mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Goldstein Lyor (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (SSHD-771) SFTP server closes the connection when hmac-sha2-512 is used
Date Tue, 12 Sep 2017 08:03:00 GMT

     [ https://issues.apache.org/jira/browse/SSHD-771?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Goldstein Lyor resolved SSHD-771.
---------------------------------
       Resolution: Cannot Reproduce
    Fix Version/s: 1.7.0

I cannot reproduce it in 1.6.0 - had no problems with {{OpenSSH}} client. I have fixed the
definition of _hmacsha512_ though so please try with the latest code. Try using {{SshServerMain}}
class with the following arguments: {{-p 2222 -o MACs=hmac-sha2-512}} (only in latest version)
and see if you can reproduce the issue.

{quote} I've tested with a couple of different clients{quote}

Can you specify which clients (O/S, version, etc.) ?

> SFTP server closes the connection when hmac-sha2-512 is used
> ------------------------------------------------------------
>
>                 Key: SSHD-771
>                 URL: https://issues.apache.org/jira/browse/SSHD-771
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 1.6.0
>            Reporter: Andreas Bergander
>            Assignee: Goldstein Lyor
>             Fix For: 1.7.0
>
>         Attachments: SshdTest.java
>
>
> It seems like the SFTP server in sshd does not handle HMAC SHA-2-512 very well. If I
set up a server which only accepts that HMAC, the server closes the connection as soon as
I connect with a client.
> The server throws an exception in AbstractSession (row 1380) before closing the connection:
> {code}
> // Check the computed result with the received mac (just after the packet data)
> if (!BufferUtils.equals(inMacResult, 0, data, decoderLength + 4, macSize)) {
>   throw new SshException(SshConstants.SSH2_DISCONNECT_MAC_ERROR, "MAC Error");
> }
> {code}
> If I switch the HMAC to SHA-2-256 everything works ok.
> I've attached a sample program which sets up a server. I've tested with a couple of different
clients and all of them exposes the error in the server.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message