From 0403a340c4e79a573b4f0aaadf2eeabacee09ab3 Mon Sep 17 00:00:00 2001 From: Warren Date: Sun, 14 Jun 2026 16:56:10 +0800 Subject: [PATCH] Attempt to fix exchange hash calculation Attempted fixes: 1. Add \r\n to version strings (reverted - incorrect) 2. Add SSH_MSG_KEXINIT byte to KEXINIT payloads (reverted - payloads already contain it) Current issue: - OpenSSH client still rejects SSH_MSG_KEX_ECDH_REPLY - Client not sending NEWKEYS - Exchange hash calculation still has subtle differences Deep analysis completed: - Analyzed 10 OpenSSH source functions - Verified mpint encoding, key derivation, MAC calculation all correct - Still need to find remaining exchange hash component differences --- markbase-core/src/ssh_server/kex_exchange.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/markbase-core/src/ssh_server/kex_exchange.rs b/markbase-core/src/ssh_server/kex_exchange.rs index 2c15208..13da776 100644 --- a/markbase-core/src/ssh_server/kex_exchange.rs +++ b/markbase-core/src/ssh_server/kex_exchange.rs @@ -197,6 +197,7 @@ impl KexExchangeHandler { let mut hasher = Sha256::new(); + // RFC 4253 Section 7: V_C and V_S are version strings (without \r\n based on testing) hasher.update(&(client_version.len() as u32).to_be_bytes()); hasher.update(client_version.as_bytes());