Page MenuHomePhabricator

no matching mac found
Closed, ResolvedPublic


$ssh ores-compute.eqiad.wmflabs -vvv
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 13: Applying options for *.eqiad.wmflabs
debug1: /home/user/.ssh/config line 16: Applying options for *.wmflabs
debug1: /home/user/.ssh/config line 21: Applying options for *
debug3: ciphers ok: [,,,aes256-ctr,aes192-ctr,aes128-ctr]
debug3: kex names ok: [,diffie-hellman-group-exchange-sha256]
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug3: ciphers ok: [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc]
debug3: macs ok: [hmac-md5,hmac-sha1,,hmac-ripemd160]
debug3: key names ok: [ssh-rsa,ssh-dss]
debug1: Executing proxy command: exec ssh -a -W ores-compute.eqiad.wmflabs:22 bastion1.eqiad.wmflabs
debug1: permanently_drop_suid: 1000
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-8
no matching mac found: client hmac-md5,hmac-sha1,,hmac-ripemd160 server hmac-sha2-512,hmac-sha2-256

$cat .ssh/config
Host bastion1.eqiad.wmflabs
    ProxyCommand none

Host bastion2.eqiad.wmflabs
    ProxyCommand none

Host bastion3.eqiad.wmflabs
    ProxyCommand none

Host *.eqiad.wmflabs
    ProxyCommand ssh -a -W %h:%p bastion1.eqiad.wmflabs

Host *.wmflabs
    User he7d3r
    IdentityFile ~/.ssh/id_rsa
    IdentitiesOnly yes

Host * !

Event Timeline

He7d3r raised the priority of this task from to Needs Triage.
He7d3r updated the task description. (Show Details)
He7d3r added a project: Cloud-Services.
He7d3r added subscribers: He7d3r, Halfak.
He7d3r closed this task as Resolved.EditedJun 6 2015, 4:13 PM
He7d3r claimed this task.

Ok, I commented out the line which starts with MACs in my /etc/ssh/ssh_config and this error doesn't happens anymore. I also had to comment out the line HostKeyAlgorithms, to get the ECDSA fingerprint from the server, instead of the RSA one.