Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SshException: MAC Error #1282

Closed
chucklu opened this issue Apr 17, 2018 · 7 comments · Fixed by #1322
Closed

SshException: MAC Error #1282

chucklu opened this issue Apr 17, 2018 · 7 comments · Fixed by #1322

Comments

@chucklu
Copy link

chucklu commented Apr 17, 2018

Hi,
When I try to clone by ssh protocol, I got the following error log on gitblit.

2018-04-17 15:47:29 [INFO ] creating ssh session from /172.31.212.138:53820
2018-04-17 15:47:29 [WARN ] Exception caught
org.apache.sshd.common.SshException: MAC Error
at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:818)
at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:331)
at org.apache.sshd.common.session.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:57)
at org.apache.sshd.common.io.nio2.Nio2Session$2.onCompleted(Nio2Session.java:220)
at org.apache.sshd.common.io.nio2.Nio2Session$2.onCompleted(Nio2Session.java:212)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:34)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:31)
at sun.nio.ch.Invoker.invokeUnchecked(Unknown Source)
at sun.nio.ch.Invoker$2.run(Unknown Source)
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

@kaymccormick
Copy link

This bug is preventing me from using gitblit - I get it when trying to push to a gitblit repos. I guess I haven't tried cloning, since I cant create any repos yet.

@fbacchella
Copy link
Contributor

I solved that by putting that setup in my ~/.ssh/config for the gitblit server:

    HostKeyAlgorithms ssh-rsa
    KexAlgorithms ecdh-sha2-nistp256
    MACs hmac-sha2-256
    Ciphers aes128-ctr

@flaix
Copy link
Member

flaix commented Nov 7, 2019

@fbacchella , does it mean you encountered it, too, or were able to reproduce it? What setup would reproduce the error?

@fbacchella
Copy link
Contributor

I had the problem when I tried to secure my ssh client, using Mozilla recommendations.

This setup fails:

    HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
    KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

@flaix
Copy link
Member

flaix commented Nov 9, 2019

In this case the error was caused by a bug in MINA SSHD (SSHD-604). Your config prefers hmac-sha2-512 over hmac-sha2-256, which the Gitblit SSHD agrees to. But the implementation used the wrong algorithm.
This is fixed in the next GitBlit version.
I just don't know if it fixes @chucklu's problem, as I believe there could be multiple causes to a MAC error.

@flaix flaix added this to the 1.9.0 milestone Nov 9, 2019
@fbacchella
Copy link
Contributor

next GitBlit version ? That would be so nice.

@flaix
Copy link
Member

flaix commented Nov 11, 2019

@fbacchella , the code is done, as far as I am concerned. The rest is managerial stuff.
If you like and are running an instance from your own build, you could update to the current master and give it a run.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants