From bc9414d4da4c8c1cb78fd3a39cbfa0eb492b0193 Mon Sep 17 00:00:00 2001
From: Warren <warren@momentry.ddns.net>
Date: Sun, 14 Jun 2026 21:28:49 +0800
Subject: [PATCH] Add build_kexdh_reply logging to verify server_public_key
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

验证server_public_key一致性：
- build_kexdh_reply输入：[156, 109, 160, 110, ...]
- crypto.rs中的值：[156, 109, 160, 110, ...]
- 完全一致 ✓

Packet capture验证：
- Client public key：d9a035145879e1c6...（与server logs完全匹配）
- Server public key：9c6da06e74b7e55c...（与server logs完全匹配）

关键发现：
- 所有public keys完全匹配
- Client计算的shared_secret ≠ Server（仍需调查）

下一步：
继续调查shared secret encoding差异
---
 data/auth.sqlite                             | Bin 73728 -> 73728 bytes
 markbase-core/src/ssh_server/kex_exchange.rs |   5 +++++
 2 files changed, 5 insertions(+)

diff --git a/data/auth.sqlite b/data/auth.sqlite
index 747de35698dcf51d2eaf58dfcb16f9639e350e67..91bb6a157011af4c8b185623071d625991905e44 100644
GIT binary patch
delta 171
zcmZoTz|wGlWr8$g=R_H2#?Fli?J|r~lMhNMOy-ci!?top6GyMi=2x<8j6il{U9a@y
zZ*qT_R?gV`MgBRz<ZNDMS*G0l+|<01qDr<ooXnz3DXF>nY_m3h(f`0NFq@T`lZkB(
q0|N_~0Ti{zD(dgOo>6DA!~acSga7~MXVlsLg`e?1Kd%l05&!`H_%{mx

delta 171
zcmZoTz|wGlWr8$g<3t%}#>R~a?J|ralMhNMOy-ci!#2C4iKAC+^D9|4Mj*Sfu2*#O
zH@QDdvpY6_k$=uFIhB`LmMJ$sH#M)MsFH0OC$lJ1N@{LC+my{;^gr+mOl4)}WMZ4f
pz`z1#07dPwiu!x6XVjYP@P8B7;Q#;m8MU^5;b;8M&#T3N1OTeaHZ=eM

diff --git a/markbase-core/src/ssh_server/kex_exchange.rs b/markbase-core/src/ssh_server/kex_exchange.rs
index cd06187..a5963bf 100644
--- a/markbase-core/src/ssh_server/kex_exchange.rs
+++ b/markbase-core/src/ssh_server/kex_exchange.rs
@@ -125,6 +125,9 @@ impl KexExchangeHandler {
         host_key_blob: &[u8],
         server_public_key: &[u8],
     ) -> Result<SshPacket> {
+        info!("=== Building SSH_MSG_KEXDH_REPLY ===");
+        info!("Input server_public_key: {:?}", server_public_key);
+        
         let mut payload = Vec::new();
         
         payload.write_u8(PacketType::SSH_MSG_KEXDH_REPLY as u8)?;
@@ -132,6 +135,7 @@ impl KexExchangeHandler {
         payload.write_u32::<BigEndian>(host_key_blob.len() as u32)?;
         payload.write_all(host_key_blob)?;
         
+        info!("Writing server_public_key to payload (32 bytes)");
         payload.write_u32::<BigEndian>(32)?;
         payload.write_all(server_public_key)?;
         
@@ -139,6 +143,7 @@ impl KexExchangeHandler {
         payload.write_u32::<BigEndian>(signature.len() as u32)?;
         payload.write_all(&signature)?;
         
+        info!("SSH_MSG_KEXDH_REPLY payload built successfully");
         Ok(SshPacket::new(payload))
     }