Subject: Re: error: Corrupted MAC on input. [preauth]

Re: error: Corrupted MAC on input. [preauth]

From: Peter Stuge <>
Date: Wed, 19 May 2021 23:17:25 +0000

Hi Eric, wrote:
> I'm happy to help but my responses may be delayed as I'm getting ready
> to head out for a few days of vacation (leaving in 12 hours)

Oh that sounds amazing! I hope you have a good time.

> > > sshd[361421]: debug1: kex: client->server cipher: aes128-ctr MAC:
> hmac-sha2-256 compression: none [preauth]

> > What processor does your embedded system have? In particular endianess
> > and native bit size (32/64?)

> model name : ARMv7 Processor rev 1 (v7l)
> Hardware : Atmel SAMA5

> /bin/busybox: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux),
> statically linked, BuildID[sha1]=51f5566abbeca4cee5e53734090d7d37b33deedb,
> for GNU/Linux 3.2.0, stripped

Thanks, little endian ARM.

> > What MAC is negotiated by the dropbear and OpenSSH clients you tested?
> Dropbear:
> May 18 15:42:08 eric-Precision-7520 sshd[444608]: debug1: kex:
> client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth]

> OpenSSH:
> May 19 17:24:01 eric-Precision-7520 sshd[3355904]: debug1: kex:
> client->server cipher: [86] MAC:
> <implicit> compression: none [preauth]

This is interesting and provides some clues. All three clients end up
using different ciphers/MACs with only libssh2 using hmac-sha2-256.

It would be great if you could try OpenSSH with the same cipher+MAC
as libssh2 and provide the server debug log also for that connection:

ssh -oCiphers=aes128-ctr -oMACs=hmac-sha2-256 server

> > Are results identical with a server running an unpatched upstream OpenSSH?
> Unfortunately, I do not have a server running this version. My sshd
> server is
> OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f 31 Mar 2020

Okay. The upstream source code is fairly easy to build but I understand
that you're leaving literally in hours. If you can try the OpenSSH
client with specific cipher and mac that log would be very helpful.


Received on 2021-05-20