Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Server HMAC algorithm not found #1050

Closed
SylvainSorlin opened this issue Nov 24, 2022 · 9 comments · Fixed by #1316
Closed

Server HMAC algorithm not found #1050

SylvainSorlin opened this issue Nov 24, 2022 · 9 comments · Fixed by #1316
Milestone

Comments

@SylvainSorlin
Copy link

SylvainSorlin commented Nov 24, 2022

I have a problem connecting to my linux server.

When I try to connect, I get a "Server HMAC algorithm not found" message.
I check the log and I find that lib cannot use the hmac-sha2-256-etm algorithm.

My server only accepts these 3 algorithms:

#825 does not work

@SylvainSorlin SylvainSorlin changed the title Server HMAC not found Server HMAC algorithm not found Nov 24, 2022
@Jedrzej94
Copy link

Jedrzej94 commented Dec 6, 2022

Same here. We just faced this issue.

edit://
We had to rollback to the ones without -etm

@SylvainSorlin
Copy link
Author

SylvainSorlin commented Dec 6, 2022

I can't, I did an ssh-audit.
I'm trying to add the etm in the project.

@alef75
Copy link

alef75 commented Jun 26, 2023

Same here

Server side is hardened via tool like ssh-audit and for security reason only the following hmac should be enabled
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com

@SylvainSorlin
Copy link
Author

Personally, I have given up on this library and I have compiled my own C++ DLL using libssh.
I then imported it into my C# project.

@robert-scheck
Copy link

OpenSSH upstream writes regarding Encrypt-then-MAC MAC algorithms:

1.5 transport: Protocol 2 Encrypt-then-MAC MAC algorithms

OpenSSH supports MAC algorithms, whose names contain "-etm", that perform the calculations in a different order to that defined in RFC 4253. These variants use the so-called "encrypt then MAC" ordering, calculating the MAC over the packet ciphertext rather than the plaintext. This ordering closes a security flaw in the SSH transport protocol, where decryption of unauthenticated ciphertext provided a "decryption oracle" that could, in conjunction with cipher flaws, reveal session plaintext.
Specifically, the "-etm" MAC algorithms modify the transport protocol to calculate the MAC over the packet ciphertext and to send the packet length unencrypted. This is necessary for the transport to obtain the length of the packet and location of the MAC tag so that it may be verified without decrypting unauthenticated data.

Based on this, it would make sense to me to support Encrypt-then-MAC MAC algorithms in SSH.NET.

@WojciechNagorski
Copy link
Collaborator

WojciechNagorski commented Jan 10, 2024

The fastest option to achieve this is to prepare a PR with changes and unit or integration tests.

@SkymaX86
Copy link

SkymaX86 commented Jan 16, 2024

Same issue here, on hardened systems only the -etm MAC algorithms allowed. Please add support for
hmac-sha2-512-etm@openssh.com
hmac-sha2-256-etm@openssh.com

@PashCracken
Copy link

Hi. We are facing the same issue also. I really like this library and would like to continue to use it. But we will soon be forced to look for alternatives if this is not resolved. Hoping for a fix 😊

@WojciechNagorski
Copy link
Collaborator

This issue has been fixed in the 2024.0.0 version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants