netbsd-bugs: bin/21714: ssh/d With authorized

Subject: bin/21714: ssh/d With authorized_keys Restriction Produces
To: None <gnats-bugs@gnats.netbsd.org>
From: Chris Jepeway <jepeway@blasted-heath.com>
List: netbsd-bugs
Date: 05/29/2003 12:49:37
>Number:         21714
>Category:       bin
>Synopsis:       Using restrictions in ssh authorized_keys file generates "Corrupted MAC on input" errors
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 29 16:52:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     jepeway@blasted-heath.com
>Release:        NetBSD 1.6T
>Organization:
	Blasted Heath Consulting, LLC
>Environment:
NetBSD pos 1.6T NetBSD 1.6T (GENERIC) #5: Thu May 22 17:58:56 EDT 2003  root@the-morrigan:/src/netbsd/current/sys/arch/i386/compile/obj.i386/GENERIC i386
Architecture: i386
Machine: i386
>Description:
	Looks like sshd has trouble when adding command or
	pty restrictions to ~/.ssh/authorized_keys file.

	If I add a command="foo" to authorized_keys, then I get a

	    Received disconnect from ::1: 2: Corrupted MAC on input

	message.  I get this when connecting via localhost (defaulting
	to IPv6, I guess) or via an IPv4 configured network interface. 

	This also occurs when connecting remotely over IPv4 with
	both an OpenSSH-3.4p1 and an OpenSSH_3.5 client.

	Finally, if a no-pty is added to authorized_keys, with
	or without a command="foo", the same "Corrupted MAC"
	error occurs.

>How-To-Repeat:
	Follows, an edited transcript shows the problem:

% pwd					# where am i?
/home/jepeway/.ssh
% cat authorized_keys			# who can log in via public_key?
ssh-rsa <BIG LONG PUBLIC KEY> slappy@blasted-heath.com
% ssh -i ./slappy localhost date	# show that public_key works
Enter passphrase for key './slappy': 
Thu May 22 22:05:20 UTC 2003
% vi authorized_keys			# change to restrict slappy to a command
% cat authorized_keys
command="/usr/bin/date" ssh-rsa <BIG LONG PUBLIC KEY> slappy@blasted-heath.com
% ssh -i slappy localhost		# try it out
Enter passphrase for key 'slappy': 
Received disconnect from ::1: 2: Corrupted MAC on input.	# wtf?
% vi authorized_keys			# change from command to no-pty
% cat authorized_keys
no-pty ssh-rsa <BIG LONG PUBLIC KEY> slappy@blasted-heath.com
% ssh -i ./slappy localhost date	# try w/o pty
Enter passphrase for key './slappy': 
Received disconnect from ::1: 2: Corrupted MAC on input.	# wtf?
% vi authorized_keys			# remove all restrictions
% cat authorized_keys
ssh-rsa <BIG LONG PUBLIC KEY> slappy@blasted-heath.com
% ssh -i ./slappy -T localhost date	# try turning off pty on client side
Enter passphrase for key './slappy': 
Thu May 22 22:07:32 UTC 2003		# works good
>Fix:
	Unknown.  This seems to have cropped up w/ the import
	of OpenSSH-3.6.1 in April, but I'm not swearing to that.
>Release-Note:
>Audit-Trail:
>Unformatted: