Iva*_*oni 6 networking linux ssh oracle-linux redhat-enterprise-linux
在我每天使用的 Oracle/RedHat VM 上(可能在每晚升级之后),我遇到以下身份验证错误:
$ ssh machine
Bad packet length NNNNNNN. ssh_dispatch_run_fatal: Connection to A.B.C.D port NN: Connection corrupted
更多调试视图:
$ ssh -vvvv machine
...
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
...
debug1: Local version string SSH-2.0-OpenSSH_9.3p1 Ubuntu-1ubuntu3.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: compat_banner: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
...
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
...
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
...
debug3: send packet: type 21
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
...
debug2: pubkey_prepare: done
debug3: send packet: type 5
Bad packet length VERY_LONG_NUMBER.
debug2: sshpkt_disconnect: sending SSH2_MSG_DISCONNECT: Packet corrupt
debug3: send packet: type 1
ssh_dispatch_run_fatal: Connection to a.b.c.d port xyz: Connection corrupted
添加 我的客户端机器是Ubuntu
$ ssh -V
OpenSSH_9.3p1 Ubuntu-1ubuntu3.2, OpenSSL 3.0.10 1 Aug 2023
迈克·奎因 (Mike Quin)的回答完全拯救了我。\n我想添加一些背景信息来澄清。
\n一个更明确的答案示例可以是:
\nssh -c aes256-gcm@openssh.com user@host.example.com\n其中-c,cipher_spec来自 SSH 手册 ( man ssh):
-c cipher_spec\n Selects the cipher specification for encrypting the\n session. cipher_spec is a comma\xe2\x80\x90separated list of \n ciphers listed in order of preference. See the Ciphers \n key\xe2\x80\x90word in ssh_config(5) for more information.\n并遵循 SSH_config 手册 ( ) 中的建议man 5 ssh_config:
Ciphers\n Specifies the ciphers allowed and their order of\n preference. Multiple ciphers must be comma\xe2\x80\x90separated. \n If the specified list begins with a \xe2\x80\x98+\xe2\x80\x99\n character, then the specified ciphers will be \n appended to the default set instead of replacing\n them. If the specified list begins with a \xe2\x80\x98\xe2\x80\x90\xe2\x80\x99\n character, then the specified ciphers (including\n wildcards) will be removed from the default set\n instead of replacing them. If the specified list\n begins with a \xe2\x80\x98^\xe2\x80\x99 character, then the specified\n ciphers will be placed at the head of the default\n set.\n\n The supported ciphers are:\n\n 3des\xe2\x80\x90cbc\n aes128\xe2\x80\x90cbc\n aes192\xe2\x80\x90cbc\n aes256\xe2\x80\x90cbc\n aes128\xe2\x80\x90ctr\n aes192\xe2\x80\x90ctr\n aes256\xe2\x80\x90ctr\n aes128\xe2\x80\x90gcm@openssh.com\n aes256\xe2\x80\x90gcm@openssh.com\n chacha20\xe2\x80\x90poly1305@openssh.com\n\n The default is:\n\n chacha20\xe2\x80\x90poly1305@openssh.com,\n aes128\xe2\x80\x90ctr,aes192\xe2\x80\x90ctr,aes256\xe2\x80\x90ctr,\n aes128\xe2\x80\x90gcm@openssh.com,aes256\xe2\x80\x90gcm@openssh.com\n\n The list of available ciphers may also be obtained\n using "ssh \xe2\x80\x90Q cipher".\n\n在配置中使用的可以是:
\nHost host.example.com\n Port 22\n User user\n Ciphers aes256-gcm@openssh.com\n对于那些寻求实际解释和服务器端修复的人:
Oracle似乎于 2024 年 2 月 1 日在其 openssh-server 软件包中发布了针对Terrapin 攻击的修复程序。更新的软件包版本为openssh-server-8.0p1-19.el8_9.2.x86_64。
将 openssh-server 降级到版本8.0p1-19.el8_8将恢复更新,并且 SSH 将再次工作,尽管这可能是不可取的。
我认为最明智的解决方案是禁用本文CHACHA20-POLY1305中所写的密码。
由于以下(其他)错误,我仍然无法通过 SSH 连接到我们的 OL 服务器:
Corrupted MAC on input.
ssh_dispatch_run_fatal: Connection to A.B.C.D port 22: message authentication code incorrect
我还禁用了AES-*-CTR密码,例如
# cat /etc/crypto-policies/policies/modules/TERRAPIN.pmod
cipher@ssh = -CHACHA20* -AES-*-CTR
ssh_etm = 0
# update-crypto-policies --set DEFAULT:TERRAPIN
# systemctl restart sshd
这会导致自动密码检测,这aes128-gcm应该足够安全
$ ssh -v <client>
...
debug1: kex: server->client cipher: aes128-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: aes128-gcm@openssh.com MAC: <implicit> compression: none
2024 年 2 月 16 日更新:Oracle 发布了此问题的修复程序包openssh-server-8.0p1-19.0.1.el8_9.2.x86_64
解决方法可以恢复如下:
# rm /etc/crypto-policies/policies/modules/TERRAPIN.pmod
# update-crypto-policies --set DEFAULT
# systemctl restart sshd