OpenSSH Error "Disconnecting: Hash's MIC didn't verify" after upgrading to Ubuntu 16.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Debian) |
Fix Released
|
Unknown
|
|||
openssh (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SSH was working fine for years, until I upgraded to Ubuntu 16.04. When I upgraded to Ubuntu 16.04, the openssh-server stopped accepting connections from Ubuntu 14.04 LTS clients, with the following error:
----
Disconnecting: Hash's MIC didn't verify
----
The error above shows up on the client side. In the server logs, I see the following:
----
Mar 17 10:01:49 falcon polkitd(
Mar 17 10:02:06 falcon sshd[125126]: error: Received disconnect from MY.IP.ADDRESS.HERE port PORTNUMBER:2: Hash's MIC didn't verify [preauth]
Mar 17 10:02:06 falcon sshd[125126]: Disconnected from MY.IP.ADDRESS.HERE port PORTNUMBER [preauth]
----
I am using GSSAPI Key Exchange, and GSSAPI authentication. So I am not using public keys or passwords or anything like that; everything is entirely Kerberos 5. The problem, also, is only one-way. In other words, if I upgrade the server to Ubuntu 16.04, it stops accepting connections from 14.04 clients, but if I go the other direction and upgrade the client to Ubuntu 16.04, then it can still authenticate successfully to an Ubuntu 14.04 machine.
I am more than happy to help debug this, so please let me know what you suggest and I'll do whatever I can to help.
Thanks,
Brian
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: openssh-server 1:7.2p2-1
ProcVersionSign
Uname: Linux 4.4.0-13-generic x86_64
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
Date: Thu Mar 17 10:02:45 2016
InstallationDate: Installed on 2015-05-04 (317 days ago)
InstallationMedia: Ubuntu-Server 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: openssh
UpgradeStatus: Upgraded to xenial on 2016-03-16 (0 days ago)
Changed in openssh (Debian): | |
status: | Unknown → New |
Changed in openssh (Debian): | |
status: | New → Fix Released |
Based on the upstream bug closure, it sounds like importing the fixed version from upstream (or at least the fix patch) is probably the solution here.