hashcat uses the $ sign to split the different parts of the hash like mode, iterations and so on
a quick look in https://github.com/hashcat/hashcat/blob/...le_22921.c
tells, that this mode has 6 token total, your provided hash has 8, so your provided hash is to long, resulting in token length exception, some digging deeper
the next thing your third token is number 16, token 4 is 32 in length
$sshng$6$16$a967fe6f59f545c49fdaa934a5c438f5$1926$
example hash 8 and 16 in lenght
$sshng$6$8$7620048997557487$1224$
the max length for token 3 is 1, and token 4 16 so this is another problem, it seems ssh doubled these parts (longer iv) these modifiyings are mostly done for security reasons , its like increasing the iterationcount for hashalgos just to slow them down
so the module has to be modified or a new module has to be made (im not quite sure what ssh2john outputs in token 7 and 8) maybe i will take a look later
EDIT:
okay 7 and 8 is rounds and offset for data, i opened a github issue, we will see what the devs will say how easy this will be to implement
EDIT2:
found this issue on jtr https://github.com/openwall/john/issues/4069
problem seem to be the switch from aes-256-cbc to aes-256-ctr with some openssh version, so you will need a new module i think
a quick look in https://github.com/hashcat/hashcat/blob/...le_22921.c
tells, that this mode has 6 token total, your provided hash has 8, so your provided hash is to long, resulting in token length exception, some digging deeper
the next thing your third token is number 16, token 4 is 32 in length
$sshng$6$16$a967fe6f59f545c49fdaa934a5c438f5$1926$
example hash 8 and 16 in lenght
$sshng$6$8$7620048997557487$1224$
the max length for token 3 is 1, and token 4 16 so this is another problem, it seems ssh doubled these parts (longer iv) these modifiyings are mostly done for security reasons , its like increasing the iterationcount for hashalgos just to slow them down
so the module has to be modified or a new module has to be made (im not quite sure what ssh2john outputs in token 7 and 8) maybe i will take a look later
EDIT:
okay 7 and 8 is rounds and offset for data, i opened a github issue, we will see what the devs will say how easy this will be to implement
EDIT2:
found this issue on jtr https://github.com/openwall/john/issues/4069
problem seem to be the switch from aes-256-cbc to aes-256-ctr with some openssh version, so you will need a new module i think