[Bug 3696] New: ssh client does not respect the "-oMACs" flag

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Jun 2 22:17:47 AEST 2024 

https://bugzilla.mindrot.org/show_bug.cgi?id=3696

            Bug ID: 3696
           Summary: ssh client does not respect the "-oMACs" flag
           Product: Portable OpenSSH
           Version: 9.7p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: root at nixsum.net

According to both sshd config and nmap scan my ssh server accepts the
below cipher suite:

$ nmap -sV --script ssh2-enum-algos 192.168.1.233 -p 22
Starting Nmap 7.93 ( https://nmap.org ) at 2024-06-02 14:57 EEST
Nmap scan report for marciano (192.168.1.233)
Host is up (0.00099s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.0 (protocol 2.0)
| ssh2-enum-algos: 
|   kex_algorithms: (9)
|       curve25519-sha256
|       curve25519-sha256 at libssh.org
|       ecdh-sha2-nistp256
|       ecdh-sha2-nistp384
|       ecdh-sha2-nistp521
|       diffie-hellman-group-exchange-sha256
|       diffie-hellman-group14-sha256
|       diffie-hellman-group16-sha512
|       diffie-hellman-group18-sha512
|   server_host_key_algorithms: (4)
|       rsa-sha2-512
|       rsa-sha2-256
|       ecdsa-sha2-nistp256
|       ssh-ed25519
|   encryption_algorithms: (7)
|       aes256-gcm at openssh.com
|       chacha20-poly1305 at openssh.com
|       aes256-ctr
|       aes256-cbc
|       aes128-gcm at openssh.com
|       aes128-ctr
|       aes128-cbc
|   mac_algorithms: (6)
|       hmac-sha2-256-etm at openssh.com
|       umac-128-etm at openssh.com
|       hmac-sha2-512-etm at openssh.com
|       hmac-sha2-256
|       umac-128 at openssh.com
|       hmac-sha2-512
|   compression_algorithms: (2)
|       none
|_      zlib at openssh.com

Service detection performed. Please report any incorrect results at
https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.21 seconds
$

The crypto policy enforces the server to start with the proper options
after the "-D" flag

However when I try to test the MACs using the client "-oMACs" flag, it
looks like it accepts MACs it shouldn't:

$ ./ssh -V
OpenSSH_9.7p1, OpenSSL 3.0.9 30 May 2023


$ ./ssh rocky at 192.168.1.233 -oMACs=hmac-sha1
rocky at 192.168.1.233's password: 
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Sun Jun  2 15:02:33 2024 from 192.168.1.2
rocky at marciano:~ $ logout
Connection to 192.168.1.233 closed.

$ ./ssh rocky at 192.168.1.233 -oMACs=hmac-md5
rocky at 192.168.1.233's password: 
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Sun Jun  2 15:06:55 2024 from 192.168.1.2
rocky at marciano:~ $ logout
Connection to 192.168.1.233 closed.

What I expect to happen here is a message stating that negotiation
failed, like for example when providing an invalid cipher:

$ ./ssh rocky at 192.168.1.233 -oCiphers=3des-cbc
Unable to negotiate with 192.168.1.233 port 22: no matching cipher
found. Their offer:
aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes256-ctr,aes256-cbc,aes128-gcm at openssh.com,aes128-ctr,aes128-cbc

Instead it looks like it falls back to some other MACs to make a
connection.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list