Date: Tue, 20 Feb 2001 00:01:39 +0100 (CET) From: "Walter W. Hop" <walter@binity.com> To: FreeBSD bugs <freebsd-bugs@freebsd.org> Subject: OpenSSH <-> SSH.com's SSH2 incompatible? Message-ID: <Pine.BSF.4.33.0102192330400.22640-300000@surreal.nl>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hi all, after the ssh advisory of last week I have patched a box and tried if SSH2 works out. All good at first sight, but I can't get the FreeBSD-supplied OpenSSH and SSH.com's client/servers to talk to eachother. [connect with ssh.com client to OpenSSH server] % ssh -V ssh: SSH Secure Shell 2.4.0 (non-commercial version) on i386-unknown-freebsd4.0 % ssh <opensshbox> warning: Authentication failed. Disconnected; MAC error (Message authentication check fails.). [connect with OpenSSH client to ssh.com server] % ssh -V SSH version OpenSSH_2.2.0, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). % ssh -2 <sshbox> Disconnecting: Corrupted HMAC on input. Attached are the 'verbose' outputs of both commands. Several other SSH2 clients (including some of ssh.com's own clients) are able to connect to both servers without problems. I guess this might be just a configuration error, if so, as probably lots of other people have deployed ssh.com's toolset, it might be advisable to change the default configuration.. I don't know if I should send this to the OpenSSH people because they're already 0.3 versions ahead ;-) grtx, walter -- Walter W. Hop <walter@binity.com> | +31 6 24290808 | PGP key: 0x84813998 [-- Attachment #2 --] debug: hostname is '---'. debug: Unable to open /home/walter/.ssh2/ssh2_config debug: connecting to ---... debug: entering event loop debug: ssh_client_wrap: creating transport protocol debug: SshAuthMethodClient/sshauthmethodc.c:117/ssh_client_authentication_initialize: Added "publickey" to usable methods. debug: SshAuthMethodClient/sshauthmethodc.c:117/ssh_client_authentication_initialize: Added "password" to usable methods. debug: Ssh2Client/sshclient.c:1142/ssh_client_wrap: creating userauth protocol debug: Ssh2Common/sshcommon.c:502/ssh_common_wrap: local ip = ---, local port = 2098 debug: Ssh2Common/sshcommon.c:504/ssh_common_wrap: remote ip = ---, remote port = 22 debug: SshConnection/sshconn.c:1866/ssh_conn_wrap: Wrapping... debug: Ssh2Transport/trcommon.c:599/ssh_tr_input_version: Remote version: SSH-1.99-OpenSSH_2.2.0 debug: Ssh2Transport/trcommon.c:789/ssh_tr_input_version: Remote version has rekey incompatibility bug. debug: Ssh2Transport/trcommon.c:1120/ssh_tr_negotiate: c_to_s: cipher 3des-cbc, mac hmac-sha1, compression none debug: Ssh2Transport/trcommon.c:1123/ssh_tr_negotiate: s_to_c: cipher 3des-cbc, mac hmac-sha1, compression none debug: Ssh2Client/sshclient.c:406/keycheck_key_match: Host key found from database. debug: Ssh2Common/sshcommon.c:137/ssh_common_disconnect: DISCONNECT received: Message authentication check fails. warning: Authentication failed. debug: Ssh2/ssh2.c:85/client_disconnect: locally_generated = TRUE Disconnected; MAC error (Message authentication check fails.). debug: uninitializing event loop [-- Attachment #3 --] SSH Version OpenSSH_2.2.0, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Reading configuration data /etc/ssh/ssh_config debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to --- port 22. debug: Allocated local port 994. debug: Connection established. debug: Remote protocol version 1.99, remote software version 2.4.0 SSH Secure Shell (non-commercial) datafellows: 2.4.0 SSH Secure Shell (non-commercial) Enabling compatibility mode for protocol 2.0 debug: Local version string SSH-2.0-OpenSSH_2.2.0 debug: send KEXINIT debug: done debug: wait KEXINIT debug: got kexinit: diffie-hellman-group1-sha1 debug: got kexinit: ssh-dss debug: got kexinit: 3des-cbc,blowfish-cbc,twofish-cbc,arcfour,cast128-cbc,3des-ecb,3des-cfb,3des-ofb,cast128-ecb,cast128-cfb,cast128-ofb,cast128-12-ecb,cast128-12-cbc,cast128-12-cfb,cast128-12-ofb,blowfish-ecb,blowfish-cfb,blowfish-ofb,des-ecb,des-cbc,des-cfb,des-ofb,twofish-ecb,twofish-cfb,twofish-ofb debug: got kexinit: 3des-cbc,blowfish-cbc,twofish-cbc,arcfour,cast128-cbc,3des-ecb,3des-cfb,3des-ofb,cast128-ecb,cast128-cfb,cast128-ofb,cast128-12-ecb,cast128-12-cbc,cast128-12-cfb,cast128-12-ofb,blowfish-ecb,blowfish-cfb,blowfish-ofb,des-ecb,des-cbc,des-cfb,des-ofb,twofish-ecb,twofish-cfb,twofish-ofb debug: got kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160-96,sha1-8,sha1,md5-8,md5,ripemd160-8,ripemd160 debug: got kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160-96,sha1-8,sha1,md5-8,md5,ripemd160-8,ripemd160 debug: got kexinit: none,zlib debug: got kexinit: none,zlib debug: got kexinit: debug: got kexinit: debug: first kex follow: 0 debug: reserved: 0 debug: done debug: kex: server->client 3des-cbc hmac-sha1 none debug: kex: client->server 3des-cbc hmac-sha1 none debug: Sending SSH2_MSG_KEXDH_INIT. debug: bits set: 515/1024 debug: Wait SSH2_MSG_KEXDH_REPLY. debug: Got SSH2_MSG_KEXDH_REPLY. debug: Host '---' is known and matches the DSA host key. debug: bits set: 538/1024 debug: len 55 datafellows 20 debug: dsa_verify: signature correct debug: Wait SSH2_MSG_NEWKEYS. debug: GOT SSH2_MSG_NEWKEYS. debug: send SSH2_MSG_NEWKEYS. debug: done: send SSH2_MSG_NEWKEYS. debug: done: KEX2. debug: send SSH2_MSG_SERVICE_REQUEST Disconnecting: Corrupted HMAC on input. debug: Calling cleanup 0x805b234(0x0)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0102192330400.22640-300000>