Re: [Twisted-Python] hmac-sha2-512 - Corrupted MAC on input with OpenSSH

陈健 Thu, 29 Dec 2016 02:22:28 -0800

hi,
       Yes, you are right. ssh -vv -oKexAlgorithms=diffie-hellman-group14-sha1 
-oMACs=hmac-sha2-512 user@localhost
against a Twisted ssh server, and i saw the problem.  The reason is that 
twisted(16.6.0) is not supported the diffie-hellman-group14-sha1 and 
ecdh-sha512-nistp512 key exchange algorithms well, right ?



--

JianChen



At 2016-12-29 16:06:55, "Craig Rodrigues" <rodr...@crodrigues.org> wrote:

Abhishek Choudhary pointed out to me that you can reproduce this problem 
easily, even with OpenSSH client.
Look at https://twistedmatrix.com/trac/ticket/8258


and do:



ssh -vv -oKexAlgorithms=diffie-hellman-group14-sha1 -oMACs=hmac-sha2-512 
user@localhost

against a Twisted ssh server, and you will see the problem.




--

Craig






On Thu, Dec 29, 2016 at 1:17 AM, 陈健 <chenjianhappy2...@126.com> wrote:



hi,
    Yes, your understanding is correct. I must set the hmac-sha2-512 option 
unable with SecureCRT, it will be OK. I searched Google for a long time, still 
did not find the any clues!
   
          Twisted Server + OpenSSH client == WORKS
          Twisted Server + Xshell client == WORKS
          OpenSSH Server + SecureCRT client == WORKS
          Twisted Server + SecureCRT client == FAIL


--
JianChen



在 2016-12-29 12:35:57，"Craig Rodrigues" <rodr...@crodrigues.org> 写道：

Hi,


Is this what you are saying:


Twisted Server + OpenSSH client == WORKS
Twisted Server + Xshell client == WORKS
OpenSSH Server + SecureCRT client == WORKS
Twisted Server + SecureCRT client == FAIL


??


I don't have SecureCRT client, so don't know the solution to this problem.


You might want to try searching the SecureCRT site and see if there are any 
clues
there:


https://goo.gl/UkKZvI



--
Craig


On Wed, Dec 28, 2016 at 9:39 PM, 陈健 <chenjianhappy2...@126.com> wrote:




hi:
    Oh, I'm sorry,  It is my server-side code has bugs with Twisted(16.6.0) 
Conch, that i have fixed it . But 'Message Authentication Code did not verify 
(packet #3)'  error will occurs with the SecureCRT(8.0.0 or 7.3.4) client.  If 
I connect OpenSSH_5.3p1 (or OpenSSH_6.6.1p1 ) sshd server through the SecureCRT 
client, it is fine. Of course， if I connect Twisted SSH server by using the 
Xshell client with hmac-sha2-512 options or “ssh -m hmac-sha2-512”，it is OK.  I 
do not know if it is SecureCRT client  bug or  twisted problem.  
http://stackoverflow.com/questions/41296412/securecrt-hmac-sha2-512-message-authentication-code-did-not-verify-packet-3

_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Re: [Twisted-Python] hmac-sha2-512 - Corrupted MAC on input with OpenSSH

Reply via email to