Teraterm Key Verify Error #434
Comments
|
Thank you for your reporting. I can't reproduce this issue in my environment. Please let us know what TTSSH debug log says.
At last, currently we only maintain Tera Term 5.x. Thanks,
|
|
Hello,
Thank you for looking into this. Attached is the file requested. The client & server seem to agree on the algorithms to use, but something within the SSH2_MSG_KEXDH_REPLY appears to cause a key verify error. From the code, it looks like somewhere in key_verify() or ssh_ed25519_verify(). I don’t have a compiler installed to dig deeper.
Could also be a bug in SSH-2.0-dropbear_2020.81 that was perhaps fixed in the latest version (SSH-2.0-dropbear_2020.81) that you are using.
Please let me know.
Thank You,
M.
|
|
In case the files didn't make it in the e-mail response above. |
|
Thank you for sending your log. I set parameters as above and connected to dropbear_2024.86. key verify error didn't occur. I changed the dropbear version to dropbear_2020.81. key verify error didn't occur. Hmm...
|
|
Very strange indeed. Would you be able to send me a Wireshark capture your 2nd test (the one with SSH-2.0-dropbear_2020.81 using the same parameters as I use ? I’d like to see if there is anything different within the packets, perhaps that will yield a clue.
Also note that I am using a Windows 10 machine and SSH-2.0-TTSSH/3.2 Win32, whereas you are using SSH-2.0-TTSSH/3.3 Win32.
Thank you for your continued support.
M.
|
I think they are same. I showd decided algorithms by negotiation above.
I think your guess above is right. I added debug messages and built binary. Thanks, |
|
The debug message shown is: "crypto_sign_ed25519_open(): failed" Thank You,
|
|
Added debug message and new binary.
|
|
The debug messages shown are... The issue then likely occurs in crypto_sign_ed25519_open(). Need a few debug messages in there at various points to identify which variable value is wrong. Thank You,
|
|
I added some Please let us know dump41-44.bin contents. Thanks, The error occurs in this section of KEX in SSH sequence.
dump41.bin is dump42.bin is dump43.bin is dump44.bin is
|
|
Something may be wrong with this latest build. I downloaded and installed it [installer\Output\teraterm-5.4-dev-20250128_202120-a0c8af77b-appveyor-snapshot.exe], but am not seeing any dump41-44.bin files. In fact, I am no longer seeing any of the previous debug messages. I only see the original "ssh2_kex_finish: key verify error (-1)" error. Were all the previous debug statements maintained or removed ? To validate, I uninstalled this version and installed the previous version. All the debug statements are there. |
|
Hi, I removed debug popup messages because it clarified that this problem occurs in crypto_sign_ed25519_open(). I ran and confirmed in Visual Studio. But I forgot that the debug dump function only works in debug build. I apologize for that. |
|
Hello,
Same result, no debug dump files. I re-installed [installer\Output\teraterm-5.4-dev-20250128_202120-a0c8af77b-appveyor-snapshot.exe], then replaced the installed ttxssh.dll with the new one, but no change.
|
|
Hi, Did you dig both Or use snapshot zip archive as portable mode.
|
|
Hi, My apologies, the files were indeed within the Roaming directory, I could swear I looked, but missed it. Attached are the dump41-45.bin files. |
|
The key blob part of dump41.bin and the first 0x40 bytes of dump43.bin are the same. It is OK. If you use OpenSSH client to connect your dropbear server, the problem (this issue) occurs? |
|
I am not sure I understand the question. I am using OpenSSH client to connect to a device that is running dropbear server, and this is where the issue occurs. Please advise if I misunderstood ? |
|
TTSSH copies many source code from OpenSSH, it is nearly the same as OpenSSH about crypto/sign usage. |
|
Thank you for the clarification. I erred when I said I am using OpenSSH, I was thinking about TeraTerm using OpenSSL and got confused. I have not tested with OpenSSH client to dropbear server. Lookin at OpenSSH, I see it is not supported for WIndows, but it is for Linux, so I'll have to see if I can get it runing on a Linux Ubuntu distribution runing within VirtualBox on a WIndows PC. |
|
Microsoft provides OpenSSH on Windows 10. If it is installed, When connect from OpenSSH client, to use algorithms which is decided between Tera Term and your dropbear (it is shown in your TTSSH.LOG), specify it. specify:
|
SummaryI can not reproduce this issue in my server. What is the different and same in our envs. decided algorithms between TTSSH and TeraTerm99' s dropbear server
diffie-hellman-group14-sha256 KEX algorithm and ssh-ed25519 server hostkey have to be selected. supported algorithms at dropbear (server proposal)Each (client and server) proposal strings are used in key exchange.
To make all server proposal the same, I have to disable ECDH algorithms in server, and ECDSA, RSA and DSA server hostkeys. Things that can't be the same
Even if I try to make the maximum conditions the same, I cannot make the server key and random numbers the same. |
|
Other SSH clients can connect to your server? ex. OpenSSH, PuTTY. |
Getting an "ssh2_kex_finish: key verify error (-1)" error when attempting a connection from a Window10 PC running Tera Term (including latest version 5.3). Wireshark capture shows the Windows 10 PC running Tera Term closing the connection "Client: Disconnect" upon receiving "Server: New Keys" packet.
Tera Term client is running SSH-2.0-TTSSH/2.92 Win32.
Server is running SSH-2.0-dropbear_2020.81.
Snapshot of the error and 'ssh2connect.log' file are attached.
Thank You,
M.
ssh2connect.log
The text was updated successfully, but these errors were encountered: