[Bug 2729] New: Can connect with MAC hmac-sha1 even though it's not configured on the server

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Jun 14 07:26:11 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2729

            Bug ID: 2729
           Summary: Can connect with MAC hmac-sha1 even though it's not
                    configured on the server
           Product: Portable OpenSSH
           Version: 7.5p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: security
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: nitin.mahendru88 at gmail.com

Created attachment 2995
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2995&action=edit
wireshark trace for key exchange init packet

I have a 7.5p1 server with the following MACs: 
MACs
hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sha2-256
in the sshd_config

I am using a 7.5p1 client as below:
ssh -m hmac-sha1 user@<IP>

It lets me connect. Although as per RFC
https://www.ietf.org/rfc/rfc4253.txt It should just disconnect.

I have attached wireshark screen shots for client and server "Key
Exchange Init" packets which list the relevant contents.



OS: Centos 7
SSH version: 7.5 p1

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list