Bug#992920: proftpd-mod-crypto: sftp connection aborts with "Corrupted MAC on input"
Miguel Cruz
debian-bug-report at firmseek.com
Wed Aug 25 03:50:35 BST 2021
Package: proftpd-mod-crypto
Version: 1.3.7a+dfsg-12
Severity: important
Dear Maintainer,
Since upgrading to bullseye, proftpd's sftp server fails with some MAC algorithms.
This works:
sftp -o MACs=hmac-sha2-256 user at proftpd-server
This fails:
sftp -o MACs=umac-64 at openssh.com user at proftpd-server
The failure manifests as an aborted connection after a few KB of data traffic. The debian CLI sftp client will display the message:
Corrupted MAC on input.
ssh_dispatch_run_fatal: Connection to x.x.x.x port 22: message authentication code incorrect
This means that some clients can no longer constructively use the server with their standard options.
-- System Information:
Debian Release: 11.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-amd64 (SMP w/1 CPU thread)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages proftpd-mod-crypto depends on:
ii libc6 2.31-13
ii libpam0g 1.4.0-9
ii libsodium23 1.0.18-1
ii libssl1.1 1.1.1k-1+deb11u1
ii proftpd-core 1.3.7a+dfsg-12
ii zlib1g 1:1.2.11.dfsg-2
proftpd-mod-crypto recommends no packages.
proftpd-mod-crypto suggests no packages.
-- no debconf information
More information about the Pkg-proftpd-maintainers
mailing list