Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-06-2021, 12:05 PM
themavrik75 themavrik75 is offline
Registered User
 
Join Date: May 2021
Posts: 2
Secure CRT 7.3.7 - Session disconnects

Hello,

I'm using SecureCRT - Version 7.3.7 (x64 build 1034) and my SSH session keeps disconnecting with the following error message:

The client has disconnected from the server. Reason:
Message Authentication Code did not verify (packet #1456). Data integrity has been compromised.

I have enabled Trace Options and I have captured the following:

~~~~~~~~~~~~~~~~~~~

[LOCAL] : SSH2Core version 7.3.0.1034
[LOCAL] : Connecting to 10.19.112.20:22 ...
SecureCRT - Version 7.3.7 (x64 build 1034)
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_7.6'
[LOCAL] : CAP : Remote can re-key
[LOCAL] : CAP : Remote sends language in password change requests
[LOCAL] : CAP : Remote sends algorithm name in PK_OK packets
[LOCAL] : CAP : Remote sends algorithm name in public key packets
[LOCAL] : CAP : Remote sends algorithm name in signatures
[LOCAL] : CAP : Remote sends error text in open failure packets
[LOCAL] : CAP : Remote sends name in service accept packets
[LOCAL] : CAP : Remote includes port number in x11 open packets
[LOCAL] : CAP : Remote uses 160 bit keys for SHA1 MAC
[LOCAL] : CAP : Remote supports new diffie-hellman group exchange messages
[LOCAL] : CAP : Remote correctly handles unknown SFTP extensions
[LOCAL] : CAP : Remote correctly encodes OID for gssapi
[LOCAL] : CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
[LOCAL] : CAP : Remote can do SFTP version 4
[LOCAL] : CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
[LOCAL] : CAP : Remote correctly handles zlib@openssh.com
[LOCAL] : SSPI : Requesting full delegation
[LOCAL] : SSPI : [Kerberos] SPN : host@10.19.112.20
[LOCAL] : SSPI : [Kerberos] InitializeSecurityContext() failed.
[LOCAL] : SSPI : [Kerberos] The specified target is unknown or unreachable
[LOCAL] : SSPI : [Kerberos] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [Kerberos] SPN : host@10.19.112.20
[LOCAL] : GSS : [Kerberos] InitializeSecurityContext() failed.
[LOCAL] : GSS : [Kerberos] Could not load library 'gssapi64.dll': The specified module could not be found.
[LOCAL] : GSS : [Kerberos] Disabling gss mechanism
[LOCAL] : GSS : [Kerberos] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==
[LOCAL] : SSPI : Requesting full delegation
[LOCAL] : SSPI : [Kerberos (Group Exchange)] SPN : host@10.19.112.20
[LOCAL] : SSPI : [Kerberos (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : SSPI : [Kerberos (Group Exchange)] The specified target is unknown or unreachable
[LOCAL] : SSPI : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [Kerberos (Group Exchange)] SPN : host@10.19.112.20
[LOCAL] : GSS : [Kerberos (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [Kerberos (Group Exchange)] Could not load library 'gssapi64.dll': The specified module could not be found.
[LOCAL] : GSS : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==
[LOCAL] : SEND : KEXINIT
[LOCAL] : RECV : Read kexinit
[LOCAL] : Available Remote Kex Methods = curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
[LOCAL] : Selected Kex Method = diffie-hellman-group14-sha1
[LOCAL] : Available Remote Host Key Algos = ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
[LOCAL] : Selected Host Key Algo = ssh-rsa
[LOCAL] : Available Remote Send Ciphers = chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
[LOCAL] : Selected Send Cipher = aes256-ctr
[LOCAL] : Available Remote Recv Ciphers = chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
[LOCAL] : Selected Recv Cipher = aes256-ctr
[LOCAL] : Available Remote Send Macs = umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[LOCAL] : Selected Send Mac = hmac-sha2-256
[LOCAL] : Available Remote Recv Macs = umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[LOCAL] : Selected Recv Mac = hmac-sha2-256
[LOCAL] : Available Remote Compressors = none
[LOCAL] : Selected Compressor = none
[LOCAL] : Available Remote Decompressors = none
[LOCAL] : Selected Decompressor = none
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
[LOCAL] : SEND : KEXDH_INIT
[LOCAL] : RECV : KEXDH_REPLY
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_READY_FOR_NEW_KEYS
[LOCAL] : RECV: Remote Hostkey (SHA-1 hash): 02:74:30:ac:bb:4b:c1:8c:41:8f:1f:7c:0c:04:6f:b1:8e:06:47:fd
[LOCAL] : RECV: Remote Hostkey (MD5 hash): 94:c1:53:85:2c:ac:44:bc:6d:3f:47:31:98:1f:c0:e9
[LOCAL] : SEND : NEWKEYS
[LOCAL] : Changing state from STATE_READY_FOR_NEW_KEYS to STATE_EXPECT_NEWKEYS
[LOCAL] : RECV : NEWKEYS
[LOCAL] : Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION
[LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth]
[LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
[LOCAL] : SENT : USERAUTH_REQUEST [none]
[LOCAL] : RECV : SSH_MSG_USERAUTH_BANNER
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [password]
[LOCAL] : SENT : USERAUTH_REQUEST [password]

Broadcom Corporation Embedded BFC SSH Server (c) 2000-2018

WARNING: Access allowed by authorized users only.

[LOCAL] : RECV : AUTH_SUCCESS
[LOCAL] : SEND[0]: SSH_MSG_CHANNEL_OPEN('session')
[LOCAL] : SEND[0]: Pty Request (rows: 68, cols: 203)
[LOCAL] : RECV[0]: pty request succeeded
[LOCAL] : SEND[0]: shell request
[LOCAL] : RECV[0]: shell request succeeded

[LOCAL] : Changing state from STATE_SEND_DISCONNECT to STATE_CLOSED
[LOCAL] : RECV: TCP/IP close
[LOCAL] : Discarding invalid state change from STATE_CLOSED to STATE_ALMOST_CLOSED.
[LOCAL] : Connected for 43 seconds, 4402 bytes sent, 73933 bytes received

[LOCAL] : Stream has closed [CLOSE_TYPE_NONSPECIFIC] : The client has disconnected from the server. Reason: Message Authentication Code did not verify (packet #542). Data integrity has been compromised.

The client has disconnected from the server. Reason:
Message Authentication Code did not verify (packet #542). Data integrity has been compromised.

~~~~~~~~~~~~~~~~~~~

Can you please review the logs and help me figuring out the root cause?

Thanks,
Vikram
Reply With Quote
  #2  
Old 05-06-2021, 12:57 PM
berdmann berdmann is offline
VanDyke Technical Support
 
Join Date: Aug 2017
Posts: 441
Hi themavrik75,

This behavior generally indicates that the server does not play nicely with the MAC that was selected (hmac-sha2-256).

What MAC's do you have enabled for this connection? Options -> Session Options -> SSH2 -> Advanced

What are your results if you disable the 'hmac-sha2-256' MAC and re-test?
__________________
Thanks,
--Brittney

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 05-11-2021, 02:22 PM
themavrik75 themavrik75 is offline
Registered User
 
Join Date: May 2021
Posts: 2
Sorry for the delay in replying...

I disabled 256 and it looks like it is not disconnecting anymore...I will keep an eye on it.

Thanks again! Much appreciated.
Reply With Quote
  #4  
Old 05-11-2021, 02:40 PM
berdmann berdmann is offline
VanDyke Technical Support
 
Join Date: Aug 2017
Posts: 441
Hi themavrik75,

I am glad to hear that disabling the MAC seems to have resolved the issue!

Please let us know if you experience any additional problems moving forward!
__________________
Thanks,
--Brittney

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 05:34 PM.