[Bug 2991] Not supports hmac-md5 ciphering technique
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Apr 11 19:18:35 AEST 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=2991
--- Comment #8 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Karthik Adiga from comment #7)
> Thanks Darren.
>
> Tried with the configurations you provided. Its still not working in
> my case.
did you restart sshd after making the config change?
> As you said key exchange fails if client doesn't supports the
> algorithm
yes.
> (here in this case hmac-sha1).
no. We can tell from the log of the failing connection that both sides
support hmac-sha1:
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
> So failed right? Is that mean 7.9p1 is not compatible with 5.3p1?
It should work. I built a 5.3p1 client and was able to connect to a
7.9p1 server with the default config. I then forced the server to
support only ssh-dss ("HostKeyAlgorithms ssh-dss") and got the same
error you did.
> Or is there any other configurations to add or modify.
>
> Please suggest. Thank you once again.
I suggest:
- make sure you are editing the right sshd_config. A self-built one
will by default use /usr/local/etc/sshd_config/
- make sure sshd has been restarted with config changes in comment#5.
If that doesn't work, please attach:
- a client debug log with the suggested config changes.
- a server debug log (eg "/path/to/sshd -ddde -p 2222" then connect
with "ssh -p 2222")
- a copy of the server's config file.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list