Hi Group, I am porting openSSH to an embedded platform running pSOS. I am able to setup a connection with the server but after I disconnect and reconnect, I always get the following error message and client won't establish connection with the server. <First connection..............................> debug: Enabling compatibility mode for protocol 2.0 debug: SSH2_MSG_KEXINIT sent debug: kex: client->server aes256-cbc hmac-sha1 none debug: kex: server->client aes256-cbc hmac-sha1 none debug: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received debug: SSH2_MSG_KEX_DH_GEX_GROUP sent debug: expecting SSH2_MSG_KEX_DH_GEX_INIT debug: SSH2_MSG_KEX_DH_GEX_REPLY sent debug: kex_derive_keys........................ debug: newkeys[1]=0xfd4868 debug: SSH2_MSG_NEWKEYS sent debug: expecting SSH2_MSG_NEWKEYS debug: newkeys[0]=0xfd4748 debug: SSH2_MSG_NEWKEYS received debug: userauth-request for user terter service ssh-connection method none debug: attempt 0 failures 0 debug: userauth-request for user terter service ssh-connection method keyboard-interactive debug: attempt 1 failures 1 debug: keyboard-interactive devs debug: auth2_challenge: user=terter devsdebug: kbdint_alloc: devices '' debug: userauth-request for user terter service ssh-connection method password debug: attempt 2 failures 2 Accepted password for terter from 172.23.1.174 port 1331 ssh2 Accepted password for terter from 172.23.1.174 port 1331 ssh2 debug: Entering interactive session for SSH2. debug: server_init_dispatch_20 debug: server_input_channel_open: ctype session rchan 256 win 16384 max 16384 debug: input_session_request debug: channel 0: new [server-session] debug: session_new: init debug: session_new: session 0 debug: session_open: channel 0 debug: session_open: session 0: link with channel 0 debug: server_input_channel_open: confirm session debug: server_input_channel_req: channel 0 request pty-req reply 1 debug: session_by_channel: session 0 channel 0 debug: session_input_channel_req: session 0 req pty-req debug: Allocating pty. debug: session_pty_req: session 0 alloc debug: server_input_channel_req: channel 0 request shell reply 1 debug: session_by_channel: session 0 channel 0 debug: session_input_channel_req: session 0 req shell Secure shell client connected Secure shell client disconnected debug: channel 0: free: server-session, nchannels 1 debug: session_close: session 0 pid 0 000110.999|SSHD |3|01|Closing connection to 172.23.1.174 <Connection 2.............> debug: Enabling compatibility mode for protocol 2.0 debug: SSH2_MSG_KEXINIT sent debug: kex: client->server aes256-cbc hmac-sha1 none debug: kex: server->client aes256-cbc hmac-sha1 none debug: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received debug: SSH2_MSG_KEX_DH_GEX_GROUP sent debug: expecting SSH2_MSG_KEX_DH_GEX_INIT debug: SSH2_MSG_KEX_DH_GEX_REPLY sent debug: kex_derive_keys........................ debug: newkeys[1]=0x1024898 debug: SSH2_MSG_NEWKEYS sent debug: expecting SSH2_MSG_NEWKEYS debug: newkeys[0]=0x1024778 debug: SSH2_MSG_NEWKEYS received <following debug messages were added by me> macbuf------------------------------20 5d38305c8b399a79c644d9e021be0d2247d1124 input------------------------------- 3b50 7e58 d759 5dfc dbe5 6c3f 46df 7297 a0cf d748 Disconnecting: Corrupted MAC on input. Disconnecting: Corrupted MAC on input. I checked key exchanges in both connections and they all looked ok. Any ideas why MAC check would fail on second connection attempt? Best Regards, Jim
Hi Group, I am porting openSSH to an embedded platform running pSOS. I am able to setup a connection with the server but after I disconnect and reconnect, I always get the following error message and client won't establish connection with the server. <First connection..............................