*FLAWED* Re: playing around with removing algos

Cristian Ionescu-Idbohrn cristian.ionescu-idbohrn at axis.com
Thu May 4 01:52:17 AEST 2017 

On Wed, 3 May 2017, Jakub Jelen wrote:
> On 05/02/2017 07:21 PM, Cristian Ionescu-Idbohrn wrote:
> > On Tue, 2 May 2017, Colin Watson wrote:
> > > On Tue, May 02, 2017 at 06:17:47PM +0200, Cristian Ionescu-Idbohrn wrote:
> > > > $ ssh -vvv -oMacs=umac-64 at openssh.com localhost : 2>&1 | egrep -i
> > > > 'macs|umac'
> > > > debug2: MACs ctos: umac-64 at openssh.com
> > > > debug2: MACs stoc: umac-64 at openssh.com
> > > > debug2: MACs ctos:
> > > > umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> > > > debug2: MACs stoc:
> > > > umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> > > > 
> > > > No error/warning/anything.
> > > > 
> > > > I should also mention that this is the Debian packaged openssh 7.5p1.
> > > > It applies some 31 patches to the source.  I can't tell if they
> > > > interfere with the proper behaviour, it doesn't seem so, but I can't
> > > > exclude the risc.  Colin might.
> > > 
> > > A clean build from upstream git master produces identical output from
> > > the above test command.
> > 
> > Thanks.  This points then to an upstream bug.
> 
> My guess is that you are using chacha20-poly1305 at openssh.com cipher 
> (not visible from this output), which does not need MAC (the message 
> authentication is already part of the cipher definition -- 
> poly1305). Therefore it does not need to agree on common MAC and it 
> just works without that.

Very good guess ;)

$ ssh -vvv -oMacs=umac-64 at openssh.com localhost : 2>&1 | egrep -i kex:
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none

Thanks.  That made me read PROTOCOL.chacha20poly1305.

Another check, forcing ciphers to something else, produces expected 
result:

$ ssh -oMacs=umac-64 at openssh.com -ociphers=aes128-ctr localhost :
Unable to negotiate with 127.0.0.1 port 22: no matching MAC found. 
Their offer: umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

Not a bug there, just user confusion.


Cheers,

-- 
Cristian

More information about the openssh-unix-dev mailing list