On Wed, 3 May 2017, Jakub Jelen wrote: > On 05/02/2017 07:21 PM, Cristian Ionescu-Idbohrn wrote: > > On Tue, 2 May 2017, Colin Watson wrote: > > > On Tue, May 02, 2017 at 06:17:47PM +0200, Cristian Ionescu-Idbohrn wrote: > > > > $ ssh -vvv -oMacs=umac-64@xxxxxxxxxxx localhost : 2>&1 | egrep -i > > > > 'macs|umac' > > > > debug2: MACs ctos: umac-64@xxxxxxxxxxx > > > > debug2: MACs stoc: umac-64@xxxxxxxxxxx > > > > debug2: MACs ctos: > > > > umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > > > > debug2: MACs stoc: > > > > umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > > > > > > > > No error/warning/anything. > > > > > > > > I should also mention that this is the Debian packaged openssh 7.5p1. > > > > It applies some 31 patches to the source. I can't tell if they > > > > interfere with the proper behaviour, it doesn't seem so, but I can't > > > > exclude the risc. Colin might. > > > > > > A clean build from upstream git master produces identical output from > > > the above test command. > > > > Thanks. This points then to an upstream bug. > > My guess is that you are using chacha20-poly1305@xxxxxxxxxxx cipher > (not visible from this output), which does not need MAC (the message > authentication is already part of the cipher definition -- > poly1305). Therefore it does not need to agree on common MAC and it > just works without that. Very good guess ;) $ ssh -vvv -oMacs=umac-64@xxxxxxxxxxx localhost : 2>&1 | egrep -i kex: debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: chacha20-poly1305@xxxxxxxxxxx MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@xxxxxxxxxxx MAC: <implicit> compression: none Thanks. That made me read PROTOCOL.chacha20poly1305. Another check, forcing ciphers to something else, produces expected result: $ ssh -oMacs=umac-64@xxxxxxxxxxx -ociphers=aes128-ctr localhost : Unable to negotiate with 127.0.0.1 port 22: no matching MAC found. Their offer: umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 Not a bug there, just user confusion. Cheers, -- Cristian _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev