[Twisted-Python] hmac-sha2-512 - Corrupted MAC on input with OpenSSH

陈健 chenjianhappy2008 at 126.com
Thu Dec 29 02:47:22 MST 2016 

hi,
       Yes, you are right. ssh -vv -oKexAlgorithms=diffie-hellman-group14-sha1 -oMACs=hmac-sha2-512 user at localhost
against a Twisted ssh server, and i saw the problem.  The reason is that twisted(16.6.0) is not supported the diffie-hellman-group14-sha1 and ecdh-sha512-nistp512 key exchange algorithms well, right ?


--

JianChen



At 2016-12-29 16:06:55, "Craig Rodrigues" <rodrigc at crodrigues.org> wrote:

Abhishek Choudhary pointed out to me that you can reproduce this problem easily, even with OpenSSH client.
Look at https://twistedmatrix.com/trac/ticket/8258


and do:



ssh -vv -oKexAlgorithms=diffie-hellman-group14-sha1 -oMACs=hmac-sha2-512 user at localhost

against a Twisted ssh server, and you will see the problem.




--

Craig






On Thu, Dec 29, 2016 at 1:17 AM, 陈健 <chenjianhappy2008 at 126.com> wrote:



hi,
    Yes, your understanding is correct. I must set the hmac-sha2-512 option unable with SecureCRT, it will be OK. I searched Google for a long time, still did not find the any clues!
   
          Twisted Server + OpenSSH client == WORKS
          Twisted Server + Xshell client == WORKS
          OpenSSH Server + SecureCRT client == WORKS
          Twisted Server + SecureCRT client == FAIL


--
JianChen



在 2016-12-29 12:35:57,"Craig Rodrigues" <rodrigc at crodrigues.org> 写道:

Hi,


Is this what you are saying:


Twisted Server + OpenSSH client == WORKS
Twisted Server + Xshell client == WORKS
OpenSSH Server + SecureCRT client == WORKS
Twisted Server + SecureCRT client == FAIL


??


I don't have SecureCRT client, so don't know the solution to this problem.


You might want to try searching the SecureCRT site and see if there are any clues
there:


https://goo.gl/UkKZvI



--
Craig


On Wed, Dec 28, 2016 at 9:39 PM, 陈健 <chenjianhappy2008 at 126.com> wrote:




hi:
    Oh, I'm sorry,  It is my server-side code has bugs with Twisted(16.6.0) Conch, that i have fixed it . But 'Message Authentication Code did not verify (packet #3)'  error will occurs with the SecureCRT(8.0.0 or 7.3.4) client.  If I connect OpenSSH_5.3p1 (or OpenSSH_6.6.1p1 ) sshd server through the SecureCRT client, it is fine. Of course, if I connect Twisted SSH server by using the Xshell client with hmac-sha2-512 options or “ssh -m hmac-sha2-512”,it is OK.  I do not know if it is SecureCRT client  bug or  twisted problem.  http://stackoverflow.com/questions/41296412/securecrt-hmac-sha2-512-message-authentication-code-did-not-verify-packet-3






 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20161229/dca1504f/attachment-0002.html>

More information about the Twisted-Python mailing list