[Twisted-Python] hmac-sha2-512 - Corrupted MAC on input with OpenSSH
陈健
chenjianhappy2008 at 126.com
Thu Dec 29 02:47:22 MST 2016
hi,
Yes, you are right. ssh -vv -oKexAlgorithms=diffie-hellman-group14-sha1 -oMACs=hmac-sha2-512 user at localhost
against a Twisted ssh server, and i saw the problem. The reason is that twisted(16.6.0) is not supported the diffie-hellman-group14-sha1 and ecdh-sha512-nistp512 key exchange algorithms well, right ?
--
JianChen
At 2016-12-29 16:06:55, "Craig Rodrigues" <rodrigc at crodrigues.org> wrote:
Abhishek Choudhary pointed out to me that you can reproduce this problem easily, even with OpenSSH client.
Look at https://twistedmatrix.com/trac/ticket/8258
and do:
ssh -vv -oKexAlgorithms=diffie-hellman-group14-sha1 -oMACs=hmac-sha2-512 user at localhost
against a Twisted ssh server, and you will see the problem.
--
Craig
On Thu, Dec 29, 2016 at 1:17 AM, 陈健 <chenjianhappy2008 at 126.com> wrote:
hi,
Yes, your understanding is correct. I must set the hmac-sha2-512 option unable with SecureCRT, it will be OK. I searched Google for a long time, still did not find the any clues!
Twisted Server + OpenSSH client == WORKS
Twisted Server + Xshell client == WORKS
OpenSSH Server + SecureCRT client == WORKS
Twisted Server + SecureCRT client == FAIL
--
JianChen
在 2016-12-29 12:35:57,"Craig Rodrigues" <rodrigc at crodrigues.org> 写道:
Hi,
Is this what you are saying:
Twisted Server + OpenSSH client == WORKS
Twisted Server + Xshell client == WORKS
OpenSSH Server + SecureCRT client == WORKS
Twisted Server + SecureCRT client == FAIL
??
I don't have SecureCRT client, so don't know the solution to this problem.
You might want to try searching the SecureCRT site and see if there are any clues
there:
https://goo.gl/UkKZvI
--
Craig
On Wed, Dec 28, 2016 at 9:39 PM, 陈健 <chenjianhappy2008 at 126.com> wrote:
hi:
Oh, I'm sorry, It is my server-side code has bugs with Twisted(16.6.0) Conch, that i have fixed it . But 'Message Authentication Code did not verify (packet #3)' error will occurs with the SecureCRT(8.0.0 or 7.3.4) client. If I connect OpenSSH_5.3p1 (or OpenSSH_6.6.1p1 ) sshd server through the SecureCRT client, it is fine. Of course, if I connect Twisted SSH server by using the Xshell client with hmac-sha2-512 options or “ssh -m hmac-sha2-512”,it is OK. I do not know if it is SecureCRT client bug or twisted problem. http://stackoverflow.com/questions/41296412/securecrt-hmac-sha2-512-message-authentication-code-did-not-verify-packet-3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20161229/dca1504f/attachment-0002.html>
More information about the Twisted-Python
mailing list