Discussion:
[Twisted-Python] hmac-sha2-512 - Corrupted MAC on input with OpenSSH
Glyph Lefkowitz
2016-12-22 08:51:08 UTC
Permalink
Sorry to have misdiagnosed your problem. I am glad that Adi Roiban could help! Thank you very much for upgrading to the latest version - it helps us a lot for users to try recent versions of the software. (And when a fix is available, of course, you will have to upgrade to get it, so upgrading regularly makes that easier :)) Hopefully we will be fixing a few bugs in Conch soon to try to address these sorts of protocol bugs.

-glyph
thank you for your replyI have updated to the latest version of Twisted 16.6.0, but the problem remains. More detailed debugging information with -vvv in http://stackoverflow.com/questions/41254398/twisted-hmac-sha2-512-corrupted-mac-on-input-with-openssh <http://stackoverflow.com/questions/41254398/twisted-hmac-sha2-512-corrupted-mac-on-input-with-openssh> . I really do not know how to do it now.
Best regards,
---jianchen
Hi Jianchen,
As I said on stack overflow, you will need to upgrade to a more recent version of Twisted to get a version with that bug fixed. If it's still a problem in a current version, you'll need to provide more details, ideally a short SSCCE http://sscce.org <http://sscce.org/> explaining how to get a broken SSH server with conch.
Thanks for using Twisted & Conch - I hope a simple upgrade will fix it for you!
-glyph
I write a SSH server with Twisted(15.5.0) Conch. But it don't support hmac-sha2-512 MAC algorithms
. However I see this problem has been fixed in https://twistedmatrix.com/trac/ticket/8108 <https://twistedmatrix.com/trac/ticket/8108> . I asked the question in http://stackoverflow.com/questions/41254398/twisted-hmac-sha2-512-corrupted-mac-on-input-with-openssh <http://stackoverflow.com/questions/41254398/twisted-hmac-sha2-512-corrupted-mac-on-input-with-openssh> .
Best regards,
---jianchen
_______________________________________________
Twisted-Python mailing list
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
_______________________________________________
Twisted-Python mailing list
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Adi Roiban
2016-12-22 07:21:55 UTC
Permalink
I write a SSH server with Twisted(15.5.0) Conch. But it don't
support hmac-sha2-512 MAC algorithms
. However I see this problem has been fixed in
https://twistedmatrix.com/trac/ticket/8108 . I asked the question in
http://stackoverflow.com/questions/41254398/twisted-hmac-sha2-512-corrupted-mac-on-input-with-openssh
.
Hi,

#8108 did not fix hmac-sha2-512, but was an attempt to add support for it.
Since there were no automated tests, hmac-sha2-512 was never functional.

There is a defect ticket which is not yet closed
https://twistedmatrix.com/trac/ticket/8258

I hope that the ticket description can be used to reproduce this error.

This might not be a hmac-sha2-512 specific issue, but a generic issue
related to padding... is just that sha2-512 triggered it.

--
Adi Roiban
Craig Rodrigues
2016-12-28 17:40:07 UTC
Permalink
Jianchen,

Can you provide more details about the server you are writing?

I cannot reproduce your problem with the latest Twisted code in trunk.

Here is what I did:


git clone https://github.com/twisted/twisted twisted-test
cd twisted-test
python setup.py develop
cd docs/conch/examples
mkdir ssh-examples
ckeygen -t rsa -f ssh-keys/ssh_host_rsa_key
twistd -ny demo_recvline.tac


I logged in with:


ssh ***@127.0.0.1 -m hmac-sha2-512 -vvv -p 6022

(using *username* for the login, and *password* for the password)

From the log, I saw:

debug1: Authenticating to 127.0.0.1:6022 as 'username'
debug3: put_host_port: [127.0.0.1]:6022
debug3: hostkeys_foreach: reading file "/Users/crodrigues/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file
/Users/crodrigues/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys from [127.0.0.1]:6022
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-***@openssh.com
,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-***@libssh.org
,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-***@openssh.com,rsa-sha2-512
,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-***@openssh.com,
ecdsa-sha2-nistp384-cert-***@openssh.com,
ecdsa-sha2-nistp521-cert-***@openssh.com,ssh-ed25519-cert-***@openssh.com
,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-***@openssh.com
,aes128-ctr,aes192-ctr,aes256-ctr,aes128-***@openssh.com,
aes256-***@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20-***@openssh.com
,aes128-ctr,aes192-ctr,aes256-ctr,aes128-***@openssh.com,
aes256-***@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: hmac-sha2-512
debug2: MACs stoc: hmac-sha2-512
debug2: compression ctos: none,***@openssh.com,zlib
debug2: compression stoc: none,***@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms:
ecdh-sha2-nistp256,ecdh-sha2-nistk163,ecdh-sha2-nistp224,ecdh-sha2-nistk233,ecdh-sha2-nistb233,ecdh-sha2-nistp384,ecdh-sha2-nistk283,ecdh-sha2-nistk409,ecdh-sha2-nistb409,ecdh-sha2-nistp521,ecdh-sha2-nistt571,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos:
aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,cast128-ctr,cast128-cbc,blowfish-cbc,
3des-cbc
debug2: ciphers stoc:
aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,cast128-ctr,cast128-cbc,blowfish-cbc,
3des-cbc

