Hi Eric,
libssh_at_bentleyemail.net wrote:
> I'm happy to help but my responses may be delayed as I'm getting ready
> to head out for a few days of vacation (leaving in 12 hours)
Oh that sounds amazing! I hope you have a good time.
> > > sshd[361421]: debug1: kex: client->server cipher: aes128-ctr MAC:
> hmac-sha2-256 compression: none [preauth]
..
> > What processor does your embedded system have? In particular endianess
> > and native bit size (32/64?)
> model name : ARMv7 Processor rev 1 (v7l)
> Hardware : Atmel SAMA5
> /bin/busybox: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux),
> statically linked, BuildID[sha1]=51f5566abbeca4cee5e53734090d7d37b33deedb,
> for GNU/Linux 3.2.0, stripped
Thanks, little endian ARM.
> > What MAC is negotiated by the dropbear and OpenSSH clients you tested?
>
> Dropbear:
..
> May 18 15:42:08 eric-Precision-7520 sshd[444608]: debug1: kex:
> client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth]
> OpenSSH:
..
> May 19 17:24:01 eric-Precision-7520 sshd[3355904]: debug1: kex:
> client->server cipher: [86]chacha20-poly1305_at_openssh.com MAC:
> <implicit> compression: none [preauth]
This is interesting and provides some clues. All three clients end up
using different ciphers/MACs with only libssh2 using hmac-sha2-256.
It would be great if you could try OpenSSH with the same cipher+MAC
as libssh2 and provide the server debug log also for that connection:
ssh -oCiphers=aes128-ctr -oMACs=hmac-sha2-256 server
> > Are results identical with a server running an unpatched upstream OpenSSH?
>
> Unfortunately, I do not have a server running this version. My sshd
> server is
>
> OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f 31 Mar 2020
Okay. The upstream source code is fairly easy to build but I understand
that you're leaving literally in hours. If you can try the OpenSSH
client with specific cipher and mac that log would be very helpful.
Thanks
//Peter
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2021-05-20