twisted: hmac-sha2-512 - Corrupted MAC on input with OpenSSH

Question

I write a SSH server with Twisted(15.5.0) Conch. But RFC 6668 defines hmac-sha2-512 MAC algorithms for twisted.conch.ssh don't support it. I want to know how to fix it. I have

   $ ssh -V
   OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

   (assh_env)[root@localhost asshpy]# python
   Python 2.7.8 (default, Nov 30 2015, 10:44:42) 
   [GCC 4.4.7 20120313 (Red Hat 4.4.7-16)] on linux2
   Type "help", "copyright", "credits" or "license" for more information.
   >>> import twisted
   >>> print twisted.version
   [Twisted, version 16.6.0]


   $ ssh 127.0.0.1 -m hmac-sha2-512 -vvv -p 2222
   OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
   debug1: Reading configuration data /etc/ssh/ssh_config
   debug1: /etc/ssh/ssh_config line 41: Applying options for *
   debug2: ssh_connect: needpriv 0
   debug1: Connecting to localhost [127.0.0.1] port 2222.
   debug2: fd 3 setting O_NONBLOCK
   debug1: fd 3 clearing O_NONBLOCK
   debug1: Connection established.
   debug3: timeout: 9988 ms remain after connect
   debug1: could not open key file '/etc/ssh/ssh_host_key': No such file or directory
   debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': No such file or directory
   debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': Permission denied
   debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied
   debug1: could not open key file '/etc/ssh/ssh_host_ed25519_key': Permission denied
   debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': No such file or directory
   debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': Permission denied
   debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied
   debug1: could not open key file '/etc/ssh/ssh_host_ed25519_key': Permission denied
   debug1: identity file /home/chenjian.chj/.ssh/id_rsa type -1
   debug1: identity file /home/chenjian.chj/.ssh/id_rsa-cert type -1
   debug1: identity file /home/chenjian.chj/.ssh/id_dsa type -1
   debug1: identity file /home/chenjian.chj/.ssh/id_dsa-cert type -1
   debug1: identity file /home/chenjian.chj/.ssh/id_ecdsa type -1
   debug1: identity file /home/chenjian.chj/.ssh/id_ecdsa-cert type -1
   debug1: identity file /home/chenjian.chj/.ssh/id_ed25519 type -1
   debug1: identity file /home/chenjian.chj/.ssh/id_ed25519-cert type -1
   debug1: Enabling compatibility mode for protocol 2.0
   debug1: Local version string SSH-2.0-OpenSSH_6.6.1
   debug1: Remote protocol version 2.0, remote software version Twisted
   debug1: no match: Twisted
   debug2: fd 3 setting O_NONBLOCK
   debug3: put_host_port: [127.0.0.1]:2222
   debug3: load_hostkeys: loading entries for host "[127.0.0.1]:2222" from file "/dev/null"
   debug3: load_hostkeys: loaded 0 keys
   debug1: SSH2_MSG_KEXINIT sent
   debug1: SSH2_MSG_KEXINIT received
   debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
   debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
   debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
   debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
   debug2: kex_parse_kexinit: hmac-sha2-512
   debug2: kex_parse_kexinit: hmac-sha2-512
   debug2: kex_parse_kexinit: none,[email protected],zlib
   debug2: kex_parse_kexinit: none,[email protected],zlib
   debug2: kex_parse_kexinit: 
   debug2: kex_parse_kexinit: 
   debug2: kex_parse_kexinit: first_kex_follows 0 
   debug2: kex_parse_kexinit: reserved 0 
   debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
   debug2: kex_parse_kexinit: ssh-rsa
   debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,cast128-cbc,blowfish-cbc,3des-cbc
   debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,cast128-cbc,blowfish-cbc,3des-cbc
   debug2: kex_parse_kexinit: hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-md5
   debug2: kex_parse_kexinit: hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-md5
   debug2: kex_parse_kexinit: none,zlib
   debug2: kex_parse_kexinit: none,zlib
   debug2: kex_parse_kexinit: 
   debug2: kex_parse_kexinit: 
   debug2: kex_parse_kexinit: first_kex_follows 0 
   debug2: kex_parse_kexinit: reserved 0 
   debug2: mac_setup: setup hmac-sha2-512
   debug1: kex: server->client aes128-ctr hmac-sha2-512 none
   debug2: mac_setup: setup hmac-sha2-512
   debug1: kex: client->server aes128-ctr hmac-sha2-512 none
   debug1: kex: diffie-hellman-group14-sha1 need=64 dh_need=64
   debug1: kex: diffie-hellman-group14-sha1 need=64 dh_need=64
   debug2: bits set: 1009/2048
   debug1: sending SSH2_MSG_KEXDH_INIT
   debug1: expecting SSH2_MSG_KEXDH_REPLY
   debug1: Server host key: RSA e4:63:c3:05:6c:37:bc:05:8d:94:8a:72:68:91:9c:24
   debug3: put_host_port: [127.0.0.1]:2222
   debug3: put_host_port: [127.0.0.1]:2222
   debug3: load_hostkeys: loading entries for host "[127.0.0.1]:2222" from file "/dev/null"
   debug3: load_hostkeys: loaded 0 keys
   debug3: load_hostkeys: loading entries for host "[127.0.0.1]:2222" from file "/dev/null"
   debug3: load_hostkeys: loaded 0 keys
   debug1: checking without port identifier
   debug3: load_hostkeys: loading entries for host "127.0.0.1" from file "/dev/null"
   debug3: load_hostkeys: loaded 0 keys
   Warning: Permanently added '[127.0.0.1]:2222' (RSA) to the list of known hosts.
   debug2: bits set: 1013/2048
   debug1: ssh_rsa_verify: signature correct
   debug2: kex_derive_keys
   debug2: set_newkeys: mode 1
   debug1: SSH2_MSG_NEWKEYS sent
   debug1: expecting SSH2_MSG_NEWKEYS
   debug2: set_newkeys: mode 0
   debug1: SSH2_MSG_NEWKEYS received
   debug1: SSH2_MSG_SERVICE_REQUEST sent
   Corrupted MAC on input.
   Disconnecting: Packet corrupt

In the twisted ssh server,the log is:

     2016-12-22 10:10:44+0800 [SSHServerTransport,0,10.101.227.11] kex alg, key alg: 'diffie-hellman-group14-sha1' 'ssh-rsa'
     2016-12-22 10:10:44+0800 [SSHServerTransport,0,10.101.227.11] outgoing: 'aes128-ctr' 'hmac-sha2-512' 'none'
     2016-12-22 10:10:44+0800 [SSHServerTransport,0,10.101.227.11] incoming: 'aes128-ctr' 'hmac-sha2-512' 'none'
     2016-12-22 10:10:44+0800 [SSHServerTransport,0,10.101.227.11] NEW KEYS
     2016-12-22 10:10:44+0800 [SSHServerTransport,0,10.101.227.11] Disconnecting with error, code 5
             reason: bad MAC
     2016-12-22 10:10:44+0800 [SSHServerTransport,0,10.101.227.11] connection lost

Answer 1

You must upgrade to a more recent version of Twisted; 15.5.0 is not recent enough to implement hmac-sha2-512. If you don't have a working application yet, I would always recommend starting with the most recent version of Twisted.