[Bug 2729] Can connect with MAC hmac-sha1 even though it's not configured on the server
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Jun 14 11:37:33 AEST 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2729
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WORKSFORME
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
In future, please attach debug traces using the attachments feature.
This is why your connection succeeds:
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
chacha20-poly1305 and AES-GCM are AEAD ciphers that effectively include
their own MAC. As such, the MAC you specified is ignored when they are
selected. If you specify a plain confidentiality cipher (e.g. -c
aes128-ctr) then your connection will fail as you expect.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list