debug2: MACs ctos: hmac-sha2-512,hmac-sha2-384,hmac-sha2-256
,hmac-sha1,hmac-md5

debug2: compression ctos: none,zlib
debug2: compression stoc: none,zlib
debug2: languages ctos:
debug2: languages stoc:debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-512
compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-512
compression: none
debug3: send packet: type 30
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa
SHA256:VP7JUyzN/BuRNuCOieijGHuF9fAylDBCYYJAtJ+gDO8
debug3: put_host_port: [127.0.0.1]:6022
debug3: put_host_port: [127.0.0.1]:6022
debug3: hostkeys_foreach: reading file "/Users/crodrigues/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file
/Users/crodrigues/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys from [127.0.0.1]:6022
debug1: Host '[127.0.0.1]:6022' is known and matches the RSA host key.
debug1: Found key in /Users/crodrigues/.ssh/known_hosts:5
debug3: send packet: type 21
debug2: set_newkeys: mode 1



I did not see the problem that you saw.

--
Craig
I write a SSH server with Twisted(15.5.0) Conch. But it don't
support hmac-sha2-512 MAC algorithms
. However I see this problem has been fixed in https://twistedmatrix.com/
trac/ticket/8108 . I asked the question in http://stackoverflow.com/
questions/41254398/twisted-hmac-sha2-512-corrupted-mac-
on-input-with-openssh .
Best regards,
---jianchen
_______________________________________________
Twisted-Python mailing list
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
陈健
2016-12-29 02:39:18 UTC
Permalink
hi:
Oh, I'm sorry, It is my server-side code has bugs with Twisted(16.6.0) Conch, that i have fixed it . But 'Message Authentication Code did not verify (packet #3)' error will occurs with the SecureCRT(8.0.0 or 7.3.4) client. If I connect OpenSSH_5.3p1 (or OpenSSH_6.6.1p1 ) sshd server through the SecureCRT client, it is fine. Of course£¬ if I connect Twisted SSH server by using the Xshell client with hmac-sha2-512 options or ¡°ssh -m hmac-sha2-512¡±£¬it is OK. I do not know if it is SecureCRT client bug or twisted problem. http://stackoverflow.com/questions/41296412/securecrt-hmac-sha2-512-message-authentication-code-did-not-verify-packet-3






At 2016-12-29 01:40:07, "Craig Rodrigues" <***@crodrigues.org> wrote:

Jianchen,


Can you provide more details about the server you are writing?


I cannot reproduce your problem with the latest Twisted code in trunk.


Here is what I did:




git clone https://github.com/twisted/twisted twisted-test
cd twisted-test
python setup.py develop
cd docs/conch/examples
mkdir ssh-examples
ckeygen -t rsa -f ssh-keys/ssh_host_rsa_key
twistd -ny demo_recvline.tac




I logged in with:






***@127.0.0.1 -m hmac-sha2-512 -vvv -p 6022



(using username for the login, and password for the password)

From the log, I saw:




debug1: Authenticating to 127.0.0.1:6022 as 'username'
debug3: put_host_port: [127.0.0.1]:6022
debug3: hostkeys_foreach: reading file "/Users/crodrigues/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /Users/crodrigues/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1keys from [127.0.0.1]:6022
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-***@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-***@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-***@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-***@openssh.com,ecdsa-sha2-nistp384-cert-***@openssh.com,ecdsa-sha2-nistp521-cert-***@openssh.com,ssh-ed25519-cert-***@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-***@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-***@openssh.com,aes256-***@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20-***@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-***@openssh.com,aes256-***@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: hmac-sha2-512
debug2: MACs stoc: hmac-sha2-512
debug2: compression ctos: none,***@openssh.com,zlib
debug2: compression stoc: none,***@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistk163,ecdh-sha2-nistp224,ecdh-sha2-nistk233,ecdh-sha2-nistb233,ecdh-sha2-nistp384,ecdh-sha2-nistk283,ecdh-sha2-nistk409,ecdh-sha2-nistb409,ecdh-sha2-nistp521,ecdh-sha2-nistt571,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,cast128-ctr,cast128-cbc,blowfish-cbc,3des-cbc
debug2: ciphers stoc: aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,cast128-ctr,cast128-cbc,blowfish-cbc,3des-cbc

debug2: MACs ctos: hmac-sha2-512,hmac-sha2-384,hmac-sha2-256,hmac-sha1,hmac-md5

debug2: compression ctos: none,zlib

debug2: compression stoc: none,zlib
debug2: languages ctos:
debug2: languages stoc:debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-512 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-512 compression: none
debug3: send packet: type 30
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:VP7JUyzN/BuRNuCOieijGHuF9fAylDBCYYJAtJ+gDO8
debug3: put_host_port: [127.0.0.1]:6022
debug3: put_host_port: [127.0.0.1]:6022
debug3: hostkeys_foreach: reading file "/Users/crodrigues/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /Users/crodrigues/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1keys from [127.0.0.1]:6022
debug1: Host '[127.0.0.1]:6022' is known and matches the RSA host key.
debug1: Found key in /Users/crodrigues/.ssh/known_hosts:5
debug3: send packet: type 21
debug2: set_newkeys: mode 1




I did not see the problem that you saw.

--
Craig




On Tue, Dec 20, 2016 at 10:15 PM, ³Âœ¡ <***@126.com> wrote:

hi:
|
|

I write a SSH server with Twisted(15.5.0) Conch. But it don't support hmac-sha2-512 MAC algorithms

|
. However I see this problem has been fixed in https://twistedmatrix.com/trac/ticket/8108 . I asked the question in http://stackoverflow.com/questions/41254398/twisted-hmac-sha2-512-corrupted-mac-on-input-with-openssh .

Best regards,

---jianchen
Craig Rodrigues
2016-12-29 04:35:57 UTC
Permalink
Hi,

Is this what you are saying:

Twisted Server + OpenSSH client == WORKS
Twisted Server + Xshell client == WORKS
OpenSSH Server + SecureCRT client == WORKS
Twisted Server + SecureCRT client == FAIL

??

I don't have SecureCRT client, so don't know the solution to this problem.

You might want to try searching the SecureCRT site and see if there are any
clues
there:

https://goo.gl/UkKZvI

--
Craig
Post by 陈健
Oh, I'm sorry, It is my server-side code has bugs with
Twisted(16.6.0) Conch, that i have fixed it . But 'Message Authentication
Code did not verify (packet #3)' error will occurs with the SecureCRT(8.0.0
or 7.3.4) client. If I connect OpenSSH_5.3p1 (or OpenSSH_6.6.1p1 ) sshd
server through the SecureCRT client, it is fine. Of course if I connect
Twisted SSH server by using the Xshell client with hmac-sha2-512 options
or “ssh -m hmac-sha2-512”it is OK. I do not know if it is SecureCRT
client bug or twisted problem. *http://stackoverflow.com/questions/41296412/securecrt-hmac-sha2-512-message-authentication-code-did-not-verify-packet-3
<http://stackoverflow.com/questions/41296412/securecrt-hmac-sha2-512-message-authentication-code-did-not-verify-packet-3>*
陈健
2016-12-29 09:47:22 UTC
Permalink
hi,
Yes, you are right. ssh -vv -oKexAlgorithms=diffie-hellman-group14-sha1 -oMACs=hmac-sha2-512 ***@localhost
against a Twisted ssh server, and i saw the problem. The reason is that twisted(16.6.0) is not supported the diffie-hellman-group14-sha1 and ecdh-sha512-nistp512 key exchange algorithms well, right ?


--

JianChen



At 2016-12-29 16:06:55, "Craig Rodrigues" <***@crodrigues.org> wrote:

Abhishek Choudhary pointed out to me that you can reproduce this problem easily, even with OpenSSH client.
Look at https://twistedmatrix.com/trac/ticket/8258


and do:



ssh -vv -oKexAlgorithms=diffie-hellman-group14-sha1 -oMACs=hmac-sha2-512 ***@localhost

against a Twisted ssh server, and you will see the problem.




--

Craig






On Thu, Dec 29, 2016 at 1:17 AM, ³Âœ¡ <***@126.com> wrote:



hi,
Yes, your understanding is correct. I must set the hmac-sha2-512 option unable with SecureCRT, it will be OK. I searched Google for a long time, still did not find the any clues!