> debug: Enabling compatibility mode for protocol 2.0 debug: SSH2_MSG_KEXINIT sent debug: kex: client->server aes256-cbc hmac-sha1 none debug: kex: server->client aes256-cbc hmac-sha1 none debug: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received debug: SSH2_MSG_KEX_DH_GEX_GROUP sent debug: expecting SSH2_MSG_KEX_DH_GEX_INIT debug: SSH2_MSG_KEX_DH_GEX_REPLY sent debug: kex_derive_keys........................ debug: newkeys[1]=0xfd4868 debug: SSH2_MSG_NEWKEYS sent debug: expecting SSH2_MSG_NEWKEYS debug: newkeys[0]=0xfd4748 debug: SSH2_MSG_NEWKEYS received debug: userauth-request for user terter service ssh-connection method none debug: attempt 0 failures 0 debug: userauth-request for user terter service ssh-connection method keyboard-interactive debug: attempt 1 failures 1 debug: keyboard-interactive devs debug: auth2_challenge: user=terter devsdebug: kbdint_alloc: devices '' debug: userauth-request for user terter service ssh-connection method password debug: attempt 2 failures 2 Accepted password for terter from 172.23.1.174 port 1331 ssh2 Accepted password for terter from 172.23.1.174 port 1331 ssh2 debug: Entering interactive session for SSH2. debug: server_init_dispatch_20 debug: server_input_channel_open: ctype session rchan 256 win 16384 max 16384 debug: input_session_request debug: channel 0: new [server-session] debug: session_new: init debug: session_new: session 0 debug: session_open: channel 0 debug: session_open: session 0: link with channel 0 debug: server_input_channel_open: confirm session debug: server_input_channel_req: channel 0 request pty-req reply 1 debug: session_by_channel: session 0 channel 0 debug: session_input_channel_req: session 0 req pty-req debug: Allocating pty. debug: session_pty_req: session 0 alloc debug: server_input_channel_req: channel 0 request shell reply 1 debug: session_by_channel: session 0 channel 0 debug: session_input_channel_req: session 0 req shell Secure shell client connected Secure shell client disconnected debug: channel 0: free: server-session, nchannels 1 debug: session_close: session 0 pid 0 000110.999|SSHD |3|01|Closing connection to 172.23.1.174 <Connection 2.............> debug: Enabling compatibility mode for protocol 2.0 debug: SSH2_MSG_KEXINIT sent debug: kex: client->server aes256-cbc hmac-sha1 none debug: kex: server->client aes256-cbc hmac-sha1 none debug: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received debug: SSH2_MSG_KEX_DH_GEX_GROUP sent debug: expecting SSH2_MSG_KEX_DH_GEX_INIT debug: SSH2_MSG_KEX_DH_GEX_REPLY sent debug: kex_derive_keys........................ debug: newkeys[1]=0x1024898 debug: SSH2_MSG_NEWKEYS sent debug: expecting SSH2_MSG_NEWKEYS debug: newkeys[0]=0x1024778 debug: SSH2_MSG_NEWKEYS received <following debug messages were added by me> macbuf------------------------------20 5d38305c8b399a79c644d9e021be0d2247d1124 input------------------------------- 3b50 7e58 d759 5dfc dbe5 6c3f 46df 7297 a0cf d748 Disconnecting: Corrupted MAC on input. Disconnecting: Corrupted MAC on input. I checked key exchanges in both connections and they all looked ok. Any ideas why MAC check would fail on second connection attempt? Best Regards, Jim _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev at mindrot.org http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Jim Fan wrote:> Hi Group, > I am porting openSSH to an embedded platform running pSOS. I am able > to setup a connection with the server but after I disconnect and > reconnect, I always get the following error message and client won't > establish connection with the server.[...]> Disconnecting: Corrupted MAC on input. > Disconnecting: Corrupted MAC on input.What's on the network between client and server? Some network devices (eg certain firmware revs of Linksys routers) have been reported to cause this. The possible causes we know about are documented here: http://bugzilla.mindrot.org/show_bug.cgi?id=510 http://bugzilla.mindrot.org/show_bug.cgi?id=845 Failing that, I would try compiling everything (zlib, openssl and openssh) without any optimization and seeing if that makes a difference.> I checked key exchanges in both connections and they all looked ok. > Any ideas why MAC check would fail on second connection attempt?Maybe the different DH parameters negotiated in the DH GEX has some effect? Try removing the moduli file on the server and it will fall back to group1 or group14. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev at mindrot.org http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev