[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: libssh-4.0.2 client code problem
[Thread Prev] | [Thread Next]
- Subject: Re: libssh-4.0.2 client code problem
- From: Eugene Starozhilov <estarozhilov@xxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 14 Apr 2010 13:04:27 -0700 (PDT)
- To: libssh@xxxxxxxxxx
Aris, Just tested. It works. But libssh would not link (with libssh examples and my binary) unless I > changed WITH_VISIBILITY_HIDDEN:INTERNAL=1 > to > WITH_VISIBILITY_HIDDEN:INTERNAL= > in CMakeCache.txt Thanks, Eugene --- On Wed, 4/14/10, Aris Adamantiadis <aris@xxxxxxxxxxxx> wrote: From: Aris Adamantiadis <aris@xxxxxxxxxxxx> Subject: Re: libssh-4.0.2 client code problem To: libssh@xxxxxxxxxx Date: Wednesday, April 14, 2010, 3:00 PM Eugene, I committed a fix for the aes-ctr issue. Could you test the latest git version? Details about the bug are there: http://dev.libssh.org/ticket/75 Aris Eugene Starozhilov a écrit : > Aris, > > I didn't mention a compilation issue but to be able to compile libssh I > changed WITH_VISIBILITY_HIDDEN:INTERNAL=1 > to > WITH_VISIBILITY_HIDDEN:INTERNAL= > in CMakeCache.txt > > Thanks, > Eugene > > --- On *Tue, 4/13/10, Aris Adamantiadis /<aris@xxxxxxxxxxxx>/* wrote: > > > From: Aris Adamantiadis <aris@xxxxxxxxxxxx> > Subject: Re: libssh-4.0.2 client code problem > To: libssh@xxxxxxxxxx > Date: Tuesday, April 13, 2010, 4:22 PM > > Eugene, > > Replying to myself, but I managed to reproduce the problem (+ a > compilation issue with the latest stable git). We will keep you > informed of the status. > > Aris > > Aris Adamantiadis a écrit : > > Hi Eugene, > > > > I was not able to reproduce the problem on a CentOS 4.8 with > > openssh-server-3.9p1-11.el4_7.x86-64.rpm, at least not when libssh is > > running on my ubuntu workstation. > > What's the configuration of the client in your test ? Are you able to > > connect to rhel using libssh 0.4.2 from something else than > Rhel/centos ? > > I'm trying now to compile libssh on Centos. > > > > Regards, > > > > Aris > > > > Eugene Starozhilov a écrit : > >> Aris, > >> > >> Just checked: > >> > >> samplessh -l oracle -p 1778 -c aes128-ctr alpha-dev30.edf.gxs.com > >> result: sshd[22710]: Disconnecting: Corrupted MAC on input. > >> > >> samplessh -l oracle -p 1778 alpha-dev30.edf.gxs.com > >> result: sshd[22778]: Disconnecting: Corrupted MAC on input. > >> > >> samplessh -l oracle -p 1778 -c aes256-cbc alpha-dev30.edf.gxs.com > >> result: OK > >> > >> samplessh -l oracle -p 1778 -c blowfish-cbc alpha-dev30.edf.gxs.com > >> result: OK > >> > >> The box has openssh-server-3.9p1-11.el4_7.x86_64.rpm. It is RedHat > >> Enterprise Server 4 distribution. > >> > >> Thanks, > >> Eugene > >> > >> --- On *Mon, 4/12/10, Aris Adamantiadis /<aris@xxxxxxxxxxxx > </mc/compose?to=aris@xxxxxxxxxxxx>>/* wrote: > >> > >> > >> From: Aris Adamantiadis <aris@xxxxxxxxxxxx > </mc/compose?to=aris@xxxxxxxxxxxx>> > >> Subject: Re: libssh-4.0.2 client code problem > >> To: libssh@xxxxxxxxxx </mc/compose?to=libssh@xxxxxxxxxx> > >> Date: Monday, April 12, 2010, 12:14 PM > >> > >> Hi Eugene, > >> > >> That's very strange. I