Twisted Server + OpenSSH client == WORKS
Twisted Server + Xshell client == WORKS
OpenSSH Server + SecureCRT client == WORKS
Twisted Server + SecureCRT client == FAIL


--
JianChen



ÔÚ 2016-12-29 12:35:57£¬"Craig Rodrigues" <***@crodrigues.org> ÐŽµÀ£º

Hi,


Is this what you are saying:


Twisted Server + OpenSSH client == WORKS
Twisted Server + Xshell client == WORKS
OpenSSH Server + SecureCRT client == WORKS
Twisted Server + SecureCRT client == FAIL


??


I don't have SecureCRT client, so don't know the solution to this problem.


You might want to try searching the SecureCRT site and see if there are any clues
there:


https://goo.gl/UkKZvI



--
Craig


On Wed, Dec 28, 2016 at 9:39 PM, ³Âœ¡ <***@126.com> wrote:




hi:
Oh, I'm sorry, It is my server-side code has bugs with Twisted(16.6.0) Conch, that i have fixed it . But 'Message Authentication Code did not verify (packet #3)' error will occurs with the SecureCRT(8.0.0 or 7.3.4) client. If I connect OpenSSH_5.3p1 (or OpenSSH_6.6.1p1 ) sshd server through the SecureCRT client, it is fine. Of course£¬ if I connect Twisted SSH server by using the Xshell client with hmac-sha2-512 options or ¡°ssh -m hmac-sha2-512¡±£¬it is OK. I do not know if it is SecureCRT client bug or twisted problem. http://stackoverflow.com/questions/41296412/securecrt-hmac-sha2-512-message-authentication-code-did-not-verify-packet-3
Craig Rodrigues
2016-12-29 10:30:19 UTC
Permalink
Hi,

Well in Twisted checked out directly from GitHub, this seems to work:

ssh -vv -oKexAlgorithms=ecdh-sha2-nistp256 -oMACs=hmac-sha2-512
***@localhost

and these fail:

ssh -vv -oKexAlgorithms=diffie-hellman-group1-sha1 -oMACs=hmac-sha2-512
***@localhost
ssh -vv -oKexAlgorithms=diffie-hellman-group14-sha1 -oMACs=hmac-sha2-512
***@localhost
ssh -vv -oKexAlgorithms=ecdh-sha2-nistp384 -oMACs=hmac-sha2-512
***@localhost
ssh -vv -oKexAlgorithms=ecdh-sha2-nistp521 -oMACs=hmac-sha2-512
***@localhost

--
Craig
Post by 陈健
hi,
Yes, you are right. ssh -vv -oKexAlgorithms=diffie-hellman-group14-sha1
against a Twisted ssh server, and i saw the problem. The reason is that
twisted(16.6.0) is not supported the diffie-hellman-group14-sha1 and ecdh-sha512-nistp512
key exchange algorithms well, right ?
--
JianChen
Abhishek Choudhary pointed out to me that you can reproduce this problem
easily, even with OpenSSH client.
Look at https://twistedmatrix.com/trac/ticket/8258
against a Twisted ssh server, and you will see the problem.
--
Craig
Post by 陈健
hi,
Yes, your understanding is correct. I must set the hmac-sha2-512
option unable with SecureCRT, it will be OK. I searched Google for a long
time, still did not find the any clues!
Twisted Server + OpenSSH client == WORKS
Twisted Server + Xshell client == WORKS
OpenSSH Server + SecureCRT client == WORKS
Twisted Server + SecureCRT client == FAIL
--
JianChen
Hi,
Twisted Server + OpenSSH client == WORKS
Twisted Server + Xshell client == WORKS
OpenSSH Server + SecureCRT client == WORKS
Twisted Server + SecureCRT client == FAIL
??
I don't have SecureCRT client, so don't know the solution to this problem.
You might want to try searching the SecureCRT site and see if there are any clues
https://goo.gl/UkKZvI
--
Craig
Post by 陈健
Oh, I'm sorry, It is my server-side code has bugs with
Twisted(16.6.0) Conch, that i have fixed it . But 'Message
Authentication Code did not verify (packet #3)' error will occurs with
the SecureCRT(8.0.0 or 7.3.4) client. If I connect OpenSSH_5.3p1 (or
OpenSSH_6.6.1p1 ) sshd server through the SecureCRT client, it is fine.
Of course if I connect Twisted SSH server by using the Xshell client with
hmac-sha2-512 options or “ssh -m hmac-sha2-512”it is OK. I do not
know if it is SecureCRT client bug or twisted problem. *http://stackoverflow.com/questions/41296412/securecrt-hmac-sha2-512-message-authentication-code-did-not-verify-packet-3
<http://stackoverflow.com/questions/41296412/securecrt-hmac-sha2-512-message-authentication-code-did-not-verify-packet-3>*
Loading...