Page MenuHomePhabricator
Create Task
Maniphest T100901

no matching mac found
Closed, ResolvedPublic
Actions

Description

$ssh ores-compute.eqiad.wmflabs -vvv
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 13: Applying options for *.eqiad.wmflabs
debug1: /home/user/.ssh/config line 16: Applying options for *.wmflabs
debug1: /home/user/.ssh/config line 21: Applying options for *
debug3: ciphers ok: [chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr]
debug3: kex names ok: [curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256]
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug3: ciphers ok: [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc]
debug3: macs ok: [hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160]
debug3: key names ok: [ssh-rsa,ssh-dss]
debug1: Executing proxy command: exec ssh -a -W ores-compute.eqiad.wmflabs:22 bastion1.eqiad.wmflabs
debug1: permanently_drop_suid: 1000
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-8
no matching mac found: client hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 server hmac-sha2-512,hmac-sha2-256

$cat .ssh/config
Host bastion1.eqiad.wmflabs
    Hostname bastion.wmflabs.org
    ProxyCommand none

Host bastion2.eqiad.wmflabs
    Hostname bastion2.wmflabs.org
    ProxyCommand none

Host bastion3.eqiad.wmflabs
    Hostname bastion3.wmflabs.org
    ProxyCommand none

Host *.eqiad.wmflabs
    ProxyCommand ssh -a -W %h:%p bastion1.eqiad.wmflabs

Host *.wmflabs
    User he7d3r
    IdentityFile ~/.ssh/id_rsa
    IdentitiesOnly yes

Host * !gerrit.wikimedia.org
     Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
     KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

Event Timeline

He7d3r created this task.May 30 2015, 4:53 PM
He7d3r raised the priority of this task from to Needs Triage.
He7d3r updated the task description. (Show Details)
He7d3r added a project: Cloud-Services.
He7d3r added subscribers: He7d3r, Halfak.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 30 2015, 4:53 PM
He7d3r closed this task as Resolved.EditedJun 6 2015, 4:13 PM
He7d3r claimed this task.

Ok, I commented out the line which starts with MACs in my /etc/ssh/ssh_config and this error doesn't happens anymore. I also had to comment out the line HostKeyAlgorithms, to get the ECDSA fingerprint from the server, instead of the RSA one.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL