[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Problems exchanging data with remote server


Hi Andreas,

Thanks for your time and answers. Attached you will find a full debug log of the problem, as requested. If you need additional logging or data, please let me know.

I agree with you that even if the packet size of 32000 might not be as per specifications, it most likely won't be the cause of problem I'm facing here. Is this something that should be corrected on the server side? Because I do think it may eventually lead to problems as some of the data packets that we receive from the server could easily exceed 64k bytes.

Right now we are just using ssh_channel_write() (of course after we have logged in and called ssh_channel_new() and ssh_channel_open_session()). Knowing that I am connecting to a 'plain' SSH server that I can connect to using the OS ssh command as well, I was thinking that I could try that approach with our client program too. Hence my question if using the ssh_channel_request_exec() function as a way of issuing commands to the server (instead of the ssh_channel_write() function) might yield different results.

We can apply and test any patches that you or anyone else might propose, it's just that we cannot easily upload new binaries/libraries to this test system, it is located at a customer site of us and we have to ask them to upload files for us, it's a rather time-consuming process...

Best regards,
Herwin

-----Original Message-----
From: Andreas Schneider [mailto:asn@xxxxxxxxxxxxxx] 
Sent: dinsdag 2 augustus 2011 10:11
To: libssh@xxxxxxxxxx
Subject: Re: Problems exchanging data with remote server

On Monday 01 August 2011 09:50:15 you wrote:
> Hi all,

Hi,

it looks like libssh sent the package which your F-Secure SSH server doesn't 
like. This is really strange since I don't the a window adjustment. I think 
wie need really a full log of this and you have to wait until Aris is back 
from his "vacataion" :)
I think this is a bug in F-Secure cause there are reports for this problem 
with OpenSSH too bug maybe we can work around it.

So could you please create a full debug log and attach it here or send it in 
private.

> Q1. Could it be that window size negotiation is indeed a problem here and
> that it can/may not be adjusted after the connection establishment and
> authentication have been completed?

The window is set up when you create the channel:

[2] Received a CHANNEL_OPEN_CONFIRMATION for channel 43:0
[2] Remote window : 100000, maxpacket : 32000

The only thing I see is that the max packet size here is to small. From the 
spec:

   All implementations MUST be able to process packets with an
   uncompressed payload length of 32768 bytes or less and a total packet
   size of 35000 bytes or less.

It could be an issue but doesn't have to.
 
> Q2. Are you aware of any issues with the implementation of SSHv2 in the
> F-Secure SSH server?

Not at the moment cause you're the first user which reports problems.

> Q3. Is there any difference in the 'ssh_channel_write()' and the
> 'ssh_channel_request_exec()' functions? Currently we are using the former
> call and the data is actually just a string with the command we wish to
> execute (and len is set to the length of the string). Could we, or perhaps
> should we, be using the latter function call?

Did you request a shell and execute commands there? I don't understand how 
just ssh_channel_write() should work without a shell :)


If I send you patches could you apply and test them?

Cheers,


	-- andreas


> This e-mail and any attachment is for authorised use by the intended
> recipient(s) only. It contains proprietary material, confidential
> information and/or be subject to legal privilege. It should not be copied,
> disclosed to, retained or used by, any other party. If you are not an
> intended recipient then please promptly delete this e-mail and any
> attachment and all copies and inform the sender. Thank you.

This is a strange statement for a mail sent to a public mailing list :)

-- 
Andreas Schneider                   GPG-ID: F33E3FC6
www.cryptomilk.org                asn@xxxxxxxxxxxxxx

Attachment: libssh-client_f-secure_ssh_server_problem_full_debug.log
Description: Binary data


References:
Re: Problems exchanging data with remote serverAndreas Schneider <asn@xxxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org