Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
Jenkins 1.638; SSH Credentials Plugin 1.11; CentOS 7.1.1503; openjdk 1.8
Description
master cannot connect to slave
sshd[1978]: fatal: no matching mac found: client hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5 server hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
master reports
Key exchange was not finished, connection is closed. ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins. java.lang.IllegalStateException: Connection is not established! at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.getRemainingAuthMethods(TrileadSSHPublicKeyAuthenticator.java:88) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.canAuthenticate(TrileadSSHPublicKeyAuthenticator.java:80) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169) at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745)
This is related to JENKINS-26379 but the comments in that ticket only hint at the issue which, to writ, is:
https://github.com/jenkinsci/trilead-ssh2/blob/master/src/com/trilead/ssh2/crypto/digest/MAC.java
public final static String[] getMacList()
{
/* Higher Priority First */
return new String[] { "hmac-sha1-96", "hmac-sha1", "hmac-md5-96", "hmac-md5" };
}
See https://stribika.github.io/2015/01/04/secure-secure-shell.html
Here are the available MAC choices:
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
umac-64
umac-128
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
hmac-ripemd160-etm@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com
The selection considerations:Security of the hash algorithm: No MD5 and SHA1. Yes, I know that HMAC-SHA1 does not need collision resistance but why wait? Disable weak crypto today.
Encrypt-then-MAC: I am not aware of a security proof for CTR-and-HMAC but I also don't think CTR decryption can fail. Since there are no downgrade attacks, you can add them to the end of the list. You can also do this on a host by host basis so you know which ones are less safe.
Tag size: At least 128 bits. This eliminates umac-64-etm.
Key size: At least 128 bits. This doesn't eliminate anything at this point.
Recommended /etc/ssh/sshd_config snippet:MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
Attachments
Issue Links
- is duplicated by
-
JENKINS-33021 trilead ssh MAC and key exchange algorithms severely outdated
-
- Resolved
-
- is related to
-
-
- Resolved
-