will check out what has happened. > >> > >> Have you got any information on the distribution/ssh server > installed > >> on the server ? I suspect it's a problem with aes256-ctr. > >> > >> In order to verify: > >> samplessh -l oracle -p 1778 -c aes256-cbc alpha-dev30.edf.gxs.com > >> samplessh -l oracle -p 1778 -c blowfish-cbc > alpha-dev30.edf.gxs.com > >> > >> It would also help if you tried aes128-ctr. > >> > >> Thanks, > >> > >> Aris > >> > >> Eugene Starozhilov a écrit : > >> > > >> > Hi Aris, > >> > > >> > Thanks for fixing server api bug. But I ran into another > problem with > >> > client api. > >> > These are traces from sshd and libssh client code: > >> > > >> > --------------------------- sshd > >> > -------------------------------------------------- > >> > sshd[22309]: Connection from ::ffff:10.160.123.184 port 44351 > >> > sshd[22309]: debug1: Client protocol version 2.0; client > software > >> > version libssh-0.4.2 > >> > sshd[22309]: debug1: no match: libssh-0.4.2 > >> > sshd[22309]: debug1: Enabling compatibility mode for > protocol 2.0 > >> > sshd[22309]: debug1: Local version string > SSH-1.99-OpenSSH_3.9p1 > >> > sshd[22341]: debug1: permanently_set_uid: 74/74 > >> > sshd[22341]: debug1: list_hostkey_types: ssh-rsa,ssh-dss > >> > sshd[22341]: debug1: SSH2_MSG_KEXINIT sent > >> > sshd[22341]: debug1: SSH2_MSG_KEXINIT received > >> > sshd[22341]: debug1: kex: client->server aes256-ctr > hmac-sha1 none > >> > sshd[22341]: debug1: kex: server->client aes256-ctr > hmac-sha1 none > >> > sshd[22341]: debug1: expecting SSH2_MSG_KEXDH_INIT > >> > sshd[22341]: debug1: SSH2_MSG_NEWKEYS sent > >> > sshd[22341]: debug1: expecting SSH2_MSG_NEWKEYS > >> > sshd[22341]: debug1: SSH2_MSG_NEWKEYS received > >> > sshd[22341]: debug1: KEX done > >> > sshd[22341]: Disconnecting: Corrupted MAC on input. > >> > > >> > ------------------------------------------------------------------------------ > >> > > >> > -------------------- libssh client code > ----------------------------- > >> > [3] host 10.160.31.50 matches an IP address > >> > [1] Trying to connect to host: 10.160.31.50:1778 with > timeout 1800.0 > >> > [3] Socket connected with timeout > >> > > >> > [1] SSH server banner: SSH-1.99-OpenSSH_3.9p1 > >> > [1] Analyzing banner: SSH-1.99-OpenSSH_3.9p1 > >> > [1] We are talking to an OpenSSH server version: 3.9 (30900) > >> > [3] Packet size decrypted: 636 (0x27c) > >> > [3] Read a 636 bytes packet > >> > [3] 11 bytes padding, 635 bytes left in buffer > >> > [3] After padding, 624 bytes left in buffer > >> > [3] Final size 624 > >> > [3] Type 20 > >> > [3] Writing on the wire a packet having 141 bytes before > >> > [3] 141 bytes after comp + 6 padding bytes = 148 bytes packet > >> > [3] Writing on the wire a packet having 133 bytes before > >> > [3] 133 bytes after comp + 6 padding bytes = 140 bytes packet > >> > [3] Packet size decrypted: 444 (0x1bc) > >> > [3] Read a 444 bytes packet > >> > [3] 10 bytes padding, 443 bytes left in buffer > >> > [3] After padding, 433 bytes left in buffer > >> > [3] Final size 433 > >> > [3] Type 31 > >> > [3] Writing on the wire a packet having 