[Bug 2729] New: Can connect with MAC hmac-sha1 even though it's not configured on the server
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Jun 14 07:26:11 AEST 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2729
Bug ID: 2729
Summary: Can connect with MAC hmac-sha1 even though it's not
configured on the server
Product: Portable OpenSSH
Version: 7.5p1
Hardware: All
OS: Linux
Status: NEW
Severity: security
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: nitin.mahendru88 at gmail.com
Created attachment 2995
--> https://bugzilla.mindrot.org/attachment.cgi?id=2995&action=edit
wireshark trace for key exchange init packet
I have a 7.5p1 server with the following MACs:
MACs
hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sha2-256
in the sshd_config
I am using a 7.5p1 client as below:
ssh -m hmac-sha1 user@<IP>
It lets me connect. Although as per RFC
https://www.ietf.org/rfc/rfc4253.txt It should just disconnect.
I have attached wireshark screen shots for client and server "Key
Exchange Init" packets which list the relevant contents.
OS: Centos 7
SSH version: 7.5 p1
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list