[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value

Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value
From: Aris Adamantiadis <aris@xxxxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Tue, 29 Apr 2014 22:01:18 +0200
To: libssh@xxxxxxxxxx

Hi,

Your capture tells me that the public part of the DH handshake generated
by client is invalid (it is equal to 1 when it should be a 1024 bits
long integer). I have no idea how that could happen. It is possible that
the PRNG returns 0 and so the g^x ends up being 1.
But this is not consistent with the random cookie looking random. Does
VXWork have a /dev/random or /dev/urandom device ?

Aris

Le 27/04/14 16:07, Zvi Vered a écrit :
> Hi Aris,
>
> Attached the cap file as saved with Wireshark.
>
> I hope this is the right cap format.
>
> Can you understand why the server sends a "disconnect" ?
>
> The client is: 128.172.5.22
> The server is: 128.172.82.55
>
> Thanks,
> Zvika
>
> -----Original Message----- From: Aris Adamantiadis
> Sent: Thursday, April 24, 2014 11:57 PM
> To: libssh@xxxxxxxxxx
> Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT
> 33554432:bad client public DH value
>
> Please upload you .cap to cloudshark.org or attach it to the email, I
> can't help without seeing the content of packets.
>
> Aris
> Le 24/04/14 22:46, Zvi Vered a écrit :
>> Hi Aris,
>>
>> Is it possible to upload files ?
>>
>> Attached a snapshot from wireshark.
>> It starts from the ARP request the clients sends till "Server:
>> Disconnect".
>>
>> Thanks,
>> Zvika
>>
>> -----Original Message----- From: Aris Adamantiadis
>> Sent: Thursday, April 24, 2014 10:52 PM
>> To: libssh@xxxxxxxxxx
>> Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT
>> 33554432:bad client public DH value
>>
>> Can you please record a tcpdump capture with tcpdump or wireshark and
>> post it on cloudshark ? This happens pre-encryption.
>>
>> Aris
>> Le 24/04/14 21:45, Zvi Vered a écrit :
>>> Hi Aris,
>>>
>>> It happens every time.
>>>
>>> Thanks,
>>> Zvika
>>>
>>> -----Original Message----- From: Aris Adamantiadis
>>> Sent: Thursday, April 24, 2014 9:23 PM
>>> To: libssh@xxxxxxxxxx
>>> Subject: Re: ssh_connect fails: Received SSH_MSG_DISCONNECT
>>> 33554432:bad client public DH value
>>>
>>> Hi,
>>>
>>> Does it happen every time you connect or only sometimes ? It's very
>>> strange.
>>>
>>> Aris
>>> Le 24/04/14 20:14, Zvi Vered a écrit :
>>>> Dear Members,
>>>>
>>>> I ported libssh-0.6.3 and openssl-1.0.1g to vxWorks 6.9.2 (with very
>>>> few code changes).
>>>>
>>>> Upon ssh_connect I got the messages listed below.
>>>>
>>>> As you can see the connection fails and the final message is:
>>>>
>>>> ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT
>>>> 33554432:bad client public DH value
>>>>
>>>> On the server side (running under RHEL 5.3) I got the following
>>>> messages in /var/log/secure:
>>>>
>>>> expecting SSH2_MSG_KEXDH_INIT
>>>> invalid public DH value (1 / 2048)
>>>> Disconnecting: bad client public DH value
>>>>
>>>> What can cause this problem ?
>>>>
>>>> Thanks,
>>>> Zvika
>>>>
>>>> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>>
>>>>
>>>>
>>>>
>>>> -> [1970/01/01 00:00:00.000000, 1] ssh_connect: libssh 0.6.3 (c)
>>>> 2003-2014 Aris Adamantiadis, Andreas Schneider, and libssh
>>>> contributors. Distributed under the LGPL, please refer to COPYING file
>>>> for information about your rights, using threading threads_noop
>>>> [1970/01/01 00:00:00.000064, 3] getai: host 128.172.82.55 matches an
>>>> IP address
>>>> [1970/01/01 00:00:00.000000, 2] ssh_socket_connect: Nonblocking
>>>> connection socket: 6
>>>> [1970/01/01 00:00:00.808925489, 2] ssh_connect: Socket connecting, now
>>>> waiting for the callbacks to work
>>>> [1974/09/05 19:44:04.145667616, 3] ssh_connect: ssh_connect: Actual
>>>> timeout : 10000
>>>> [2097/01/10 06:02:22.-286331154, 3] ssh_socket_pollcallback: Received
>>>> POLLOUT in connecting state
>>>> [2097/01/10 06:02:22.139554400, 1] socket_callback_connected: Socket
>>>> connection callback: 1 (0)
>>>> [1970/02/21 20:18:44.139848112, 3] callback_receive_banner: Received
>>>> banner: SSH-2.0-OpenSSH_4.3
>>>> [1974/09/05 19:43:04.000019, 1] ssh_client_connection_callback: SSH
>>>> server banner: SSH-2.0-OpenSSH_4.3
>>>> [1970/01/01 00:00:00.000000, 1] ssh_analyze_banner: Analyzing banner:
>>>> SSH-2.0-OpenSSH_4.3
>>>> [1974/06/07 14:41:52.147642244, 1] ssh_analyze_banner: We are talking
>>>> to an OpenSSH client version: 4.3 (40300)
>>>> [1970/01/01 00:00:00.000000, 3] ssh_socket_unbuffered_write: Enabling