1 bytes before > >> > [3] 1 bytes after comp + 10 padding bytes = 12 bytes packet > >> > [1] SSH_MSG_NEWKEYS sent > >> > > >> > [3] Packet size decrypted: 12 (0xc) > >> > [3] Read a 12 bytes packet > >> > [3] 10 bytes padding, 11 bytes left in buffer > >> > [3] After padding, 1 bytes left in buffer > >> > [3] Final size 1 > >> > [3] Type 21 > >> > [1] Got SSH_MSG_NEWKEYS > >> > > >> > [3] Set output algorithm to aes256-ctr > >> > [3] Set input algorithm to aes256-ctr > >> > > >> > [3] Writing on the wire a packet having 17 bytes before > >> > [3] 17 bytes after comp + 10 padding bytes = 28 bytes packet > >> > [3] Encrypting packet with seq num: 3, len: 32 > >> > [3] Sent SSH_MSG_SERVICE_REQUEST (service ssh-userauth) > >> > [3] Decrypting 16 bytes > >> > [3] Packet size decrypted: 44 (0x2c) > >> > [3] Read a 44 bytes packet > >> > [3] Decrypting 32 bytes > >> > 2010-04-12 13:14:54,211557; 1126189408 procSrvAuth; Did > not receive > >> > SERVICE_ACCEPT > >> > > >> > -------------------------------------------------------------------------------------------- > >> > > >> > sshd receives corrupted MAC and drops connection. It > happens when > >> client > >> > calls ssh_service_request(session, "ssh-userauth"); > >> > > >> > I built libssh-4.0.2 from git repository: > >> > > >> > git clone git://git.libssh.org/projects/libssh/libssh.git > libssh > >> > git checkout -b v0-4 origin/v0-4 > >> > > >> > with libcrypto library (openssl 0.9.7a). > >> > > >> > > >> > The same error can be reproduced using samplessh example > with sshd. > >> > > >> > /usr/sbin/sshd -d -p 1778 > >> > samplessh -l oracle -p 1778 alpha-dev30.edf.gxs.com > >> > > >> > > >> > Thank you, > >> > Eugene > >> > > >> > > >> > --- On *Sun, 3/28/10, Aris Adamantiadis /<aris@xxxxxxxxxxxx > </mc/compose?to=aris@xxxxxxxxxxxx> > >> </mc/compose?to=aris@xxxxxxxxxxxx > </mc/compose?to=aris@xxxxxxxxxxxx>>>/* wrote: > >> > > >> > > >> > From: Aris Adamantiadis <aris@xxxxxxxxxxxx > </mc/compose?to=aris@xxxxxxxxxxxx> > >> </mc/compose?to=aris@xxxxxxxxxxxx > </mc/compose?to=aris@xxxxxxxxxxxx>>> > >> > Subject: Re: libssh-0.4.2 server api bug > >> > To: libssh@xxxxxxxxxx > </mc/compose?to=libssh@xxxxxxxxxx> </mc/compose?to=libssh@xxxxxxxxxx > </mc/compose?to=libssh@xxxxxxxxxx>> > >> > Date: Sunday, March 28, 2010, 3:51 PM > >> > > >> > Hi, > >> > > >> > This was resolved in > d2bb97c1c6f32c167e1a6093201e01a52bfe0e0d. > >> Thanks > >> > for your feedback on this bug. > >> > > >> > Regards, > >> > > >> > Aris > >> > > >> > Aris Adamantiadis a écrit : > >> > > Hi > >> > > Oops, we missed that bug for the release. I will find a > >> solution. > >> > > > >> > > Aris > >> > > > >> > > Eugene Starozhilov a écrit : > >> > >> Hi Aris, > >> > >> > >> > >> The new release libssh-0.4.2 has the same problem as > >> libssh-0.4.1 > >> > >> (described below). samplesshd doesn't work with standard > >> LINUX ssh > >> > >> client. Is any chance to get it fixed soon? > >> > >> > >> > >> > >> > >> Thank you, > >> > >> Eugene > >> > >> > >> > > >> > > >> > >> > > > >
| Re: libssh-4.0.2 client code problem | Aris Adamantiadis <aris@xxxxxxxxxxxx> |