ssh2 problem

[Haag, Ullrich - MBDC]

Hello there,

I am trying to connect to a rh6.2 box (over which I have no control) via
ssh2. That box does *not* support ssh1. Here's what happens:

---
$ ssh -2 user@host-ip
Disconnecting: Corrupted HMAC on input.
$
---

Is that a problem on my end (obsd 2.7-stable) or theirs? And how do I
correct this?

Thanks,
Jason

--- (debug output below)
$ ssh -2 -v user@host-ip
SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh_config
debug: ssh_connect: getuid 1000 geteuid 0 anon 0
debug: Connecting to host-ip [host-ip] port 22.
debug: Allocated local port 613.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version 2.3.0 SSH
Secure Shell (non-commercial)
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.1.1
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit: diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit:
3des-cbc,blowfish-cbc,twofish-cbc,arcfour,3des-ecb,3des-cfb,3des-ofb,blowfis
h-ecb,blowfish-cfb,blowfish-ofb,des-ecb,des-cbc,des-cfb,des-ofb,
twofish-ecb,twofish-cfb,twofish-ofb
debug: got kexinit:
3des-cbc,blowfish-cbc,twofish-cbc,arcfour,3des-ecb,3des-cfb,3des-ofb,blowfis
h-ecb,blowfish-cfb,blowfish-ofb,des-ecb,des-cbc,des-cfb,des-ofb,twofish-ecb,
twofish-cfb,twofish-ofb
debug: got kexinit:
hmac-sha1,hmac-md5,hmac-md5-96,hmac-sha1-96,hmac-ripemd160,hmac-ripemd160-96
,sha1-8,sha1,md5-8,md5,ripemd160-8,ripemd160
debug: got kexinit:
hmac-sha1,hmac-md5,hmac-md5-96,hmac-sha1-96,hmac-ripemd160,hmac-ripemd160-96
,sha1-8,sha1,md5-8,md5,ripemd160-8,ripemd160
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit:
debug: got kexinit:
debug: first kex follow: 0
debug: reserved: 0
debug: done
debug: kex: server->client 3des-cbc hmac-sha1 none
debug: kex: client->server 3des-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEXDH_INIT.
debug: bits set: 506/1024
debug: Wait SSH2_MSG_KEXDH_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: keytype ssh-dss
debug: keytype ssh-dss
debug: Host 'host-ip' is known and matches the DSA host key.
debug: bits set: 472/1024
debug: len 55 datafellows 0
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
Disconnecting: Corrupted HMAC on input.
debug: Calling cleanup 0x14708(0x0)
---

[David Terrell]

On Thu, Oct 05, 2000 at 12:28:14PM -0400, Haag, Ullrich - MBDC wrote:
> Hello there,
>
> I am trying to connect to a rh6.2 box (over which I have no control) via
> ssh2. That box does *not* support ssh1. Here's what happens:
>
> ---
> $ ssh -2 user@host-ip
> Disconnecting: Corrupted HMAC on input.
> $

> [snip]

> debug: Remote protocol version 1.99, remote software version 2.3.0 SSH

> Enabling compatibility mode for protocol 2.0
> debug: Local version string SSH-2.0-OpenSSH_2.1.1

http://www.openssh.net/faq.html, question 3.

If you want, you can grab the latest ssh code from cvs
(CVS_RSH=ssh cvs -qd ano...@anoncvs.openbsd.org:/cvs co src/usr.bin/ssh &&
cd src/usr.bin/ssh && make obj all && sudo make install )
or wait for the next revision of OpenSSH.

--
David Terrell | "Any sufficiently advanced technology
Prime Minister, Nebcorp | is indistinguishable from a rigged demo."
d...@meat.net | - Brian Swetland
http://wwn.nebcorp.com/