[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: libssh-4.0.2 client code problem


Eugene,

I committed a fix for the aes-ctr issue. Could you test the latest git
version? Details about the bug are there:
http://dev.libssh.org/ticket/75

Aris

Eugene Starozhilov a écrit :
> Aris,
> 
> I didn't mention a compilation issue but to be able to compile libssh I
> changed WITH_VISIBILITY_HIDDEN:INTERNAL=1
> to
> WITH_VISIBILITY_HIDDEN:INTERNAL=
> in CMakeCache.txt
> 
> Thanks,
> Eugene
> 
> --- On *Tue, 4/13/10, Aris Adamantiadis /<aris@xxxxxxxxxxxx>/* wrote:
> 
> 
>     From: Aris Adamantiadis <aris@xxxxxxxxxxxx>
>     Subject: Re: libssh-4.0.2 client code problem
>     To: libssh@xxxxxxxxxx
>     Date: Tuesday, April 13, 2010, 4:22 PM
> 
>     Eugene,
> 
>     Replying to myself, but I managed to reproduce the problem (+ a
>     compilation issue with the latest stable git). We will keep you
>     informed of the status.
> 
>     Aris
> 
>     Aris Adamantiadis a écrit :
>     > Hi Eugene,
>     >
>     > I was not able to reproduce the problem on a CentOS 4.8 with
>     > openssh-server-3.9p1-11.el4_7.x86-64.rpm, at least not when libssh is
>     > running on my ubuntu workstation.
>     > What's the configuration of the client in your test ? Are you able to
>     > connect to rhel using libssh 0.4.2 from something else than
>     Rhel/centos ?
>     > I'm trying now to compile libssh on Centos.
>     >
>     > Regards,
>     >
>     > Aris
>     >
>     > Eugene Starozhilov a écrit :
>     >> Aris,
>     >>
>     >> Just checked:
>     >>
>     >> samplessh -l oracle -p 1778 -c aes128-ctr alpha-dev30.edf.gxs.com
>     >> result: sshd[22710]: Disconnecting: Corrupted MAC on input.
>     >>
>     >> samplessh -l oracle -p 1778  alpha-dev30.edf.gxs.com
>     >> result: sshd[22778]: Disconnecting: Corrupted MAC on input.
>     >>
>     >> samplessh -l oracle -p 1778 -c aes256-cbc  alpha-dev30.edf.gxs.com
>     >> result: OK
>     >>
>     >> samplessh -l oracle -p 1778 -c blowfish-cbc alpha-dev30.edf.gxs.com
>     >> result: OK
>     >>
>     >> The box has openssh-server-3.9p1-11.el4_7.x86_64.rpm. It is RedHat
>     >> Enterprise Server 4 distribution.
>     >>
>     >> Thanks,
>     >> Eugene
>     >>
>     >> --- On *Mon, 4/12/10, Aris Adamantiadis /<aris@xxxxxxxxxxxx
>     </mc/compose?to=aris@xxxxxxxxxxxx>>/* wrote:
>     >>
>     >>
>     >>     From: Aris Adamantiadis <aris@xxxxxxxxxxxx
>     </mc/compose?to=aris@xxxxxxxxxxxx>>
>     >>     Subject: Re: libssh-4.0.2 client code problem
>     >>     To: libssh@xxxxxxxxxx </mc/compose?to=libssh@xxxxxxxxxx>
>     >>     Date: Monday, April 12, 2010, 12:14 PM
>     >>
>     >>     Hi Eugene,
>     >>
>     >>     That's very strange. I will check out what has happened.
>     >>
>     >>     Have you got any information on the distribution/ssh server
>     installed
>     >>     on the server ? I suspect it's a problem with aes256-ctr.
>     >>
>     >>     In order to verify:
>     >>     samplessh -l oracle -p 1778 -c aes256-cbc alpha-dev30.edf.gxs.com
>     >>     samplessh -l oracle -p 1778 -c blowfish-cbc
>     alpha-dev30.edf.gxs.com
>     >>
>     >>     It would also help if you tried aes128-ctr.
>     >>
>     >>     Thanks,
>     >>
>     >>     Aris
>     >>
>     >>     Eugene Starozhilov a écrit :
>     >>     >
>     >>     > Hi Aris,
>     >>     >
>     >>     > Thanks for fixing server api bug. But I ran into another
>     problem with
>     >>     > client api.
>     >>     > These are traces from sshd and  libssh client code:
>     >>     >
>     >>     > ---------------------------  sshd
>     >>     > --------------------------------------------------
>     >>     > sshd[22309]: Connection from ::ffff:10.160.123.184 port 44351
>     >>     > sshd[22309]: debug1: Client protocol version 2.0; client
>     software
>     >>     > version libssh-0.4.2
>     >>     > sshd[22309]: debug1: no match: libssh-0.4.2
>     >>     > sshd[22309]: debug1: Enabling compatibility mode for
>     protocol 2.0
>     >>     > sshd[22309]: debug1: Local version string
>     SSH-1.99-OpenSSH_3.9p1
>     >>     > sshd[22341]: debug1: permanently_set_uid: 74/74
>     >>     > sshd[22341]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
>     >>     > sshd[22341]: debug1: SSH2_MSG_KEXINIT sent
>     >>     > sshd[22341]: debug1: SSH2_MSG_KEXINIT received
>     >>     > sshd[22341]: debug1: kex: client->server aes256-ctr
>     hmac-sha1 none
>     >>     > sshd[22341]: debug1: kex: server->client aes256-ctr
>     hmac-sha1 none
>     >>     > sshd[22341]: debug1: expecting SSH2_MSG_KEXDH_INIT
>     >>     > sshd[22341]: debug1: SSH2_MSG_NEWKEYS sent
>     >>     > sshd[22341]: debug1: expecting SSH2_MSG_NEWKEYS
>     >>     > sshd[22341]: debug1: SSH2_MSG_NEWKEYS received
>     >>     > sshd[22341]: debug1: KEX done
>     >>     > sshd[22341]: Disconnecting: Corrupted MAC on input.
>     >>     >
>     >> 
>        ------------------------------------------------------------------------------
>     >>     >
>     >>     > -------------------- libssh client code
>     -----------------------------
>     >>     > [3] host 10.160.31.50 matches an IP address
>     >>     > [1] Trying to connect to host: 10.160.31.50:1778 with
>     timeout 1800.0
>     >>     > [3] Socket connected with timeout
>     >>     >
>     >>     > [1] SSH server banner: SSH-1.99-OpenSSH_3.9p1
>     >>     > [1] Analyzing banner: SSH-1.99-OpenSSH_3.9p1
>     >>     > [1] We are talking to an OpenSSH server version: 3.9 (30900)
>     >>     > [3] Packet size decrypted: 636 (0x27c)
>     >>     > [3] Read a 636 bytes packet
>     >>     > [3] 11 bytes padding, 635 bytes left in buffer
>     >>     > [3] After padding, 624 bytes left in buffer
>     >>     > [3] Final size 624
>     >>     > [3] Type 20
>     >>     > [3] Writing on the wire a packet having 141 bytes before
>     >>     > [3] 141 bytes after comp + 6 padding bytes = 148 bytes packet
>     >>     > [3] Writing on the wire a packet having 133 bytes before
>     >>     > [3] 133 bytes after comp + 6 padding bytes = 140 bytes packet
>     >>     > [3] Packet size decrypted: 444 (0x1bc)
>     >>     > [3] Read a 444 bytes packet
>     >>     > [3] 10 bytes padding, 443 bytes left in buffer
>     >>     > [3] After padding, 433 bytes left in buffer
>     >>     > [3] Final size 433
>     >>     > [3] Type 31
>     >>     > [3] Writing on the wire a packet having 1 bytes before
>     >>     > [3] 1 bytes after comp + 10 padding bytes = 12 bytes packet
>     >>     > [1] SSH_MSG_NEWKEYS sent
>     >>     >
>     >>     > [3] Packet size decrypted: 12 (0xc)
>     >>     > [3] Read a 12 bytes packet
>     >>     > [3] 10 bytes padding, 11 bytes left in buffer
>     >>     > [3] After padding, 1 bytes left in buffer
>     >>     > [3] Final size 1
>     >>     > [3] Type 21
>     >>     > [1] Got SSH_MSG_NEWKEYS
>     >>     >
>     >>     > [3] Set output algorithm to aes256-ctr
>     >>     > [3] Set input algorithm to aes256-ctr
>     >>     >
>     >>     > [3] Writing on the wire a packet having 17 bytes before
>     >>     > [3] 17 bytes after comp + 10 padding bytes = 28 bytes packet
>     >>     > [3] Encrypting packet with seq num: 3, len: 32
>     >>     > [3] Sent SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
>     >>     > [3] Decrypting 16 bytes
>     >>     > [3] Packet size decrypted: 44 (0x2c)
>     >>     > [3] Read a 44 bytes packet
>     >>     > [3] Decrypting 32 bytes
>     >>     > 2010-04-12 13:14:54,211557; 1126189408 procSrvAuth;  Did
>     not receive
>     >>     > SERVICE_ACCEPT
>     >>     >
>     >> 
>        --------------------------------------------------------------------------------------------
>     >>     >
>     >>     > sshd receives corrupted MAC and drops connection. It
>     happens when
>     >>     client
>     >>     > calls ssh_service_request(session, "ssh-userauth");
>     >>     >
>     >>     > I built libssh-4.0.2 from git repository:
>     >>     >
>     >>     > git clone git://git.libssh.org/projects/libssh/libssh.git
>     libssh
>     >>     > git checkout -b v0-4 origin/v0-4
>     >>     >
>     >>     > with libcrypto library (openssl 0.9.7a).
>     >>     >
>     >>     >
>     >>     > The same error can be reproduced using samplessh example
>     with sshd.
>     >>     >
>     >>     > /usr/sbin/sshd -d  -p 1778
>     >>     > samplessh -l oracle -p 1778 alpha-dev30.edf.gxs.com
>     >>     >
>     >>     >
>     >>     > Thank you,
>     >>     > Eugene
>     >>     >
>     >>     >
>     >>     > --- On *Sun, 3/28/10, Aris Adamantiadis /<aris@xxxxxxxxxxxx
>     </mc/compose?to=aris@xxxxxxxxxxxx>
>     >>     </mc/compose?to=aris@xxxxxxxxxxxx
>     </mc/compose?to=aris@xxxxxxxxxxxx>>>/* wrote:
>     >>     >
>     >>     >
>     >>     >     From: Aris Adamantiadis <aris@xxxxxxxxxxxx
>     </mc/compose?to=aris@xxxxxxxxxxxx>
>     >>     </mc/compose?to=aris@xxxxxxxxxxxx
>     </mc/compose?to=aris@xxxxxxxxxxxx>>>
>     >>     >     Subject: Re: libssh-0.4.2 server api bug
>     >>     >     To: libssh@xxxxxxxxxx
>     </mc/compose?to=libssh@xxxxxxxxxx> </mc/compose?to=libssh@xxxxxxxxxx
>     </mc/compose?to=libssh@xxxxxxxxxx>>
>     >>     >     Date: Sunday, March 28, 2010, 3:51 PM
>     >>     >
>     >>     >     Hi,
>     >>     >
>     >>     >     This was resolved in
>     d2bb97c1c6f32c167e1a6093201e01a52bfe0e0d.
>     >>     Thanks
>     >>     >     for your feedback on this bug.
>     >>     >
>     >>     >     Regards,
>     >>     >
>     >>     >     Aris
>     >>     >
>     >>     >     Aris Adamantiadis a écrit :
>     >>     >     > Hi
>     >>     >     > Oops, we missed that bug for the release. I will find a
>     >>     solution.
>     >>     >     >
>     >>     >     > Aris
>     >>     >     >
>     >>     >     > Eugene Starozhilov a écrit :
>     >>     >     >> Hi Aris,
>     >>     >     >>
>     >>     >     >> The new release libssh-0.4.2 has the same problem as
>     >>     libssh-0.4.1
>     >>     >     >> (described below). samplesshd doesn't work with standard
>     >>     LINUX ssh
>     >>     >     >> client. Is any chance to get it fixed soon?
>     >>     >     >>
>     >>     >     >>
>     >>     >     >> Thank you,
>     >>     >     >> Eugene
>     >>     >     >>
>     >>     >
>     >>     >
>     >>
>     >>
>     >
> 
> 

Follow-Ups:
Re: libssh-4.0.2 client code problemEugene Starozhilov <estarozhilov@xxxxxxxxx>
References:
Re: libssh-4.0.2 client code problemEugene Starozhilov <estarozhilov@xxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org