Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] ssh
  • From: Nix <suse@xxxxxxxxxxxxxxx>
  • Date: Wed, 07 Feb 2001 10:26:20 +1100
  • Message-id: <5.0.2.1.0.20010207102410.00a7c098@xxxxxxxxxxxxxxxxxxxx>
At 07:33 AM 7/02/2001, you wrote:
I tried to connected to remote host with ssh without success.
I received msg:
Corrupted HMAC on input


From http://www.openssh.com/faq.html
4. Why does SSH 2.3 have problems interoperating with OpenSSH 2.1.1?
SSH 2.3 and earlier versions contain a flaw in their HMAC implementation. Their code was not supplying the full data block output from the digest, and instead always provided 128 bits. For longer digests, this caused SSH 2.3 to not interoperate with OpenSSH.
OpenSSH 2.2.0 detects that SSH 2.3 has this flaw. Future versions of SSH will have this bug fixed.

and from http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html
Question: When I connect to an SSH 2 server, I get "Incorrect MAC received on packet". What's going on?
Answer: This is a bug in early versions of ssh.com's SSH 2 implementation, not in PuTTY. PuTTY contains an option to work around the bug, though. On the SSH configuration panel, enable the option "Imitate SSH 2 MAC bug in commercial <= v2.3.x" and you should be fine.
(This is nothing to do with Ethernet cards. MAC stands for Message Authentication Code and is a cryptography thing. It's nothing to do with Ethernet MAC addresses; that stands for Media Access Control and is something totally different.)


I'd say you are trying to use SSH not OpenSSH which doesn't have this bug.
Hope this helps, if it doesn't reply with some more specifics..

Cheers


---
Nix - nix@xxxxxxxxxxxxxxxx
http://www.susesecurity.com


< Previous Next >
This Thread
References