Hi Eric, lib...@bentleyemail.net wrote: > I'm happy to help but my responses may be delayed as I'm getting ready > to head out for a few days of vacation (leaving in 12 hours)
Oh that sounds amazing! I hope you have a good time. > > > sshd[361421]: debug1: kex: client->server cipher: aes128-ctr MAC: > hmac-sha2-256 compression: none [preauth] .. > > What processor does your embedded system have? In particular endianess > > and native bit size (32/64?) > model name : ARMv7 Processor rev 1 (v7l) > Hardware : Atmel SAMA5 > /bin/busybox: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), > statically linked, BuildID[sha1]=51f5566abbeca4cee5e53734090d7d37b33deedb, > for GNU/Linux 3.2.0, stripped Thanks, little endian ARM. > > What MAC is negotiated by the dropbear and OpenSSH clients you tested? > > Dropbear: .. > May 18 15:42:08 eric-Precision-7520 sshd[444608]: debug1: kex: > client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth] > OpenSSH: .. > May 19 17:24:01 eric-Precision-7520 sshd[3355904]: debug1: kex: > client->server cipher: [86]chacha20-poly1...@openssh.com MAC: > <implicit> compression: none [preauth] This is interesting and provides some clues. All three clients end up using different ciphers/MACs with only libssh2 using hmac-sha2-256. It would be great if you could try OpenSSH with the same cipher+MAC as libssh2 and provide the server debug log also for that connection: ssh -oCiphers=aes128-ctr -oMACs=hmac-sha2-256 server > > Are results identical with a server running an unpatched upstream OpenSSH? > > Unfortunately, I do not have a server running this version. My sshd > server is > > OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f 31 Mar 2020 Okay. The upstream source code is fairly easy to build but I understand that you're leaving literally in hours. If you can try the OpenSSH client with specific cipher and mac that log would be very helpful. Thanks //Peter _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
