[Bug 3415] sftp/ssh doesn't give notice of non-matching MACs but just aborts

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Mar 29 11:41:26 AEDT 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3415

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Christoph Anton Mitterer from comment #0)
[...]
> debug3: gss kex names ok:
> [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group16-sha512-]

This indicates it's a vendor-modified version of OpenSSH.  Can you
reproduce the problem with the stock version from openssh.com?

[...]
> debug1: Connecting to 192.168.0.150 [192.168.0.150] port 22.
> debug3: set_sock_tos: set socket 3 IP_TOS 0x10
> debug1: connect to address 192.168.0.150 port 22: Connection refused

This looks like the server is just not listening on that port.  The
screenshots on the website for the server makes it look like it listens
on port 6789, and as an unprivileged app it probably doesn't have
permission to bind to port 22 anyway.

> I.e. there is no message as e.g.:
> Unable to negotiate with UNKNOWN port 65535: no matching MAC found.
> Their offer: hmac-sha1,hmac-ripemd160

That example looks like it's using a proxycommand.

> Any ideas why not?

I suspect that there's something else going on in your config.  Can you
attach sample config that demonstrates the problem?  (Test it with ssh
-F, but you'll also need to remove any variables in your system-wide
config).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list