[Bug 2991] Not supports hmac-md5 ciphering technique

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Apr 11 19:18:35 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=2991

--- Comment #8 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Karthik Adiga from comment #7)
> Thanks Darren.
> 
> Tried with the configurations you provided. Its still not working in
> my case. 

did you restart sshd after making the config change?

> As you said key exchange fails if client doesn't supports the
> algorithm

yes.

> (here in this case hmac-sha1).

no.  We can tell from the log of the failing connection that both sides
support hmac-sha1:

debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none

> So failed right? Is that mean 7.9p1 is not compatible with 5.3p1?

It should work.  I built a 5.3p1 client and was able to connect to a
7.9p1 server with the default config.  I then forced the server to
support only ssh-dss ("HostKeyAlgorithms ssh-dss") and got the same
error you did.

> Or is there any other configurations to add or modify.
> 
> Please suggest. Thank you once again.

I suggest: 
 - make sure you are editing the right sshd_config.  A self-built one
will by default use /usr/local/etc/sshd_config/
 - make sure sshd has been restarted with config changes in comment#5.

If that doesn't work, please attach:
 - a client debug log with the suggested config changes.
 - a server debug log (eg "/path/to/sshd -ddde -p 2222" then connect
with "ssh -p 2222")
 - a copy of the server's config file.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list