On Wed, Jan 19, 2022 at 04:23:29PM +0100, Thomas De Schampheleire wrote: > I recently encountered connection issues when using dropbear as client > (2020.81) > to certain SSH implementations. In both cases, the issue was related to the > host > key verification. It took me a while to find the cause, and I send this mail > mainly to help other Dropbear users that may have such problem. > > The symptoms I encountered were for one case (a proprietary SSH server > implementation):
Hi Thomas, Thanks for the write up. I _think_ in the case of Dropbear as a client it might be possible to defer sending the key exchange until the server's version identification is received, without incurring any extra round trip latency. I will see if I can implement that. That would use an allowlist of implementations known to correctly handle first_kex_packet_follows. If you could let me know the proprietary version with problems it would be handy (off list is fine). Thanks, Matt