On Ubuntu 12.04 / OpenSSH_5.9p1 Debian-5ubuntu1 trying to initiate a
connection with hmac-sha2-512 and diffie-hellman-group1-sha1 results in
OpenSSH killing the connection after the SSH_MSG_KEXINIT packet is sent.
The OpenSSH error logs state the following:
debug2: mac_setup: found hmac-sha2-512 [preauth]
debug1: kex: server->client arcfour256 hmac-sha2-512 none [preauth]
dh_gen_key: group too small: 1024 (2*need 1024) [preauth]
debug1: do_cleanup [preauth]
This behavior, I believe, is in error as the shared secret produced by the
diffie-hellman key exchange is essentially extended to the appropriate
length by successive hashes that are concatenated together per
RFC4253#section-7.2
Also, it works fine in Ubuntu 14.04 / OpenSSH_6.6p1 Ubuntu-2ubuntu1.
My question is... for what versions of OpenSSH an issue? I'd like to hide
hmac-sha2-512 from the list of supported MAC's the client sends over for
all the affected SSH servers (ie. similar to how PuTTY handles SSH server
bugs with
http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter4.html#config-ssh-bugs).
To do so, however, I need to know what I need to look for in the
identification strings.
ie. if this issue was present on all versions of OpenSSH prior to 6.5 I
could just look for any identification string for which
substr(identification-string, 8, 3) < '6.5'. If the issue is present
in any
server who's identification string ends with Debian-5ubuntu1 I could make a
similar check for that.
I just need to know what I should be checking for. Is there perchance a
link that'd discuss this in more detail?