[Bug 3823] SSH client 10.0p2 ignores MAC restrictions (-m flag)

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=3823

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Adrian Jarc from comment #0)
> If I disable certain mac algorithms on sshd and then try to connect
> (on same device) to ssh with thiose disabled algorithms, SSH allows
> me to do this.
> 
> Scenario:
> 
> I have disabled hmac-sha2-256 in sshd config on device. Then I try
> establishing connection via ssh client on same device with '-m
> hmac-sha2-256' flag. Instead of connection being rejected because
> mac algorithm is not supported on server, Client just ignores this
> flag and connects.
> 
> Logs of what happens:
[...]

It's not actually using hmac-sha2-256.  It's configured to use the
aes128-gcm cipher, which has its own integrity checking and does not
use an explicit MAC at all:

> debug1: kex: server->client cipher: aes128-gcm at openssh.com MAC: <implicit> compression: none
> debug1: kex: client->server cipher: aes128-gcm at openssh.com MAC: <implicit> compression: none

(see https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL for a more
complete description).

> Logs of what should happen:
[...]

In this case, it's configured to use the aes128-ctr cipher, which is
why the client's MAC configuration comes into play:

> debug2: ciphers ctos: aes128-ctr,aes128-gcm at openssh.com,aes256-ctr,aes256-gcm at openssh.com
> debug2: ciphers stoc: aes128-ctr,aes128-gcm at openssh.com,aes256-ctr,aes256-gcm at openssh.com
> debug2: MACs ctos: hmac-sha2-512
> debug2: MACs stoc: hmac-sha2-512

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.