0 votes
by (210 points)

Hello,

As part of securing SFTP access by explicitly configuring host key, KEX, MAC and cipher algorithms, I found explicitly setting allowed MAC algorithms seems to have no effect.

This is the code I'm using to configure the MAC algorithms (sftp is an instance of Rebex.Net.Sftp):

sftp.Settings.SshParameters.MacAlgorithms = SshMacAlgorithm.Any;
sftp.Settings.SshParameters.SetMacAlgorithms(
{
    "hmac-sha2-512-etm@openssh.com",
    "hmac-sha2-256-etm@openssh.com",
    "hmac-sha2-512",
    "hmac-sha2-256",
    "hmac-sha1"
});

I tested connecting to an OpenSSH SFTP server where the MAC algorithms are configured as follows in sshd_config:

MACs hmac-md5

I would expect to see a message similar to the following (except for MAC) when trying to connect:

Negotiation failed. The client and the server have no common host key
algorithm. Server supports 'ecdsa-sha2-nistp384' which is not enabled
at the client.

However there is no error and the connection succeeds.

I'm currently on version 6.0.8432, but I checked the change log and didn't see anything related to MACs in the most recent releases.

Is this a bug or am I doing something incorrect in the code?

Just to note, the line

sftp.Settings.SshParameters.MacAlgorithms = SshMacAlgorithm.Any;

has been added because I found when explicitly setting the host key algorithms to include ecdh-sha2-nistp384 and ecdh-sha2-nistp521 through SetHostKeyAlgorithms, the algorithms were not enabled unless I also changed the HostKeyAlgorithms property to include them (through the Any enum member). This doesn't appear to be documented behavior.

1 Answer

+1 vote
by (73.5k points)
selected by
 
Best answer

Please note that the MAC algorithm is not used if the selected encryption algorithm is AEAD. Therefore, there is no check for matching MAC algorithms in such cases.

For example, if the selected encryption algorithm is aes256-gcm@openssh.com the MAC algorithm is not used since GCM already provides message authentication.

To test this, disable AEAD encryption mode like this:

sftp.Settings.SshParameters.EncryptionModes = SshEncryptionMode.CBC | SshEncryptionMode.CTR;

Now, you should get the expected error:

The client and the server have no common MAC algorithm.
by (210 points)
Right, that makes sense. I've confirmed the behavior by forcing aes256-cbc cipher and hmac-md5 MAC in the sshd_config and I get the no common MAC algorithm error as expected.

Thank you for your help.
...