tech-security: Re: SSH question: What does "Corrupted HMAC on input" mean?

Subject: Re: SSH question: What does "Corrupted HMAC on input" mean?
To: None <itojun@iijlab.net>
From: Brian Chase <bdc@world.std.com>
List: tech-security
Date: 01/28/2001 11:23:42
On Mon, 29 Jan 2001 itojun@iijlab.net wrote:

> >When I try to connect from a new NetBSD/i386 box to some of our servers
> >which run sshd, I get the following error message.  The SSH installation
> >on the server was installed from binary package for Solaris x86 8.0
> >available on the net (not my idea).
> >
> >  client% ssh server
> >  Disconnecting: Corrupted HMAC on input.
> >  %
> >
> >Is this a just a bug, or is this something I should be concerned about?
>
> 	are you able to connect time to time, or do you always get disconnected?
> 	have you tried "ssh -v server" for more messages?

The problem is consistent. I always get disconnected.  Here's the debug
output from the attempted session:

client% ssh -v server
SSH Version OpenSSH_2.2.0 NetBSD_Secure_Shell-20001003, protocol versions 1.5/2.0.
Compiled with OpenSSL (0x0090581f).
debug: Reading configuration data /etc/ssh.conf
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to server.domain.com [10.1.0.194] port 22.
debug: Allocated local port 999.
debug: Connection established.
debug: Remote protocol version 2.0, remote software version 2.4.0 SSH Secure Shell (non-commercial)
datafellows: 2.4.0 SSH Secure Shell (non-commercial)
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.2.0 NetBSD_Secure_Shell-20001003
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit: diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit: 3des-cbc,blowfish-cbc,twofish-cbc,arcfour,cast128-cbc,3des-ecb,3des-cfb,3des-ofb,cast128-ecb,cast128-cfb,cast128-ofb,cast128-12-ecb,cast128-12-cbc,cast128-12-cfb,cast128-12-ofb,blowfish-ecb,blowfish-cfb,blowfish-ofb,des-ecb,des-cbc,des-cfb,des-ofb,twofish-ecb,twofish-cfb,twofish-ofb
debug: got kexinit: 3des-cbc,blowfish-cbc,twofish-cbc,arcfour,cast128-cbc,3des-ecb,3des-cfb,3des-ofb,cast128-ecb,cast128-cfb,cast128-ofb,cast128-12-ecb,cast128-12-cbc,cast128-12-cfb,cast128-12-ofb,blowfish-ecb,blowfish-cfb,blowfish-ofb,des-ecb,des-cbc,des-cfb,des-ofb,twofish-ecb,twofish-cfb,twofish-ofb
debug: got kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160-96,sha1-8,sha1,md5-8,md5,ripemd160-8,ripemd160
debug: got kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160-96,sha1-8,sha1,md5-8,md5,ripemd160-8,ripemd160
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit:
debug: got kexinit:
debug: first kex follow: 0
debug: reserved: 0
debug: done
debug: kex: server->client 3des-cbc hmac-sha1 none
debug: kex: client->server 3des-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEXDH_INIT.
debug: bits set: 504/1024
debug: Wait SSH2_MSG_KEXDH_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: Host 'server.domain.com' is known and matches the DSA host key.
debug: bits set: 521/1024
debug: len 55 datafellows 20
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
Disconnecting: Corrupted HMAC on input.
debug: Calling cleanup 0x8056c84(0x0)
%

-brian.
--- Brian Chase | bdc@world.std.com | http://world.std.com/~bdc/ -----
                   Do not fold, mutilate, or spindle.