>>>> POLLOUT for socket
>>>> [1970/01/01 00:17:04.131080, 3] ssh_packet_socket_callback: packet:
>>>> read type 20 [len=700,padding=7,comp=692,payload=692]
>>>> [1974/08/13 22:00:40.145663148, 3] ssh_packet_process: Dispatching
>>>> handler for packet type 20
>>>> [1970/02/23 18:37:26.147642212, 4] ssh_list_kex: kex algos:
>>>> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
>>>>
>>>>
>>>>
>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: server host key algo:
>>>> ssh-rsa,ssh-dss
>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: encryption
>>>> client->server:
>>>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
>>>>
>>>>
>>>>
>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: encryption
>>>> server->client:
>>>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
>>>>
>>>>
>>>>
>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: mac algo
>>>> client->server:
>>>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
>>>>
>>>>
>>>>
>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: mac algo
>>>> server->client:
>>>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
>>>>
>>>>
>>>>
>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: compression algo
>>>> client->server: none,zlib@xxxxxxxxxxx
>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: compression algo
>>>> server->client: none,zlib@xxxxxxxxxxx
>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: languages
>>>> client->server:
>>>> [1974/08/13 21:56:40.147642212, 4] ssh_list_kex: languages
>>>> server->client:
>>>> [1970/01/01 00:00:00.000000, 4] ssh_list_kex: kex algos:
>>>> diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: server host key algo:
>>>> ssh-rsa,ssh-dss
>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: encryption
>>>> client->server:
>>>> aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,des-cbc-ssh1
>>>>
>>>>
>>>>
>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: encryption
>>>> server->client:
>>>> aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,des-cbc-ssh1
>>>>
>>>>
>>>>
>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: mac algo client->server:
>>>> hmac-sha1
>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: mac algo server->client:
>>>> hmac-sha1
>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: compression algo
>>>> client->server: none
>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: compression algo
>>>> server->client: none
>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: languages
>>>> client->server:
>>>> [1974/08/13 21:56:04.000000, 4] ssh_list_kex: languages
>>>> server->client:
>>>> [1974/08/13 21:36:36.000000, 3] packet_send2: packet: wrote
>>>> [len=364,padding=6,comp=357,payload=357]
>>>> [1974/08/13 21:55:44.145662852, 3] packet_send2: packet: wrote
>>>> [len=12,padding=5,comp=6,payload=6]
>>>> [1970/01/01 00:00:00.000000, 3] ssh_socket_unbuffered_write: Enabling
>>>> POLLOUT for socket
>>>> [1970/01/01 00:17:04.131080, 3] ssh_packet_socket_callback: packet:
>>>> read type 1 [len=44,padding=4,comp=39,payload=39]
>>>> [1974/08/13 22:00:40.145663148, 3] ssh_packet_process: Dispatching
>>>> handler for packet type 1
>>>> [1970/01/01 00:00:00.000000, 3] ssh_packet_disconnect_callback:
>>>> Received SSH_MSG_DISCONNECT 33554432:bad client public DH value
>>>> [1970/01/01 00:00:16.139880016, 1] ssh_packet_disconnect_callback:
>>>> Received SSH_MSG_DISCONNECT: 33554432:bad client public DH value
>>>> [1974/08/13 23:13:32.145667616, 3] ssh_connect: ssh_connect: Actual
>>>> state : 9
>>>> ssh_connect failed: Received SSH_MSG_DISCONNECT: 33554432:bad client
>>>> public DH value
>>>>
>>>
>>>
>>>
>>
>

Follow-Ups:
Re: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value	"Zvi Vered" <veredz72@xxxxxxxxx>

References:
ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value	"Zvi Vered" <veredz72@xxxxxxxxx>
Re: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value	Aris Adamantiadis <aris@xxxxxxxxxxxx>
Re: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value	"Zvi Vered" <veredz72@xxxxxxxxx>
Re: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value	Aris Adamantiadis <aris@xxxxxxxxxxxx>
Re: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value	"Zvi Vered" <veredz72@xxxxxxxxx>
Re: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value	Aris Adamantiadis <aris@xxxxxxxxxxxx>
Re: ssh_connect fails: Received SSH_MSG_DISCONNECT 33554432:bad client public DH value	"Zvi Vered" <veredz72@xxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org