On Tue, May 02, 2017 at 06:17:47PM +0200, Cristian Ionescu-Idbohrn wrote:> $ ssh -vvv -oMacs=umac-64 at openssh.com localhost : 2>&1 | egrep -i 'macs|umac' > debug2: MACs ctos: umac-64 at openssh.com > debug2: MACs stoc: umac-64 at openssh.com > debug2: MACs ctos: umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: MACs stoc: umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > > No error/warning/anything. > > I should also mention that this is the Debian packaged openssh 7.5p1. > It applies some 31 patches to the source. I can't tell if they > interfere with the proper behaviour, it doesn't seem so, but I can't > exclude the risc. Colin might.A clean build from upstream git master produces identical output from the above test command. -- Colin Watson [cjwatson at debian.org]
On Tue, 2 May 2017, Colin Watson wrote:> On Tue, May 02, 2017 at 06:17:47PM +0200, Cristian Ionescu-Idbohrn wrote: > > $ ssh -vvv -oMacs=umac-64 at openssh.com localhost : 2>&1 | egrep -i 'macs|umac' > > debug2: MACs ctos: umac-64 at openssh.com > > debug2: MACs stoc: umac-64 at openssh.com > > debug2: MACs ctos: umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > > debug2: MACs stoc: umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > > > > No error/warning/anything. > > > > I should also mention that this is the Debian packaged openssh 7.5p1. > > It applies some 31 patches to the source. I can't tell if they > > interfere with the proper behaviour, it doesn't seem so, but I can't > > exclude the risc. Colin might. > > A clean build from upstream git master produces identical output from > the above test command.Thanks. This points then to an upstream bug. Cheers, -- Cristian
On 05/02/2017 07:21 PM, Cristian Ionescu-Idbohrn wrote:> On Tue, 2 May 2017, Colin Watson wrote: >> On Tue, May 02, 2017 at 06:17:47PM +0200, Cristian Ionescu-Idbohrn wrote: >>> $ ssh -vvv -oMacs=umac-64 at openssh.com localhost : 2>&1 | egrep -i 'macs|umac' >>> debug2: MACs ctos: umac-64 at openssh.com >>> debug2: MACs stoc: umac-64 at openssh.com >>> debug2: MACs ctos: umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 >>> debug2: MACs stoc: umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 >>> >>> No error/warning/anything. >>> >>> I should also mention that this is the Debian packaged openssh 7.5p1. >>> It applies some 31 patches to the source. I can't tell if they >>> interfere with the proper behaviour, it doesn't seem so, but I can't >>> exclude the risc. Colin might. >> >> A clean build from upstream git master produces identical output from >> the above test command. > > Thanks. This points then to an upstream bug.My guess is that you are using chacha20-poly1305 at openssh.com cipher (not visible from this output), which does not need MAC (the message authentication is already part of the cipher definition -- poly1305). Therefore it does not need to agree on common MAC and it just works without that. Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat