Re: Implementing a ssh server without ssh_bind_listen()

[Jan Willamowius <jan@xxxxxxxxxxxxxx>]

Hi Andreas,

I tried libssh 0.4.90 and noticed that part of my problem was caused by
the fact that 0.4.80 and 0.4.90 still compile as libssh.so.4 and were
confused at runtime with an old version of libssh that my OpenSuse
ships, which is also libssh.so.4 even so internal structures seem to
have changed.

With the latest version (after switching form ssh_accept() to
ssh_handle_key_exchange()), I only get this trace output:

[3] Enabling POLLOUT for socket
[3] ssh_accept: Actual state : 2
[3] ssh_accept: Actual state : 2

But ssh_handle_key_exchange() never returns and no login is possible.

Other minor details: As you can see the trace still talks about
ssh_accept and the libraries were installed into /usr/lib and
not /usr/lib64.

Regards,
Jan


Andreas Schneider wrote:
> On Thursday 17 February 2011 10:19:50 you wrote:
> > Hi,
> 
> Hi,
>  
> > I'm implementing a ssh server that doesn't listen itself, but gets
> > passed a socket with an incoming connection using ssh_bind_set_fd().
> > (The ssh server is embedded in an application that must handle all
> > incomming socket connections.)
> 
> I suggest to use libssh-0.5rc0 which will be rc1 at the beginning of next week 
> and then we plan to do libssh-0.5 after one week.
> 
> http://www.libssh.org/files/rc/libssh-0.4.90.tar.gz
> 
> Could you please try this version and report back?
> 
> 
> 
> 	-- andreas
> 
> 
> > I had this working with libssh 0.3.x, but after porting to the 0.4.x
> > API, I'm getting errors about the incoming packets being extremely
> > large after decoding.
> > 
> > My code for accepting a connection roughly looks like this:
> > 
> > sshbind = ssh_bind_new();
> > session = ssh_new();
> > ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3");
> > sh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, dsakey);
> > ssh_init(); // plus error check
> > ssh_bind_set_fd(sshbind, TheSocket); // here I ahnd in the socket
> > ssh_bind_accept(sshbind, session);  // plus error check
> > ssh_accept(session); // plus error check
> > do {
> >   message = ssh_message_get(session);
> >   ...
> > }
> > 
> > The first ssh_message_get fails with "read_packet(): Packet len too
> > high(814545073 308cf8b1)".
> > 
> > 
> > Here is the full libssh trace:
> > [3] Writing on the wire a packet having 305 bytes before
> > [3] 305 bytes after comp + 10 padding bytes = 316 bytes packet
> > [3] Packet size decrypted: 844 (0x34c)
> > [3] Read a 844 bytes packet
> > [3] 6 bytes padding, 843 bytes left in buffer
> > [3] After padding, 837 bytes left in buffer
> > [3] Final size 837
> > [3] Type 20
> > [3] Set output algorithm aes256-ctr
> > [3] Set input algorithm aes256-ctr
> > [3] Packet size decrypted: 140 (0x8c)
> > [3] Read a 140 bytes packet
> > [3] 6 bytes padding, 139 bytes left in buffer
> > [3] After padding, 133 bytes left in buffer
> > [3] Final size 133
> > [3] Type 30
> > [3] Writing on the wire a packet having 630 bytes before
> > [3] 630 bytes after comp + 5 padding bytes = 636 bytes packet
> > [3] Writing on the wire a packet having 1 bytes before
> > [3] 1 bytes after comp + 10 padding bytes = 12 bytes packet
> > [3] SSH_MSG_NEWKEYS sent
> > [3] Packet size decrypted: 12 (0xc)
> > [3] Read a 12 bytes packet
> > [3] 10 bytes padding, 11 bytes left in buffer
> > [3] After padding, 1 bytes left in buffer
> > [3] Final size 1
> > [3] Type 21
> > [3] Got SSH_MSG_NEWKEYS
> > # ssh_accept() is done, now calling ssh_message_get()
> > [3] Decrypting 16 bytes
> > [3] Packet size decrypted: 814545073 (0x308cf8b1)
> > 
> > Any ideas what is going wrong here ?
> > 
> > Thanks,
> > Jan
> 
> -- 
> Andreas Schneider                   GPG-ID: F33E3FC6
> www.cryptomilk.org                asn@xxxxxxxxxxxxxx
> 
> 
> 


-- 
Jan Willamowius, jan@xxxxxxxxxxxxxx, http://www.gnugk.org/