turn off hmac-sha1. openssh uses 20 byte and ssh.com uses 16 byte keys.
On Fri, Jun 23, 2000 at 12:25:31PM +0100, Richard Hopkins wrote:
> There appears to be a problem with the "ssh" from OpenSSH (versions 2.1.1
> and 2.1.0 at least) interworking with "sshd" 2.2.0. The problem doesn't
> exist with "sshd" from 2.1.0
>
> What I'm seeing is the "ssh" fail with...
>
> Disconnecting: Corrupted HMAC on input.
>
> I've attached the output from "ssh-v" as ssh.txt
>
> At the server end, I'm logging...
>
> Jun 23 12:15:35 dird sshd[13574]: Local disconnected: Message
> authentication check fails.
> Jun 23 12:15:35 dird sshd[13574]: MAC failed in local, disconnecting:
> 'Message authentication check fails.'
>
> Verbose logging in attached as sshd.txt (both attachments are UNIX format).
>
> Can anybody help me with diagnosing what's wrong?
>
> Cheers,
>
> Richard Hopkins,
> Computing Service,
> University of Bristol,
> Bristol, BS8 1UD, UK
>
> Tel +44 117 928 7859
> Fax +44 117 929 1576
>
> RFC-822: [EMAIL PROTECTED]
>
> SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0.
> Compiled with SSL (0x00905100).
> debug: Reading configuration data /usr/local/etc/ssh_config
> debug: Applying options for *
> debug: loaded 19 entropy commands from /usr/local/etc/ssh_prng_cmds
> debug: Seeding random number generator.
> debug: OpenSSL random status is now 0
>
> debug: 3 bytes from system calls
> debug: 34 bytes from programs
> debug: OpenSSL random status is now 1
>
> debug: loading PRNG seed from file /home/ccrjh/.ssh/prng_seed
> debug: ssh_connect: getuid 405 geteuid 0 anon 0
> debug: Connecting to dird [137.222.10.59] port 22.
> debug: Seeding random number generator.
> debug: OpenSSL random status is now 1
>
> debug: 3 bytes from system calls
> debug: 34 bytes from programs
> debug: OpenSSL random status is now 1
>
> debug: Allocated local port 832.
> debug: Connection established.
> debug: Remote protocol version 2.0, remote software version 2.2.0 SSH Secure Shell
>(non-commercial)
> Enabling compatibility mode for protocol 2.0
> debug: Local version string SSH-2.0-OpenSSH_2.1.1
> debug: send KEXINIT
> debug: done
> debug: wait KEXINIT
> debug: got kexinit: diffie-hellman-group1-sha1
> debug: got kexinit: ssh-dss
> debug: got kexinit:
>3des-cbc,blowfish-cbc,twofish-cbc,arcfour,3des-ecb,3des-cfb,3des-ofb,blowfish-ecb,blowfish-cfb,blowfish-ofb,des-ecb,des-cbc,des-cfb,des-ofb,twofish-ecb,twofish-cfb,twofish-ofb
> debug: got kexinit:
>3des-cbc,blowfish-cbc,twofish-cbc,arcfour,3des-ecb,3des-cfb,3des-ofb,blowfish-ecb,blowfish-cfb,blowfish-ofb,des-ecb,des-cbc,des-cfb,des-ofb,twofish-ecb,twofish-cfb,twofish-ofb
> debug: got kexinit:
>hmac-sha1,hmac-md5,hmac-md5-96,hmac-sha1-96,hmac-ripemd160,hmac-ripemd160-96,sha1-8,sha1,md5-8,md5,ripemd160-8,ripemd160
> debug: got kexinit:
>hmac-sha1,hmac-md5,hmac-md5-96,hmac-sha1-96,hmac-ripemd160,hmac-ripemd160-96,sha1-8,sha1,md5-8,md5,ripemd160-8,ripemd160
> debug: got kexinit: none,zlib
> debug: got kexinit: none,zlib
> debug: got kexinit:
> debug: got kexinit:
> debug: first kex follow: 0
> debug: reserved: 0
> debug: done
> debug: kex: server->client 3des-cbc hmac-sha1 none
> debug: kex: client->server 3des-cbc hmac-sha1 none
> debug: Sending SSH2_MSG_KEXDH_INIT.
> debug: bits set: 483/1024
> debug: Wait SSH2_MSG_KEXDH_REPLY.
> debug: Got SSH2_MSG_KEXDH_REPLY.
> debug: keytype ssh-dss
> debug: keytype ssh-dss
> debug: keytype ssh-dss
> debug: Host 'dird' is known and matches the DSA host key.
> debug: bits set: 507/1024
> debug: len 55 datafellows 0
> debug: dsa_verify: signature correct
> debug: Wait SSH2_MSG_NEWKEYS.
> debug: GOT SSH2_MSG_NEWKEYS.
> debug: send SSH2_MSG_NEWKEYS.
> debug: done: send SSH2_MSG_NEWKEYS.
> debug: done: KEX2.
> debug: send SSH2_MSG_SERVICE_REQUEST
> Disconnecting: Corrupted HMAC on input.
> debug: Calling cleanup 0x5581c(0x0)
> debug: Calling cleanup 0x5e2e8(0x0)
> debug: writing PRNG seed to file /home/ccrjh/.ssh/prng_seed
> debug: Reading private host key from /etc/ssh2/hostkey
> debug: Key comment: 1024-bit dsa hostkey
> debug: SshUnixConfig/sshunixconfig.c:270/ssh_server_load_host_key: Reading public
>host key from: /etc/ssh2/hostkey.pub
> debug: Becoming server.
> debug: Creating listener
> debug: Listener created
> debug: no udp listener created.
> debug: Running event loop
> debug: Sshd2/sshd2.c:575/new_connection_callback: new_connection_callback
> debug: Sshd2/sshd2.c:727/new_connection_callback: Wrapping stream with
>ssh_server_wrap...
> debug: ssh_server_wrap: creating transport protocol
> debug: SshAuthMethodServer/sshauthmethods.c:93/ssh_server_authentication_initialize:
>Added "publickey" to usable methods.
> debug: SshAuthMethodServer/sshauthmethods.c:93/ssh_server_authentication_initialize:
>Added "password" to usable methods.
> debug: ssh_server_wrap: creating userauth protocol
> debug: Ssh2Common/sshcommon.c:350/ssh_common_wrap: local ip = 137.222.199.99, local
>port = 22
> debug: Ssh2Common/sshcommon.c:352/ssh_common_wrap: remote ip = 137.222.199.139,
>remote port = 980
> debug: SshConnection/sshconn.c:1853/ssh_conn_wrap: Wrapping...
> debug: Sshd2/sshd2.c:738/new_connection_callback: done.
> debug: new_connection_callback returning
> debug: Ssh2Transport/trcommon.c:593/ssh_tr_input_version: Remote version:
>SSH-2.0-OpenSSH_2.1.1
> debug: Ssh2Common/sshcommon.c:132/ssh_common_disconnect: DISCONNECT received:
>Message authentication check fails.
> debug: Sshd2/sshd2.c:89/server_disconnect: locally_generated = TRUE
> debug: Exiting event loop
