• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Can't SSH without '-o MACs=hmac-md5' option for SSH

Scheduled Pinned Locked Moved OpenVPN
4 Posts 3 Posters 2.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    travnewmatic
    last edited by Sep 20, 2016, 11:02 PM

    I can ssh into my server over openvpn if i use:

    ssh -o MACs=hmac-md5 192.168.1.10

    but without the -o MACs=hmac-md5 part ssh will not connect

    Any help would be appreciated!

    Thanks!

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Sep 21, 2016, 1:29 PM

      what ssh client are you using and what pfsense version are you connecting too?

      can we see the output of -v (debug) when you try and connect if you using say openssh client.  If your using some other client how ever you can get to see the connection as its being made would be helpful.

      The did modify the ssh server security recently to provide for newer ciphers, etc.  I connect in via chacha20 for example

      debug1: kex: host key algorithm: ssh-ed25519
      debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit>compression: none
      debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit>compression: none</implicit></implicit>

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by Sep 21, 2016, 4:36 PM

        Also: What is "your server"?

        If the client is an OpenVPN client and the server is some other box (not pfSense) on your LAN, then the firewall would not have any sway over their protocol negotiation. If it works at all, it wouldn't be the firewall. If it's broken, it's on the client and/or server.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Sep 21, 2016, 5:13 PM

          Good catch, I took it pfsense was the server - but yeah now that I reread it, it could be a server behind pfsense that he is sshing too.  If that is the case then pfsense has nothing to do with it.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received