[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: libssh-4.0.2 client code problem
[Thread Prev] | [Thread Next]
- Subject: Re: libssh-4.0.2 client code problem
- From: Eugene Starozhilov <estarozhilov@xxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Tue, 13 Apr 2010 13:41:13 -0700 (PDT)
- To: libssh@xxxxxxxxxx
Aris,
I didn't mention a compilation issue but to be able to compile libssh I changed WITH_VISIBILITY_HIDDEN:INTERNAL=1
to
WITH_VISIBILITY_HIDDEN:INTERNAL=
in CMakeCache.txt
Thanks,
Eugene
--- On Tue, 4/13/10, Aris Adamantiadis <aris@xxxxxxxxxxxx> wrote:
From: Aris Adamantiadis <aris@xxxxxxxxxxxx>
Subject: Re: libssh-4.0.2 client code problem
To: libssh@xxxxxxxxxx
Date: Tuesday, April 13, 2010, 4:22 PM
Eugene,
Replying to myself, but I managed to reproduce the problem (+ a
compilation issue with the latest stable git). We will keep you
informed of the status.
Aris
Aris Adamantiadis a écrit :
> Hi Eugene,
>
> I was not able to reproduce the problem on a CentOS 4.8 with
> openssh-server-3.9p1-11.el4_7.x86-64.rpm, at least not when libssh is
> running on my ubuntu workstation.
> What's the configuration of the client in your test ? Are you able to
> connect to rhel using libssh 0.4.2 from something else than Rhel/centos ?
> I'm trying now to compile libssh on Centos.
>
> Regards,
>
> Aris
>
> Eugene Starozhilov a écrit :
>> Aris,
>>
>> Just checked:
>>
>> samplessh -l oracle -p 1778 -c aes128-ctr alpha-dev30.edf.gxs.com
>> result: sshd[22710]: Disconnecting: Corrupted MAC on input.
>>
>> samplessh -l oracle -p 1778 alpha-dev30.edf.gxs.com
>> result: sshd[22778]: Disconnecting: Corrupted MAC on input.
>>
>> samplessh -l oracle -p 1778 -c aes256-cbc alpha-dev30.edf.gxs.com
>> result: OK
>>
>> samplessh -l oracle -p 1778 -c blowfish-cbc alpha-dev30.edf.gxs.com
>> result: OK
>>
>> The box has openssh-server-3.9p1-11.el4_7.x86_64.rpm. It is RedHat
>> Enterprise Server 4 distribution.
>>
>> Thanks,
>> Eugene
>>
>> --- On *Mon, 4/12/10, Aris Adamantiadis /<aris@xxxxxxxxxxxx>/* wrote:
>>
>>
>> From: Aris Adamantiadis <aris@xxxxxxxxxxxx>
>> Subject: Re: libssh-4.0.2 client code problem
>> To: libssh@xxxxxxxxxx
>> Date: Monday, April 12, 2010, 12:14 PM
>>
>> Hi Eugene,
>>
>> That's very strange. I will check out what has happened.
>>
>> Have you got any information on the distribution/ssh server installed
>> on the server ? I suspect it's a problem with aes256-ctr.
>>
>> In order to verify:
>> samplessh -l oracle -p 1778 -c aes256-cbc alpha-dev30.edf.gxs.com
>> samplessh -l oracle -p 1778 -c blowfish-cbc alpha-dev30.edf.gxs.com
>>
>> It would also help if you tried aes128-ctr.
>>
>> Thanks,
>>
>> Aris
>>
>> Eugene Starozhilov a écrit :
>> >
>> > Hi Aris,
>> >
>> > Thanks for fixing server api bug. But I ran into another problem with
>> > client api.
>> > These are traces from sshd and libssh client code:
>> >
>> > --------------------------- sshd
>> > --------------------------------------------------
>> > sshd[22309]: Connection from ::ffff:10.160.123.184 port 44351
>> > sshd[22309]: debug1: Client protocol version 2.0; client software
>> > version libssh-0.4.2
>> > sshd[22309]: debug1: no match: libssh-0.4.2
>> > sshd[22309]: debug1: Enabling compatibility mode for protocol 2.0
>> > sshd[22309]: debug1: Local version string SSH-1.99-OpenSSH_3.9p1
>> > sshd[22341]: debug1: permanently_set_uid: 74/74
>> > sshd[22341]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
>> > sshd[22341]: debug1: SSH2_MSG_KEXINIT sent
>> > sshd[22341]: debug1: SSH2_MSG_KEXINIT received
>> > sshd[22341]: debug1: kex: client->server aes256-ctr hmac-sha1 none
>> > sshd[22341]: debug1: kex: server->client aes256-ctr hmac-sha1 none
>> > sshd[22341]: debug1: expecting SSH2_MSG_KEXDH_INIT
>> > sshd[22341]: debug1: SSH2_MSG_NEWKEYS sent
>> > sshd[22341]: debug1: expecting SSH2_MSG_NEWKEYS
>> > sshd[22341]: debug1: SSH2_MSG_NEWKEYS received
>> > sshd[22341]: debug1: KEX done
>> > sshd[22341]: Disconnecting: Corrupted MAC on input.
>> >
>> ------------------------------------------------------------------------------
>> >
>> > -------------------- libssh client code -----------------------------
>> > [3] host 10.160.31.50 matches an IP address
>> > [1] Trying to connect to host: 10.160.31.50:1778 with timeout 1800.0
>> > [3] Socket connected with timeout
>> >
>> > [1] SSH server banner: SSH-1.99-OpenSSH_3.9p1
>> > [1] Analyzing banner: SSH-1.99-OpenSSH_3.9p1
>> > [1] We are talking to an OpenSSH server version: 3.9 (30900)
>> > [3] Packet size decrypted: 636 (0x27c)
>> > [3] Read a 636 bytes packet
>> > [3] 11 bytes padding, 635 bytes left in buffer
>> > [3] After padding, 624 bytes left in buffer
>> > [3] Final size 624
>> > [3] Type 20
>> > [3] Writing on the wire a packet having 141 bytes before
>> > [3] 141 bytes after comp + 6 padding bytes = 148 bytes packet
>> > [3] Writing on the wire a packet having 133 bytes before
>> > [3] 133 bytes after comp + 6 padding bytes = 140 bytes packet
>> > [3] Packet size decrypted: 444 (0x1bc)
>> > [3] Read a 444 bytes packet
>> > [3] 10 bytes padding, 443 bytes left in buffer
>> > [3] After padding, 433 bytes left in buffer
>> > [3] Final size 433
>> > [3] Type 31
>> > [3] Writing on the wire a packet having 1 bytes before
>> > [3] 1 bytes after comp + 10 padding bytes = 12 bytes packet
>> > [1] SSH_MSG_NEWKEYS sent
>> >
>> > [3] Packet size decrypted: 12 (0xc)
>> > [3] Read a 12 bytes packet
>> > [3] 10 bytes padding, 11 bytes left in buffer
>> > [3] After padding, 1 bytes left in buffer
>> > [3] Final size 1
>> > [3] Type 21
>> > [1] Got SSH_MSG_NEWKEYS
>> >
>> > [3] Set output algorithm to aes256-ctr
>> > [3] Set input algorithm to aes256-ctr
>> >
>> > [3] Writing on the wire a packet having 17 bytes before
>> > [3] 17 bytes after comp + 10 padding bytes = 28 bytes packet
>> > [3] Encrypting packet with seq num: 3, len: 32
>> > [3] Sent SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
>> > [3] Decrypting 16 bytes
>> > [3] Packet size decrypted: 44 (0x2c)
>> > [3] Read a 44 bytes packet
>> > [3] Decrypting 32 bytes
>> > 2010-04-12 13:14:54,211557; 1126189408 procSrvAuth; Did not receive
>> > SERVICE_ACCEPT
>> >
>> --------------------------------------------------------------------------------------------
>> >
>> > sshd receives corrupted MAC and drops connection. It happens when
>> client
>> > calls ssh_service_request(session, "ssh-userauth");
>> >
>> > I built libssh-4.0.2 from git repository:
>> >
>> > git clone git://git.libssh.org/projects/libssh/libssh.git libssh
>> > git checkout -b v0-4 origin/v0-4
>> >
>> > with libcrypto library (openssl 0.9.7a).
>> >
>> >
>> > The same error can be reproduced using samplessh example with sshd.
>> >
>> > /usr/sbin/sshd -d -p 1778
>> > samplessh -l oracle -p 1778 alpha-dev30.edf.gxs.com
>> >
>> >
>> > Thank you,
>> > Eugene
>> >
>> >
>> > --- On *Sun, 3/28/10, Aris Adamantiadis /<aris@xxxxxxxxxxxx
>> </mc/compose?to=aris@xxxxxxxxxxxx>>/* wrote:
>> >
>> >
>> > From: Aris Adamantiadis <aris@xxxxxxxxxxxx
>> </mc/compose?to=aris@xxxxxxxxxxxx>>
>> > Subject: Re: libssh-0.4.2 server api bug
>> > To: libssh@xxxxxxxxxx </mc/compose?to=libssh@xxxxxxxxxx>
>> > Date: Sunday, March 28, 2010, 3:51 PM
>> >
>> > Hi,
>> >
>> > This was resolved in d2bb97c1c6f32c167e1a6093201e01a52bfe0e0d.
>> Thanks
>> > for your feedback on this bug.
>> >
>> > Regards,
>> >
>> > Aris
>> >
>> > Aris Adamantiadis a écrit :
>> > > Hi
>> > > Oops, we missed that bug for the release. I will find a
>> solution.
>> > >
>> > > Aris
>> > >
>> > > Eugene Starozhilov a écrit :
>> > >> Hi Aris,
>> > >>
>> > >> The new release libssh-0.4.2 has the same problem as
>> libssh-0.4.1
>> > >> (described below). samplesshd doesn't work with standard
>> LINUX ssh
>> > >> client. Is any chance to get it fixed soon?
>> > >>
>> > >>
>> > >> Thank you,
>> > >> Eugene
>> > >>
>> >
>> >
>>
>>
>
| Re: libssh-4.0.2 client code problem | Aris Adamantiadis <aris@xxxxxxxxxxxx> |
| Re: libssh-4.0.2 client code problem | Aris Adamantiadis <aris@xxxxxxxxxxxx> |