[lug] OpenSSH

[D. Stimits]

"Michael J. Pedersen" wrote:
> 
> On Tue, Jan 30, 2001 at 02:55:03PM -0700, D. Stimits wrote:
> > Unfortunately it doesn't work. If I use ssh, it simply says permission
> > denied (it isn't the local ssh file either, it works to localhost and to
> > many sites. If I use ssh2 (this machine has both commercial ssh and
> > openssh ssh2 clients, since I *must* use the commercial version to
> > interact with my SunOS account on one site; the other machine involved
> > is pure openssh), I get what looks like it works most of the way
> > through, then /var/log/messages reports:
> > sshd[1076]: Disconnecting: Corrupted HMAC on input.
> 
> Dunno what that error means, unfortunately, so can't give good advice.
> 
> > I want to completely remove all ssh items from two linux boxes, and
> > reinstall with newer versions only, but I'm having problems with rpms
> > (none exist for RH 6.2, the source rpm's of 7 won't work on my 6.2
> > boxes). The FreeBSD tarball does not have a configure script, and the
> > Makefile seems screwed for use with linux. There don't seem to be any
> > ssh version 2.3 tarballs available that are intended for linux, I could
> > only find FreeBSD of that version, and 2.2 for linux. Somehow I need to
> > find a current tarball for linux, and remove absolutely all of the old
> > stuff and start from scratch. Once I succeed, it will probably be broken
> > by the dual install of the client for commercial version that I have to
> > use to get to my SunOS account (openssh is incompatible with the
> > commercial one).
> 
> Well, I can help out a bit:
> ftp://ftp1.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/

I'm going to attempt replacing my current versions with this.

> 
> That's the site for a version which should work anywhere. As for the SunOS,
> why isn't openssh compatible with the commercial version? openssh supports all
> the latest ssh specs as far as I know.
> 

The admin people at the SunOS said they didn't know exactly why the
commercial daemon did not accept the OpenSSH version. Apparently the
protocols are not 100% compatible yet. The other possibility I can think
of is that perhaps the OpenSSH client does not yet work with the
encryption algorithms that the commercial ssh daemon is demanding. I was
never able to get around this, and finally asked the Sun people.
Apparently they have had a lot of users ask this same thing, and none of
them have ever had OpenSSH clients work with it. The reference I found
to corrupted HMAC indicates there may be a flaw in the current OpenSSH
that sometimes does not send one of the bits (the same FAQ says this
will be fixed in version 2.4). Probably parts of OpenSSH depend on
reverse engineering, which isn't an exact science.