1. ホーム
  2. 質問と答え
  3. twisted:hmac-sha2-512 - OpenSSHでの入力時のMACの破損

twisted:hmac-sha2-512 - OpenSSHでの入力時のMACの破損

2016-12-21 18 views
0

Twisted(15.5.0)ConchでSSHサーバを作成します。しかし、RFC 6668では、twisted.conch.sshのhmac-sha2-512 MACアルゴリズムがサポートされていません。 修正方法を知りたい。私はツイストSSHサーバーではtwisted:hmac-sha2-512 - OpenSSHでの入力時のMACの破損

$ ssh -V 
    OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013 

    (assh_env)[[email protected] asshpy]# python 
    Python 2.7.8 (default, Nov 30 2015, 10:44:42) 
    [GCC 4.4.7 20120313 (Red Hat 4.4.7-16)] on linux2 
    Type "help", "copyright", "credits" or "license" for more information. 
    >>> import twisted 
    >>> print twisted.version 
    [Twisted, version 16.6.0] 


    $ ssh 127.0.0.1 -m hmac-sha2-512 -vvv -p 2222 
    OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 
    debug1: Reading configuration data /etc/ssh/ssh_config 
    debug1: /etc/ssh/ssh_config line 41: Applying options for * 
    debug2: ssh_connect: needpriv 0 
    debug1: Connecting to localhost [127.0.0.1] port 2222. 
    debug2: fd 3 setting O_NONBLOCK 
    debug1: fd 3 clearing O_NONBLOCK 
    debug1: Connection established. 
    debug3: timeout: 9988 ms remain after connect 
    debug1: could not open key file '/etc/ssh/ssh_host_key': No such file or directory 
    debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': No such file or directory 
    debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': Permission denied 
    debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied 
    debug1: could not open key file '/etc/ssh/ssh_host_ed25519_key': Permission denied 
    debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': No such file or directory 
    debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': Permission denied 
    debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied 
    debug1: could not open key file '/etc/ssh/ssh_host_ed25519_key': Permission denied 
    debug1: identity file /home/chenjian.chj/.ssh/id_rsa type -1 
    debug1: identity file /home/chenjian.chj/.ssh/id_rsa-cert type -1 
    debug1: identity file /home/chenjian.chj/.ssh/id_dsa type -1 
    debug1: identity file /home/chenjian.chj/.ssh/id_dsa-cert type -1 
    debug1: identity file /home/chenjian.chj/.ssh/id_ecdsa type -1 
    debug1: identity file /home/chenjian.chj/.ssh/id_ecdsa-cert type -1 
    debug1: identity file /home/chenjian.chj/.ssh/id_ed25519 type -1 
    debug1: identity file /home/chenjian.chj/.ssh/id_ed25519-cert type -1 
    debug1: Enabling compatibility mode for protocol 2.0 
    debug1: Local version string SSH-2.0-OpenSSH_6.6.1 
    debug1: Remote protocol version 2.0, remote software version Twisted 
    debug1: no match: Twisted 
    debug2: fd 3 setting O_NONBLOCK 
    debug3: put_host_port: [127.0.0.1]:2222 
    debug3: load_hostkeys: loading entries for host "[127.0.0.1]:2222" from file "/dev/null" 
    debug3: load_hostkeys: loaded 0 keys 
    debug1: SSH2_MSG_KEXINIT sent 
    debug1: SSH2_MSG_KEXINIT received 
    debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
    debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss 
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] 
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] 
    debug2: kex_parse_kexinit: hmac-sha2-512 
    debug2: kex_parse_kexinit: hmac-sha2-512 
    debug2: kex_parse_kexinit: none,[email protected],zlib 
    debug2: kex_parse_kexinit: none,[email protected],zlib 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: first_kex_follows 0 
    debug2: kex_parse_kexinit: reserved 0 
    debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 
    debug2: kex_parse_kexinit: ssh-rsa 
    debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,cast128-cbc,blowfish-cbc,3des-cbc 
    debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,cast128-cbc,blowfish-cbc,3des-cbc 
    debug2: kex_parse_kexinit: hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-md5 
    debug2: kex_parse_kexinit: hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-md5 
    debug2: kex_parse_kexinit: none,zlib 
    debug2: kex_parse_kexinit: none,zlib 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: first_kex_follows 0 
    debug2: kex_parse_kexinit: reserved 0 
    debug2: mac_setup: setup hmac-sha2-512 
    debug1: kex: server->client aes128-ctr hmac-sha2-512 none 
    debug2: mac_setup: setup hmac-sha2-512 
    debug1: kex: client->server aes128-ctr hmac-sha2-512 none 
    debug1: kex: diffie-hellman-group14-sha1 need=64 dh_need=64 
    debug1: kex: diffie-hellman-group14-sha1 need=64 dh_need=64 
    debug2: bits set: 1009/2048 
    debug1: sending SSH2_MSG_KEXDH_INIT 
    debug1: expecting SSH2_MSG_KEXDH_REPLY 
    debug1: Server host key: RSA e4:63:c3:05:6c:37:bc:05:8d:94:8a:72:68:91:9c:24 
    debug3: put_host_port: [127.0.0.1]:2222 
    debug3: put_host_port: [127.0.0.1]:2222 
    debug3: load_hostkeys: loading entries for host "[127.0.0.1]:2222" from file "/dev/null" 
    debug3: load_hostkeys: loaded 0 keys 
    debug3: load_hostkeys: loading entries for host "[127.0.0.1]:2222" from file "/dev/null" 
    debug3: load_hostkeys: loaded 0 keys 
    debug1: checking without port identifier 
    debug3: load_hostkeys: loading entries for host "127.0.0.1" from file "/dev/null" 
    debug3: load_hostkeys: loaded 0 keys 
    Warning: Permanently added '[127.0.0.1]:2222' (RSA) to the list of known hosts. 
    debug2: bits set: 1013/2048 
    debug1: ssh_rsa_verify: signature correct 
    debug2: kex_derive_keys 
    debug2: set_newkeys: mode 1 
    debug1: SSH2_MSG_NEWKEYS sent 
    debug1: expecting SSH2_MSG_NEWKEYS 
    debug2: set_newkeys: mode 0 
    debug1: SSH2_MSG_NEWKEYS received 
    debug1: SSH2_MSG_SERVICE_REQUEST sent 
    Corrupted MAC on input. 
    Disconnecting: Packet corrupt

