides Git Over SSH support for users. Some people use Git clients to use Putty to access remote SSH servers. When I upgraded our server-dependent libssh to 0.9.1, these users couldn't connect to our SSH server no matter what form of ssh public key they used.
Our server will load the following SSH keys in order:
"HostKeys": [ "/etc/ssh/ssh_host_rsa_key", "/etc/ssh/ssh_host_dsa_key", "/etc/ssh/ssh_host_ecdsa_key", "/etc/ssh/ssh_host_ed25519_key" ]
Usually during the KEX phase, the SSH Server will report an error with the error:
ssh_handle_key_exchange error: Could not sign the session id
By modifying libssh to track errors, the final output is:
digital envelope routines:update:only oneshot supported
This error is returned by EVP_DigestSignUpdate and the corresponding code is: https://gitlab.com/libssh/libssh-mirror/blob/master/src/pki_crypto.c#L2183
Looking up host "localhost" for SSH connection Connecting to 127.0.0.1 port 22 We claim version: SSH-2.0-PuTTY_Release_0.73 Remote version: SSH-2.0-Basalt-1.3.0 Using SSH protocol version 2 Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (unaccelerated) Remote side sent disconnect message type 11 (by application): "Bye Bye" FATAL ERROR: Remote side sent disconnect message
When I delete the ssh_host_ed25519_key in the configuration file, putty can correctly establish a connection with the SSH server.
Libssh 0.8.7/0.9.0 has no such errors.
Regardless of whether the SSH server uses the ED25519 host key, OpenSSH can be accessed normally. Once the SSH server uses the ED25519 host key, Putty cannot negotiate with the server regardless of which type of key is used. Delete ed25519 and everything works fine.
Basalt sshd 1.3.0 (Branch: master) (**commit ish**) (Nov 4 2019) ResolveDNS: Disable Libcurl: libcurl/7.66.0 OpenSSL/1.1.1d zlib/1.2.11 nghttp2/1.39.2 Libssh: 0.9.1/openssl/zlib. Link Mode: dynamic Compiler: GNU 9.2.1 C++17 Mode