无法摆脱无效的HMAC

时间:2015-12-15 00:32:57

标签: ssh hmac phpseclib

对于密码和身份验证的不兼容性,似乎我有类似北方(elm-signal-extra)的问题。

我得到: PHP注意:第3037行/usr/share/pear/Net/SSH2.php中的HMAC无效 PHP注意:服务在2015年的/usr/share/pear/Net/SSH2.php中被服务器关闭

我已经跟踪了一个PUTTY日志,以确定密钥交换哈希是Diffie-Hellman SHA-1,加密是AES.256 CBC。

所以我已经注释掉了我不希望在SSH2.php中使用的算法。但它似乎没有任何影响,我一直得到同样的错误

----------------- ENCRYPTION ALGORITH SECTION ------------------------

   static $encryption_algorithms = false;
    if ($encryption_algorithms === false) {
        $encryption_algorithms = array(
            // from <http://tools.ietf.org/html/rfc4345#section-4>:
    //        'arcfour256',
    //        'arcfour128',

            //'arcfour',      // OPTIONAL          the ARCFOUR stream cipher with a 128-bit key

            // CTR modes from <http://tools.ietf.org/html/rfc4344#section-4>:
    //        'aes128-ctr',     // RECOMMENDED       AES (Rijndael) in SDCTR mode, with 128-bit key
   //         'aes192-ctr',     // RECOMMENDED       AES with 192-bit key
   //         'aes256-ctr',     // RECOMMENDED       AES with 256-bit key

    //        'twofish128-ctr', // OPTIONAL          Twofish in SDCTR mode, with 128-bit key
    //        'twofish192-ctr', // OPTIONAL          Twofish with 192-bit key
    //        'twofish256-ctr', // OPTIONAL          Twofish with 256-bit key

            'aes128-cbc',     // RECOMMENDED       AES with a 128-bit key
            'aes192-cbc',     // OPTIONAL          AES with a 192-bit key
            'aes256-cbc',     // OPTIONAL          AES in CBC mode, with a 256-bit key

            'twofish128-cbc', // OPTIONAL          Twofish with a 128-bit key
            'twofish192-cbc', // OPTIONAL          Twofish with a 192-bit key
            'twofish256-cbc',
            'twofish-cbc',    // OPTIONAL          alias for "twofish256-cbc"
                              //                   (this is being retained for historical reasons)

            'blowfish-ctr',   // OPTIONAL          Blowfish in SDCTR mode

            'blowfish-cbc',   // OPTIONAL          Blowfish in CBC mode

            '3des-ctr',       // RECOMMENDED       Three-key 3DES in SDCTR mode

            '3des-cbc',       // REQUIRED          three-key 3DES in CBC mode
             'none'         // OPTIONAL          no encryption; NOT RECOMMENDED
        );

-------------- MAC算法部分----------------------------- < / p>

        $mac_algorithms = array(
            // from <http://www.ietf.org/rfc/rfc6668.txt>:
//            'hmac-sha2-256',// RECOMMENDED     HMAC-SHA256 (digest length = key length = 32)

 //           'hmac-sha1-96', // RECOMMENDED     first 96 bits of HMAC-SHA1 (digest length = 12, key length = 20)
             'hmac-sha1',    // REQUIRED        HMAC-SHA1 (digest length = key length = 20)
           'hmac-md5-96',  // OPTIONAL        first 96 bits of HMAC-MD5 (digest length = 12, key length = 16)
           'hmac-md5',     // OPTIONAL        HMAC-MD5 (digest length = key length = 16)
            'none'          // OPTIONAL        no MAC; NOT RECOMMENDED
        );

我的斗智尽头。任何帮助将非常感激。我在Fedora(Linux 3.6.11-1.fc16.x86_64 x86_64)BTW。

干杯, 安德烈

以下是PUTTY输出:

事件日志:使用哈希SHA-1进行Diffie-Hellman密钥交换 传出数据包#0x2,类型32 / 0x20(SSH2_MSG_KEX_DH_GEX_INIT)

....为简洁省略了文字.......

Event Log: Host key fingerprint is:
Event Log: ssh-rsa 1024 f4:a0:9f:17:a0:3d:74:60:4d:da:60:39:97:a0:07:9a
Outgoing packet #0x3, type 21 / 0x15 (SSH2_MSG_NEWKEYS)
Event Log: Initialised AES-256 CBC client->server encryption
Event Log: Initialised HMAC-SHA1 client->server MAC algorithm
Incoming packet #0x3, type 21 / 0x15 (SSH2_MSG_NEWKEYS)
Event Log: Initialised AES-256 CBC server->client encryption
Event Log: Initialised HMAC-SHA1 server->client MAC algorithm
Outgoing packet #0x4, type 2 / 0x02 (SSH2_MSG_IGNORE)
  00000000  00 00 00 00                                      ....
Outgoing packet #0x5, type 5 / 0x05 (SSH2_MSG_SERVICE_REQUEST)
  00000000  00 00 00 0c 73 73 68 2d 75 73 65 72 61 75 74 68  ....ssh-userauth
Incoming packet #0x4, type 6 / 0x06 (SSH2_MSG_SERVICE_ACCEPT)
  00000000  00 00 00 0c 73 73 68 2d 75 73 65 72 61 75 74 68  ....ssh-userauth
Outgoing packet #0x6, type 2 / 0x02 (SSH2_MSG_IGNORE)
  00000000  00 00 00 00                                      ....
Outgoing packet #0x7, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
  00000000  00 00 00 05 61 64 6d 69 6e 00 00 00 0e 73 73 68  ....admin....ssh
  00000010  2d 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 04 6e  -connection....n
  00000020  6f 6e 65                                         one
Incoming packet #0x5, type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
  00000000  00 00 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61  ...'publickey,pa
  00000010  73 73 77 6f 72 64 2c 6b 65 79 62 6f 61 72 64 2d  ssword,keyboard-
  00000020  69 6e 74 65 72 61 63 74 69 76 65 00              interactive.
Outgoing packet #0x8, type 2 / 0x02 (SSH2_MSG_IGNORE)
  00000000  00 00 00 00                                      ....
Outgoing packet #0x9, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
  00000000  00 00 00 05 61 64 6d 69 6e 00 00 00 0e 73 73 68  ....admin....ssh
  00000010  2d 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 14 6b  -connection....k
  00000020  65 79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74  eyboard-interact
  00000030  69 76 65 00 00 00 00 00 00 00 00                 ive........
Event Log: Attempting keyboard-interactive authentication
Incoming packet #0x6, type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
  00000000  00 00 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61  ...'publickey,pa
  00000010  73 73 77 6f 72 64 2c 6b 65 79 62 6f 61 72 64 2d  ssword,keyboard-
  00000020  69 6e 74 65 72 61 63 74 69 76 65 00              interactive.
Event Log: Server refused keyboard-interactive authentication
Outgoing packet #0xa, type 2 / 0x02 (SSH2_MSG_IGNORE)
  00000000  00 00 00 00                                      ....
Outgoing packet #0xb, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
  00000000  00 00 00 05 61 64 6d 69 6e 00 00 00 0e 73 73 68  ....admin....ssh
  00000010  2d 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 08 70  -connection....p
  00000020  61 73 73 77 6f 72 64 00 XX XX XX XX XX XX XX XX  assword.XXXXXXXX
  00000030  XX XX XX XX XX                                   XXXXX
Outgoing packet #0xc, type 2 / 0x02 (SSH2_MSG_IGNORE)
  00000000  00 00 00 90 7d 5f 2a c8 1f ad ee 38 a1 2e ec ae  ....}_*....8....
  00000010  ec 1a 21 1b b4 2d b3 df 81 f9 38 c2 b6 40 bb 6b  ..!..-....8..@.k
  00000020  84 f2 31 fa af da d2 dc dd b4 3c 41 43 2d e4 b2  ..1.......<AC-..
  00000030  8c c6 8e 38 ce 3d 1c 52 9c 80 4d 79 1f 37 ab d0  ...8.=.R..My.7..
  00000040  73 34 c2 5f 99 2c 5d 40 57 50 4f 5e df 3a d0 3f  s4._.,]@WPO^.:.?
  00000050  9d 38 28 7b 1f 8b ca 71 39 82 5f 91 cf f4 62 29  .8({...q9._...b)
  00000060  48 cc 8b f1 8f dc 7d 8c 4d 54 d5 61 f2 b5 f5 1d  H.....}.MT.a....
  00000070  7c 67 66 43 96 c9 9c 5d 0d 83 a6 62 61 0e 6c 4d  |gfC...]...ba.lM
  00000080  e7 57 28 1a e6 c6 56 63 f4 52 ad 66 9c d5 16 c4  .W(...Vc.R.f....
  00000090  b4 66 34 5b                                      .f4[
Event Log: Sent password
Incoming packet #0x7, type 52 / 0x34 (SSH2_MSG_USERAUTH_SUCCESS)
Event Log: Access granted

-----------完整日志输出-------------------------------

PHP Notice:  Invalid HMAC in /usr/share/pear/Net/SSH2.php on line 3037
PHP Notice:  Connection closed by server in /usr/share/pear/Net/SSH2.php on line 2015
LOG: <-
00000000  53:53:48:2d:32:2e:30:2d:4f:70:65:6e:53:53:48:5f  SSH-2.0-OpenSSH_
00000010  33:2e:34:70:31:0a                                3.4p1.

->
00000000  53:53:48:2d:32:2e:30:2d:70:68:70:73:65:63:6c:69  SSH-2.0-phpsecli
00000010  62:5f:30:2e:33:20:28:6f:70:65:6e:73:73:6c:2c:20  b_0.3 (openssl, 
00000020  67:6d:70:29:0d:0a                                gmp)..

<- NET_SSH2_MSG_KEXINIT (since last: 3.7292, network: 0.7724s)
00000000  1f:ed:9c:61:32:1e:70:f1:16:d0:99:37:6d:d3:7a:8d  ...a2.p....7m.z.
00000010  00:00:00:3d:64:69:66:66:69:65:2d:68:65:6c:6c:6d  ...=diffie-hellm
00000020  61:6e:2d:67:72:6f:75:70:2d:65:78:63:68:61:6e:67  an-group-exchang
00000030  65:2d:73:68:61:31:2c:64:69:66:66:69:65:2d:68:65  e-sha1,diffie-he
00000040  6c:6c:6d:61:6e:2d:67:72:6f:75:70:31:2d:73:68:61  llman-group1-sha
00000050  31:00:00:00:0f:73:73:68:2d:72:73:61:2c:73:73:68  1....ssh-rsa,ssh
00000060  2d:64:73:73:00:00:00:66:61:65:73:31:32:38:2d:63  -dss...faes128-c
00000070  62:63:2c:33:64:65:73:2d:63:62:63:2c:62:6c:6f:77  bc,3des-cbc,blow
00000080  66:69:73:68:2d:63:62:63:2c:63:61:73:74:31:32:38  fish-cbc,cast128
00000090  2d:63:62:63:2c:61:72:63:66:6f:75:72:2c:61:65:73  -cbc,arcfour,aes
000000a0  31:39:32:2d:63:62:63:2c:61:65:73:32:35:36:2d:63  192-cbc,aes256-c
000000b0  62:63:2c:72:69:6a:6e:64:61:65:6c:2d:63:62:63:40  bc,rijndael-cbc@
000000c0  6c:79:73:61:74:6f:72:2e:6c:69:75:2e:73:65:00:00  lysator.liu.se..
000000d0  00:66:61:65:73:31:32:38:2d:63:62:63:2c:33:64:65  .faes128-cbc,3de
000000e0  73:2d:63:62:63:2c:62:6c:6f:77:66:69:73:68:2d:63  s-cbc,blowfish-c
000000f0  62:63:2c:63:61:73:74:31:32:38:2d:63:62:63:2c:61  bc,cast128-cbc,a
00000100  72:63:66:6f:75:72:2c:61:65:73:31:39:32:2d:63:62  rcfour,aes192-cb
00000110  63:2c:61:65:73:32:35:36:2d:63:62:63:2c:72:69:6a  c,aes256-cbc,rij
00000120  6e:64:61:65:6c:2d:63:62:63:40:6c:79:73:61:74:6f  ndael-cbc@lysato
00000130  72:2e:6c:69:75:2e:73:65:00:00:00:55:68:6d:61:63  r.liu.se...Uhmac
00000140  2d:6d:64:35:2c:68:6d:61:63:2d:73:68:61:31:2c:68  -md5,hmac-sha1,h
00000150  6d:61:63:2d:72:69:70:65:6d:64:31:36:30:2c:68:6d  mac-ripemd160,hm
00000160  61:63:2d:72:69:70:65:6d:64:31:36:30:40:6f:70:65  ac-ripemd160@ope
00000170  6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68  nssh.com,hmac-sh
00000180  61:31:2d:39:36:2c:68:6d:61:63:2d:6d:64:35:2d:39  a1-96,hmac-md5-9
00000190  36:00:00:00:55:68:6d:61:63:2d:6d:64:35:2c:68:6d  6...Uhmac-md5,hm
000001a0  61:63:2d:73:68:61:31:2c:68:6d:61:63:2d:72:69:70  ac-sha1,hmac-rip
000001b0  65:6d:64:31:36:30:2c:68:6d:61:63:2d:72:69:70:65  emd160,hmac-ripe
000001c0  6d:64:31:36:30:40:6f:70:65:6e:73:73:68:2e:63:6f  md160@openssh.co
000001d0  6d:2c:68:6d:61:63:2d:73:68:61:31:2d:39:36:2c:68  m,hmac-sha1-96,h
000001e0  6d:61:63:2d:6d:64:35:2d:39:36:00:00:00:09:6e:6f  mac-md5-96....no
000001f0  6e:65:2c:7a:6c:69:62:00:00:00:09:6e:6f:6e:65:2c  ne,zlib....none,
00000200  7a:6c:69:62:00:00:00:00:00:00:00:00:00:00:00:00  zlib............
00000210  00                                               .

-> NET_SSH2_MSG_KEXINIT (since last: 0.0008, network: 0.0002s)
00000000  8b:79:c0:7d:2a:c1:e6:36:d7:bf:e0:52:d3:7d:42:0a  .y.}*..6...R.}B.
00000010  00:00:00:7e:64:69:66:66:69:65:2d:68:65:6c:6c:6d  ...~diffie-hellm
00000020  61:6e:2d:67:72:6f:75:70:31:2d:73:68:61:31:2c:64  an-group1-sha1,d
00000030  69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72  iffie-hellman-gr
00000040  6f:75:70:31:34:2d:73:68:61:31:2c:64:69:66:66:69  oup14-sha1,diffi
00000050  65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:2d  e-hellman-group-
00000060  65:78:63:68:61:6e:67:65:2d:73:68:61:31:2c:64:69  exchange-sha1,di
00000070  66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f  ffie-hellman-gro
00000080  75:70:2d:65:78:63:68:61:6e:67:65:2d:73:68:61:32  up-exchange-sha2
00000090  35:36:00:00:00:0f:73:73:68:2d:72:73:61:2c:73:73  56....ssh-rsa,ss
000000a0  68:2d:64:73:73:00:00:00:8a:61:65:73:31:32:38:2d  h-dss....aes128-
000000b0  63:62:63:2c:61:65:73:31:39:32:2d:63:62:63:2c:61  cbc,aes192-cbc,a
000000c0  65:73:32:35:36:2d:63:62:63:2c:74:77:6f:66:69:73  es256-cbc,twofis
000000d0  68:31:32:38:2d:63:62:63:2c:74:77:6f:66:69:73:68  h128-cbc,twofish
000000e0  31:39:32:2d:63:62:63:2c:74:77:6f:66:69:73:68:32  192-cbc,twofish2
000000f0  35:36:2d:63:62:63:2c:74:77:6f:66:69:73:68:2d:63  56-cbc,twofish-c
00000100  62:63:2c:62:6c:6f:77:66:69:73:68:2d:63:74:72:2c  bc,blowfish-ctr,
00000110  62:6c:6f:77:66:69:73:68:2d:63:62:63:2c:33:64:65  blowfish-cbc,3de
00000120  73:2d:63:74:72:2c:33:64:65:73:2d:63:62:63:2c:6e  s-ctr,3des-cbc,n
00000130  6f:6e:65:00:00:00:8a:61:65:73:31:32:38:2d:63:62  one....aes128-cb
00000140  63:2c:61:65:73:31:39:32:2d:63:62:63:2c:61:65:73  c,aes192-cbc,aes
00000150  32:35:36:2d:63:62:63:2c:74:77:6f:66:69:73:68:31  256-cbc,twofish1
00000160  32:38:2d:63:62:63:2c:74:77:6f:66:69:73:68:31:39  28-cbc,twofish19
00000170  32:2d:63:62:63:2c:74:77:6f:66:69:73:68:32:35:36  2-cbc,twofish256
00000180  2d:63:62:63:2c:74:77:6f:66:69:73:68:2d:63:62:63  -cbc,twofish-cbc
00000190  2c:62:6c:6f:77:66:69:73:68:2d:63:74:72:2c:62:6c  ,blowfish-ctr,bl
000001a0  6f:77:66:69:73:68:2d:63:62:63:2c:33:64:65:73:2d  owfish-cbc,3des-
000001b0  63:74:72:2c:33:64:65:73:2d:63:62:63:2c:6e:6f:6e  ctr,3des-cbc,non
000001c0  65:00:00:00:23:68:6d:61:63:2d:73:68:61:31:2c:68  e...#hmac-sha1,h
000001d0  6d:61:63:2d:6d:64:35:2d:39:36:2c:68:6d:61:63:2d  mac-md5-96,hmac-
000001e0  6d:64:35:2c:6e:6f:6e:65:00:00:00:23:68:6d:61:63  md5,none...#hmac
000001f0  2d:73:68:61:31:2c:68:6d:61:63:2d:6d:64:35:2d:39  -sha1,hmac-md5-9
00000200  36:2c:68:6d:61:63:2d:6d:64:35:2c:6e:6f:6e:65:00  6,hmac-md5,none.
00000210  00:00:04:6e:6f:6e:65:00:00:00:04:6e:6f:6e:65:00  ...none....none.
00000220  00:00:00:00:00:00:00:00:00:00:00:00              ............

-> NET_SSH2_MSG_KEXDH_INIT (since last: 0.0058, network: 0s)
00000000  00:00:00:81:00:ed:d4:d0:ea:a0:20:8e:cf:c0:4f:fc  .......... ...O.
00000010  d6:bd:9b:a1:1d:4f:26:0e:a1:1e:30:8a:1d:93:36:48  .....O&...0...6H
00000020  de:0d:c9:dd:3c:f6:a9:92:84:ef:f2:0f:3c:e1:6b:b2  ..............k.
00000030  f4:a1:3d:07:93:ed:21:c4:1a:d5:1e:b9:fd:20:aa:b3  ..=...!...... ..
00000040  a3:a6:94:20:ff:f4:eb:19:08:03:07:52:e7:b6:c5:16  ... .......R....
00000050  4e:2e:6b:89:cc:34:17:03:d9:bf:5d:44:7c:6f:1d:2b  N.k..4....]D|o.+
00000060  68:1e:4a:69:32:84:a1:3d:59:53:20:b4:12:79:8e:06  h.Ji2..=YS ..y..
00000070  3b:c7:a7:2f:1e:75:ed:ba:ee:ae:9a:6f:cd:80:8e:e7  ;../.u.....o....
00000080  9f:a5:97:b1:51                                   ....Q

<- NET_SSH2_MSG_KEXDH_REPLY (since last: 1.9064, network: 1.9063s)
00000000  00:00:00:95:00:00:00:07:73:73:68:2d:72:73:61:00  ........ssh-rsa.
00000010  00:00:01:23:00:00:00:81:00:b9:91:2c:ea:95:9c:34  ...#.......,...4
00000020  00:86:a0:f5:58:40:ff:44:d4:6a:9c:5c:05:1d:eb:ec  ....X@.D.j.\....
00000030  8a:96:61:21:e5:98:c3:23:06:15:1e:46:55:39:60:90  ..a!...#...FU9`.
00000040  e7:3d:89:cb:b4:04:48:54:d8:0a:62:11:08:83:3c:8d  .=....HT..b.....
00000050  eb:b3:5b:3d:fa:c3:d2:e5:89:ca:bf:ef:ea:a7:d9:38  ..[=...........8
00000060  04:10:ca:36:90:d1:57:1d:55:ec:b3:eb:40:17:ba:60  ...6..W.U...@..`
00000070  45:a0:f7:90:b0:f8:f2:52:4b:21:57:d9:91:d7:1a:0b  E......RK!W.....
00000080  a4:7d:4a:85:e2:ac:e2:cd:2b:e3:f1:b5:31:9a:98:fe  .}J.....+...1...
00000090  fd:3d:76:da:9d:23:cc:89:57:00:00:00:80:3d:e9:8c  .=v..#..W....=..
000000a0  92:42:9c:ba:16:a6:64:e6:f7:41:fd:b0:90:c2:c1:37  .B....d..A.....7
000000b0  02:a4:12:15:e0:59:88:87:64:d4:33:49:ed:b1:df:d0  .....Y..d.3I....
000000c0  80:c6:fd:f0:af:7f:b9:40:fb:58:0c:2e:4f:29:1f:35  .......@.X..O).5
000000d0  74:93:fe:3b:c1:61:df:33:a0:90:ea:bb:da:02:34:16  t..;.a.3......4.
000000e0  a0:f2:49:49:49:80:ab:b5:fb:bb:96:9e:6f:8f:2a:be  ..III.......o.*.
000000f0  f0:f7:5d:27:a0:02:5a:83:6b:4a:e6:5d:cc:0e:25:44  ..]'..Z.kJ.]..%D
00000100  9f:f6:35:d5:00:51:d0:e4:d3:ab:a0:41:3d:d7:b6:7c  ..5..Q.....A=..|
00000110  c2:c4:85:50:19:70:f0:8c:2d:33:21:3e:2c:00:00:00  ...P.p..-3!>,...
00000120  8f:00:00:00:07:73:73:68:2d:72:73:61:00:00:00:80  .....ssh-rsa....
00000130  92:6a:9a:3a:b0:ff:bf:6d:ed:69:a1:40:e2:d1:7c:ac  .j.:...m.i.@..|.
00000140  b9:21:ed:40:2c:66:f1:4f:d8:f2:07:6a:25:ef:a0:3b  .!.@,f.O...j%..;
00000150  56:ed:00:e6:31:3b:e6:e9:8d:46:56:4e:87:73:6b:88  V...1;...FVN.sk.
00000160  f8:a2:52:cf:78:dd:22:37:31:37:68:09:35:c4:92:6d  ..R.x."717h.5..m
00000170  23:40:6d:9e:31:99:6a:a9:75:c4:0b:0e:47:20:20:34  #@m.1.j.u...G  4
00000180  02:2b:66:d5:ce:1b:bd:b0:83:f3:c9:ef:bd:d2:31:c6  .+f...........1.
00000190  9a:6a:32:fa:22:31:48:74:e5:60:ae:c4:ce:d1:9a:2f  .j2."1Ht.`...../
000001a0  e7:13:20:a9:75:3b:e1:8a:5b:18:37:e0:1e:c7:4a:05  .. .u;..[.7...J.

-> NET_SSH2_MSG_NEWKEYS (since last: 0.001, network: 0.0002s)


<- NET_SSH2_MSG_NEWKEYS (since last: 0.0001, network: 0s)


-> NET_SSH2_MSG_SERVICE_REQUEST (since last: 0.0039, network: 0s)
00000000  00:00:00:0c:73:73:68:2d:75:73:65:72:61:75:74:68  ....ssh-userauth

0 个答案:

没有答案