https://bugs.gentoo.org/595342 Backport of https://anongit.mindrot.org/openssh.git/patch/?id=28652bca29046f62c7045e933e6b931de1d16737 --- openssh-7.3p1/kex.c +++ openssh-7.3p1/kex.c @@ -419,6 +419,8 @@ ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); if ((r = sshpkt_get_end(ssh)) != 0) return r; + if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0) + return r; kex->done = 1; sshbuf_reset(kex->peer); /* sshbuf_reset(kex->my); */ --- openssh-7.3p1/packet.c +++ openssh-7.3p1/packet.c @@ -1919,9 +1919,7 @@ return r; return SSH_ERR_PROTOCOL_ERROR; } - if (*typep == SSH2_MSG_NEWKEYS) - r = ssh_set_newkeys(ssh, MODE_IN); - else if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side) + if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side) r = ssh_packet_enable_delayed_compress(ssh); else r = 0;