を持って、ログは次のとおりです。

 2016-12-22 10:10:44+0800 [SSHServerTransport,0,10.101.227.11] kex alg, key alg: 'diffie-hellman-group14-sha1' 'ssh-rsa' 
    2016-12-22 10:10:44+0800 [SSHServerTransport,0,10.101.227.11] outgoing: 'aes128-ctr' 'hmac-sha2-512' 'none' 
    2016-12-22 10:10:44+0800 [SSHServerTransport,0,10.101.227.11] incoming: 'aes128-ctr' 'hmac-sha2-512' 'none' 
    2016-12-22 10:10:44+0800 [SSHServerTransport,0,10.101.227.11] NEW KEYS 
    2016-12-22 10:10:44+0800 [SSHServerTransport,0,10.101.227.11] Disconnecting with error, code 5 
      reason: bad MAC 
    2016-12-22 10:10:44+0800 [SSHServerTransport,0,10.101.227.11] connection lost

出典

2016-12-21 chzijian

+0

詳細ログを '-vvv'でポストします。どちらの側でもサポートされていないエラーのようには見えませんが、サポートされているものとして宣伝されているものは間違った実装です。 – Jakuje

+0

ご返信ありがとうございます!私はTwisted 16.6.0の最新バージョンに更新しましたが、問題は残ります。上記の-vvvを使用したより詳細なデバッグ情報 – chzijian

答えて

0

あなたはツイストのより新しいバージョンにアップグレードする必要があります。 15.5.0は最近のhmac-sha2-512を実装するには十分ではありません。まだ動作しているアプリケーションをお持ちでない場合は、常にTwistedの最新バージョンからの起動をお勧めします。

出典

2016-12-22 00:42:18 Glyph

+0

ご返信ありがとうございます!私はTwisted 16.6.0の最新バージョンに更新しましたが、問題は残ります。上記のより詳細なデバッグ情報私は本当に今それをやる方法を知らない。 – chzijian

関連する問題

 関連する問題