# openssh crashes

## mentus

I am having some weird crashes while using the ssh client. Sometimes it will work,but, apparently in a random fashion, it won't, giving me different errors. Most of them are like the following:

 *Quote:*   

> 
> 
>    $ssh user@host
> 
>          hash mismatch
> ...

 

     I know for sure there ISN'T a server problem. This happens once in a while when I try to connect to any server.

   If i keep running the same 'ssh user@host' command many times, I'll get a fine connection 80% of the time, hash mismatches 15% and 

 'Floating point exception' on the rest.

    I then removed my ~/.ssh/ folder and tried again. It will naturally complain about not knowing the host's authenticity, I reply 'yes' and it shows me 

 *Quote:*   

> 
> 
>      "Warning: Permanently added 'host,ip' (RSA) to the list of known hosts".
> 
> 

 

    Then, sometimes it'll connect just fine to the server, and sometimes I get the same 'hash mismatch' error or, more rarely a 'floating point exception'.

     I had the openssh-3.6.1_p2.ebuild installed. What I tried first was recompiling it with nice CFLAGS. (-O1 -march=i586), and also tried changing my USE flags. (for this particular ebuild they're -ipv6 -static -pam +tcpd -kerberos -selinux. I tried seting USE=static, USE=-tpcd, etc). But it didn't wok. I then tried emerging an ebuild of an older openssh version: openssh-3.5_p1-r1.ebuild. It seemed to work at first but then I noticed that again I had the floating point and hash mismatch errors.

     After that I took more extreme measures. I copied the ssh binary from my Slackware 8.1 (openssh 3.2.1p1) to /usr/bin/ssh and tried it out a couple of times. It works most of the time but now I get a different error:

 *Quote:*   

> 
> 
>     ssh_rsa_verify: RSA_verify failed: error:04077068:rsa     routines:RSA_verify:bad signature
> 
>   key_verify failed for server_host_key
> ...

 

     Now that started to get me mad. What I did next was looking through openssh's source code to track down where the heck this 'hash mismatch' was being triggered.  It was on 'ssh-rsa.c'

```

        if (memcmp(decrypted + oidlen, hash, hlen) != 0) {

                error("hash mismatch");

                goto done;

        }
```

     Which didn't help me much since I never studied the openssh's source code before. What I tried then was a dirty trick. I commented out this code snippet, patched openssh's and re-emerged it.

     It still works most of the time but now it'll give me a dfferent error. 

 *Quote:*   

> 
> 
>      ea45 6767 5834 eb50 0b3c 06d0 0baf 9d24   
> 
>      Disconnecting: Bad packet length -364550297. 
> ...

 

    Which means that my trick was useless. I then emerged a non patched version of openssh-3.6.1p2 and now I'm back to zero and totally at loss.

    I've also noticed that the problem is not only on the client but also on the daemon. When I try to connect from outside to my sshd I sometimes get:

 *Quote:*   

> 
> 
> ssh_rsa_verify: RSA_verify failed: error:04077068:rsa routines:RSA_verify:bad signature
> 
> key_verify failed for server_host_key
> ...

 

    Which makes me think it is not something directly related to the client but to the authentication routines.

    Any one has any idea on this?

PS.: I know it's not someone playing with my connection or trying to intercept it because openssh (both client and deamon) works flawlessly on Slackware.

----------

## Dalrain

Does using

```
ssh -vvv user@host
```

 do anything further for giving you information on possible cause?

----------

## nin_freak_

are you using dhcp to asign hostnames? because this just means that the key doesn't match up with the ip address form the last time you sshed into it.

try deleating the .ssh folder from your home directory, that shoud clear it's memory of keys

----------

## mentus

 *Dalrain wrote:*   

> Does using
> 
> ```
> ssh -vvv user@host
> ```
> ...

 

I tried it but I don't know if the output is very helpful. Here it goes:

 *Quote:*   

> 
> 
> debug3: check_host_in_hostfile: filename /home/mentus/.ssh/known_hosts
> 
> debug3: check_host_in_hostfile: match line 2
> ...

 

This time it worked (it connected to the server).

 *Quote:*   

> 
> 
> debug3: check_host_in_hostfile: filename /home/mentus/.ssh/known_hosts
> 
> debug3: check_host_in_hostfile: match line 2
> ...

 

This time it didn't.

In both cases it says 'debug1: Host 'shell.linux.ime.usp.br' is known and matches the RSA host key.'. Just can't figure out why the second has a 'hash mismatch'.

Both files are available in full here:

http://www.linux.ime.usp.br/~feferraz/tmp/err_worked

http://www.linux.ime.usp.br/~feferraz/tmp/err_didntwork

http://www.linux.ime.usp.br/~feferraz/tmp/sshd_didntwork [*]

Concerning the line I set in bold, I don't think it may mean anything. The values (X/3191) are not fixed. I have tested it many times and X values always differ (independent of the connection being sucessfull or not).

For instance, I once managed to connect and got:

debug2: bits set: 1597/3191

[*] This last one is the output of a ssh -vvv trying to connect to my sshd.

----------

## mentus

I downgraded my openssl from 0.9.6j to 0.9.6i-r2. Then I reemerged openssh. So far this seems to have fixed the problem. I have tested it hundreds of times now and no 'hash mismatch' problem.

  Seems like a broken openssl is being delivered through portage. Anyways, I'll test it further and if this is indeed the case I'll file up a bug report.

  Anyone using openssl 0.9.6j willing to do some testing?

----------

