search

colin-lee / ganymed-ssh-2

Automatically exported from code.google.com/p/ganymed-ssh-2
Other
0 stars 0 forks source link

Connection with hmac-sha2-512 failed #54

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
Connection to a OpenSSH server and a sshd Apache Mina with hmac-sha2-512 failed 
with message "Remote sent corrupt MAC"

What steps will reproduce the problem?
1.See java example below

Using an OpenSSH client works without errors

SSH Server version:SSHD 0.13.0 (Apache) / Openssh 6.7
Ganymed release: build261, 2013-08-09
Client platform: Windows 7 & Windows 8 (Java 7u71, 8u25)

PLEASE post a self-contained short java example.
public static void main(String[] args)
    {       
        try
        {
            Connection conn = new Connection("hostname","port");
            conn.setClient2ServerMACs(new String[]{"hmac-sha2-512"});
            conn.connect();
            boolean isAuthenticated = conn.authenticateWithPassword("username", "password");
            if (isAuthenticated == false)
                throw new IOException("Authentication failed.");
            Session sess = conn.openSession();
            sess.execCommand("whoami");
            System.out.println("ExitCode: " + sess.getExitStatus());

            sess.close();
            conn.close();
        }
        catch (IOException e)
        {
            e.printStackTrace(System.err);
            System.exit(2);
        }
    }

Server Messages:

C:\temp\apache-sshd-0.13.0\bin>sshd.bat -p 8888
Starting SSHD on port 8888
Jan 20, 2015 2:07:48 PM 
org.apache.sshd.common.util.SecurityUtils$BouncyCastleRegistration run
INFO: Trying to register BouncyCastle as a JCE provider
Jan 20, 2015 2:07:49 PM 
org.apache.sshd.common.util.SecurityUtils$BouncyCastleRegistration run
INFO: Registration succeeded
Jan 20, 2015 2:09:17 PM org.apache.sshd.server.session.ServerSession <init>
INFO: Server session created from /127.0.0.1:58456
Jan 20, 2015 2:09:17 PM org.apache.sshd.common.session.AbstractSession negotiate

INFO: Kex: server->client aes128-ctr hmac-sha2-512 none
Jan 20, 2015 2:09:17 PM org.apache.sshd.common.session.AbstractSession negotiate

INFO: Kex: client->server aes128-ctr hmac-sha2-512 none
Jan 20, 2015 2:09:20 PM org.apache.sshd.common.session.AbstractSession 
exception Caught
WARNING: Exception caught
org.apache.sshd.common.SshException: MAC Error
        at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:708)
        at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:283)
        at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
        at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:184)
        at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170)
        at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
        at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
        at sun.nio.ch.Invoker$2.run(Invoker.java:218)
        at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)

Jan 20, 2015 2:09:20 PM org.apache.sshd.common.session.AbstractSession 
disconnect
INFO: Disconnecting: MAC Error

Client Messages:

ch.ethz.ssh2.transport.ClientTransportManager :: About to connect to 127.0.0.1
ch.ethz.ssh2.transport.TransportConnection :: Sent SSH_MSG_KEXINIT 418 bytes 
payload
ch.ethz.ssh2.transport.TransportConnection :: Received SSH_MSG_KEXINIT 510 
bytes payload
ch.ethz.ssh2.transport.KexManager :: kex_algo=diffie-hellman-group-exchange-sha1
ch.ethz.ssh2.transport.KexManager :: server_host_key_algo=ssh-dss
ch.ethz.ssh2.transport.KexManager :: enc_algo_client_to_server=aes128-ctr
ch.ethz.ssh2.transport.KexManager :: enc_algo_server_to_client=aes128-ctr
ch.ethz.ssh2.transport.KexManager :: mac_algo_client_to_server=hmac-sha2-512
ch.ethz.ssh2.transport.KexManager :: mac_algo_server_to_client=hmac-sha2-512
ch.ethz.ssh2.transport.KexManager :: comp_algo_client_to_server=none
ch.ethz.ssh2.transport.KexManager :: comp_algo_server_to_client=none
ch.ethz.ssh2.transport.TransportConnection :: Sent SSH_MSG_KEX_DH_GEX_REQUEST 
13 bytes payload
ch.ethz.ssh2.transport.TransportManager :: Handled packet 20
ch.ethz.ssh2.transport.TransportConnection :: Received 
SSH_MSG_KEXDH_REPLY/SSH_MSG_KEX_DH_GEX_GROUP 139 bytes payload
ch.ethz.ssh2.transport.TransportConnection :: Sent SSH_MSG_KEX_DH_GEX_INIT 133 
bytes payload
ch.ethz.ssh2.transport.TransportManager :: Handled packet 31
ch.ethz.ssh2.transport.TransportConnection :: Received SSH_MSG_KEX_DH_GEX_REPLY 
630 bytes payload
ch.ethz.ssh2.signature.DSASHA1Verify :: decoded ssh-dss signature: first bytes 
r(105), s(2)
ch.ethz.ssh2.transport.KexManager :: Verifying ssh-dss signature
ch.ethz.ssh2.signature.DSASHA1Verify :: ssh-dss signature: m: 
ddcfc12e6ee7a713d011710b825689abf0d4d0aa
ch.ethz.ssh2.signature.DSASHA1Verify :: ssh-dss signature: r: 
69e0fc756563282473dc6dd600a35a99098e1767
ch.ethz.ssh2.signature.DSASHA1Verify :: ssh-dss signature: s: 
2cfefca265769fbb78d0b90123f6c5024c93a0d
ch.ethz.ssh2.signature.DSASHA1Verify :: ssh-dss signature: g: 
5018b4dfed88ccdfb02ffb14122459032ad6d202135fb0b76818ee6e37ce3cad675ae19afbb29247
c747eedd555fb42e790752cb8b6fe6c49cdb0100bd3751bade955ad13d805468ce1e300bb972c94e
abad2ef9e4389135d845601db9c99b01edc1a50dceddadfe926af5ba49e8a8f2eb8f7f2ec1669a7c
e924f730c319615c
ch.ethz.ssh2.signature.DSASHA1Verify :: ssh-dss signature: p: 
f8f07cd70ad54e7ecbfcc98105807a436495cd23b9ee38dca71fcccbf78ba0bd456237b743b0a310
7257d02fcb7ec0a0b2001e672414831bd895bedee232250538e58ac1b8bbc07ecd3ffdd6195c8c8b
6628dca5597bbdb1302184358bd1dab3654d936a90ad70773735109a6f45ab7f57bff6f33ab68d28
58f131151bf63f47
ch.ethz.ssh2.signature.DSASHA1Verify :: ssh-dss signature: q: 
831beac0b55308f76e801e4845e9ec838c613955
ch.ethz.ssh2.signature.DSASHA1Verify :: ssh-dss signature: y: 
69223af8673d05b134b1a0cf55e0e91248f59a6e6237177dad2bef11d87af03dad958fc5e59cb9b9
4e622ff92b329c183f4df0e11fd28c092669f5e1d2b811ca3d8564b7d147edb93d07ef3143b304fa
58c87e69622910e9732e01c933058b1cae5d74aff7cf7b26f743ab62f306c70c30158f77558918d3
7588a56ad1aa8a60
ch.ethz.ssh2.transport.TransportConnection :: Sent SSH_MSG_NEWKEYS 1 bytes 
payload
ch.ethz.ssh2.transport.TransportManager :: Handled packet 33
ch.ethz.ssh2.transport.TransportConnection :: Received SSH_MSG_NEWKEYS 1 bytes 
payload
ch.ethz.ssh2.transport.TransportManager :: Handled packet 21
ch.ethz.ssh2.transport.TransportConnection :: Sent SSH_MSG_SERVICE_REQUEST 17 
bytes payload
ch.ethz.ssh2.transport.TransportManager :: Remote sent corrupt MAC
ch.ethz.ssh2.channel.ChannelManager :: HandleMessage: got shutdown
ch.ethz.ssh2.transport.TransportManager :: Receive thread: back from receiveLoop

Original issue reported on code.google.com by r.boeh...@comforte.com on 20 Jan 2015 at 1:29