[Bug 2729] Can connect with MAC hmac-sha1 even though it's not configured on the server

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Jun 14 11:37:33 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2729

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WORKSFORME

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
In future, please attach debug traces using the attachments feature.

This is why your connection succeeds:

debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none

chacha20-poly1305 and AES-GCM are AEAD ciphers that effectively include
their own MAC. As such, the MAC you specified is ignored when they are
selected. If you specify a plain confidentiality cipher (e.g. -c
aes128-ctr) then your connection will fail as you expect.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list