net4801, vpn1411 and "Corrupted MAC on input" with current OpenBSD sshd

Greg Mortensen thevision at pobox.com
Thu Apr 28 00:25:17 EST 2005


   I recently installed the April 21st snapshot on my Soekris net4801 (dmesg 
here[1]) that has a vpn1411 crypto-accelerator in it.  For the first 
time, I'm getting a tremendous amount of "Corrupted MAC on input" errors 
while sshing into this machine.

   While there has been discussion -- going all the way back to 3.5 -- 
that it's a hardware problem with the net4801 and the vpn1411, Soren has 
said[2] that while there's a problem with the net45xx boards, he hasn't 
heard of hardware problems with the net4801.

   I'm not currently using IPsec (although it worked on both 3.5 and 3.6), 
no other userland application is using /dev/crypto, and this happens even
though I'm only running a single ssh connection.

   I've never had this problem occur with OpenBSD 3.6 or 3.5 on this box; 
in fact, I rolled back sshd and it's supporting libraries to the 3.5 
version (OpenSSH_3.8 (sshd.c, v 1.290 2004/03/11)), and the problem goes 
away.  Has something regressed?  Is anyone else seeing this for the first 
time?

   Regards,
     Greg

[1] http://www.pobox.com/~thevision/openbsd/soekris_dmesg.txt
[2] http://lists.soekris.com/pipermail/soekris-tech/2004-September/021803.html

  \|/   ___   \|/      thevision at pobox.com      +----- 2048/83C90191 -----+
   @~./'O o`\.~@                                | 0B 65 E0 58 F3 F9 81 F5 |
  /__( \___/ )__\                               | F0 72 75 FA 1E BD C9 66 |
     `\__`U_/'                                  +-------------------------+




More information about the openssh-unix-dev mailing list