[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Socket error: disconnected, Socket error: No error
[Thread Prev] | [Thread Next]
[Date Prev] | [Date Next]
- Subject: Re: Socket error: disconnected, Socket error: No error
- From: Yanis Kurganov <yanis.kurganov@xxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Thu, 28 Sep 2017 11:07:32 +0300
- To: libssh@xxxxxxxxxx
Hi Tilo!
Thanks for your answer.
Yes, I use ssh_userauth_list after ssh_userauth_none.
Authentication that can continue: publickey, password, keyboard-interactive.
Here is some server logs:
sshd[11955]: Connection from 10.67.253.1 port 64630 on 10.67.41.242 port 22
sshd[11955]: SSH: Server;Ltype: Version;Remote: 10.67.253.1-64630;Protocol:
2.0;Client: libssh_0.7.5
sshd[11955]: SSH: Server;Ltype: Kex;Remote: 10.67.253.1-64630;Enc:
aes256-ctr;MAC: hmac-sha2-256;Comp: none
sshd[11955]: SSH: Server;Ltype: Authname;Remote: 10.67.253.1-64630;Name:
root
sshd[11955]: Failed none for root from 10.67.253.1 port 64630 ssh2
HP-UX B.11.31 U ia64
I suppose that server disconnects libssh after first failed login attempt
(ssh_userauth_none).
2017-09-27 10:57 GMT+03:00 Tilo Eckert <tilo.eckert@xxxxxxx>:
> Hi Yanis
>
> the server obviously disconnects you after two failed login attempts
> (ssh_userauth_none and ssh_userauth_password). Since you do not perform
> any kind of error checking, you blindly continue with
> ssh_userauth_kbdint which also fails because you are already
> disconnected at this point ("Socket error: No error").
>
> Calling ssh_userauth_none is normally used to fetch the list of
> authentication methods supported by the server if you don't know them
> beforehand. This list can be retrieved with ssh_userauth_list
> afterwards. You should only attempt authentication methods which are in
> this list (i.e. enabled on the server side).
>
> Have a look at the authentication tutorial and the functions' return
> codes to see how to properly deal with errors (checking for
> !=SSH_AUTH_SUCCESS is not sufficient):
> http://api.libssh.org/master/libssh_tutor_authentication.html
>
> Regards,
> Tilo
>
> Am 26.09.2017 um 18:12 schrieb Yanis Kurganov:
> > Hi!
> >
> > I got a strange libssh error.
> >
> > if (ssh_userauth_none(m_Session, nullptr) != SSH_AUTH_SUCCESS)
> > {
> > if (ssh_userauth_password(m_Session, nullptr,
> > m_Settings->Password().c_str()) != SSH_AUTH_SUCCESS)
> > {
> > while ((code = ssh_userauth_kbdint(m_Session, nullptr, nullptr))
> > == SSH_AUTH_INFO)
> > .....
> > }
> > }
> >
> > ssh_connect: libssh 0.7.5 (c) 2003-2014 Aris Adamantiadis, Andreas
> > Schneider, and libssh contributors. Distributed under the LGPL, please
> > refer to COPYING file for information about your rights, using threading
> > threads_noop
> > getai: host 10.67.41.242 matches an IP address
> > ssh_socket_connect: Nonblocking connection socket: 1336
> > ssh_connect: Socket connecting, now waiting for the callbacks to work
> > ssh_connect: Actual timeout : 60000
> > ssh_socket_pollcallback: Received POLLOUT in connecting state
> > socket_callback_connected: Socket connection callback: 1 (0)
> > callback_receive_banner: Received banner:
> > SSH-2.0-OpenSSH_7.3p1+sftpfilecontrol-v1.3-hpn14v11
> > ssh_client_connection_callback: SSH server banner:
> > SSH-2.0-OpenSSH_7.3p1+sftpfilecontrol-v1.3-hpn14v11
> > ssh_analyze_banner: Analyzing banner:
> > SSH-2.0-OpenSSH_7.3p1+sftpfilecontrol-v1.3-hpn14v11
> > ssh_analyze_banner: We are talking to an OpenSSH client version: 7.3
> (70300)
> > ssh_socket_unbuffered_write: Enabling POLLOUT for socket
> > ssh_packet_socket_callback: packet: read type 20
> > [len=988,padding=4,comp=983,payload=983]
> > ssh_packet_process: Dispatching handler for packet type 20
> > ssh_list_kex: kex algos: curve25519-sha256@xxxxxxxxxx
> > <mailto:curve25519-sha256@xxxxxxxxxx>,ecdh-sha2-
> nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-
> hellman-group-exchange-sha256,diffie-hellman-group16-sha512,
> diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,
> diffie-hellman-group14-sha1
> > ssh_list_kex: server host key algo:
> > ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
> > ssh_list_kex: encryption client->server:
> > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
> aes128-cbc,3des-cbc
> > ssh_list_kex: encryption server->client:
> > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
> aes128-cbc,3des-cbc
> > ssh_list_kex: mac algo client->server: umac-64-etm@xxxxxxxxxxx
> > <mailto:umac-64-etm@xxxxxxxxxxx>,umac-128-etm@xxxxxxxxxxx
> > <mailto:umac-128-etm@xxxxxxxxxxx>,hmac-sha2-256-etm@xxxxxxxxxxx
> > <mailto:hmac-sha2-256-etm@xxxxxxxxxxx>,hmac-sha2-512-etm@xxxxxxxxxxx
> > <mailto:hmac-sha2-512-etm@xxxxxxxxxxx>,hmac-sha1-etm@xxxxxxxxxxx
> > <mailto:hmac-sha1-etm@xxxxxxxxxxx>,umac-64@xxxxxxxxxxx
> > <mailto:umac-64@xxxxxxxxxxx>,umac-128@xxxxxxxxxxx
> > <mailto:umac-128@xxxxxxxxxxx>,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> > ssh_list_kex: mac algo server->client: umac-64-etm@xxxxxxxxxxx
> > <mailto:umac-64-etm@xxxxxxxxxxx>,umac-128-etm@xxxxxxxxxxx
> > <mailto:umac-128-etm@xxxxxxxxxxx>,hmac-sha2-256-etm@xxxxxxxxxxx
> > <mailto:hmac-sha2-256-etm@xxxxxxxxxxx>,hmac-sha2-512-etm@xxxxxxxxxxx
> > <mailto:hmac-sha2-512-etm@xxxxxxxxxxx>,hmac-sha1-etm@xxxxxxxxxxx
> > <mailto:hmac-sha1-etm@xxxxxxxxxxx>,umac-64@xxxxxxxxxxx
> > <mailto:umac-64@xxxxxxxxxxx>,umac-128@xxxxxxxxxxx
> > <mailto:umac-128@xxxxxxxxxxx>,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> > ssh_list_kex: compression algo client->server: none,zlib@xxxxxxxxxxx
> > <mailto:zlib@xxxxxxxxxxx>
> > ssh_list_kex: compression algo server->client: none,zlib@xxxxxxxxxxx
> > <mailto:zlib@xxxxxxxxxxx>
> > ssh_list_kex: languages client->server:
> > ssh_list_kex: languages server->client:
> > ssh_list_kex: kex algos: curve25519-sha256@xxxxxxxxxx
> > <mailto:curve25519-sha256@xxxxxxxxxx>,ecdh-sha2-nistp256,diffie-hellman-
> group14-sha1,diffie-hellman-group1-sha1
> > ssh_list_kex: server host key algo:
> > ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
> ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
> > ssh_list_kex: encryption client->server:
> > aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,
> aes128-cbc,blowfish-cbc,3des-cbc
> > ssh_list_kex: encryption server->client:
> > aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,
> aes128-cbc,blowfish-cbc,3des-cbc
> > ssh_list_kex: mac algo client->server: hmac-sha2-256,hmac-sha2-512,
> hmac-sha1
> > ssh_list_kex: mac algo server->client: hmac-sha2-256,hmac-sha2-512,
> hmac-sha1
> > ssh_list_kex: compression algo client->server: none
> > ssh_list_kex: compression algo server->client: none
> > ssh_list_kex: languages client->server:
> > ssh_list_kex: languages server->client:
> > ssh_socket_unbuffered_write: Enabling POLLOUT for socket
> > packet_send2: packet: wrote [len=588,padding=8,comp=579,payload=579]
> > packet_send2: packet: wrote [len=44,padding=6,comp=37,payload=37]
> > ssh_socket_unbuffered_write: Enabling POLLOUT for socket
> > ssh_packet_socket_callback: packet: read type 31
> > [len=188,padding=8,comp=179,payload=179]
> > ssh_packet_process: Dispatching handler for packet type 31
> > ssh_packet_dh_reply: Received SSH_MSG_KEXDH_REPLY
> > ssh_socket_unbuffered_write: Enabling POLLOUT for socket
> > packet_send2: packet: wrote [len=12,padding=10,comp=1,payload=1]
> > ssh_client_curve25519_reply: SSH_MSG_NEWKEYS sent
> > ssh_packet_socket_callback: Processing 16 bytes left in socket buffer
> > ssh_packet_socket_callback: packet: read type 21
> > [len=12,padding=10,comp=1,payload=1]
> > ssh_packet_process: Dispatching handler for packet type 21
> > ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
> > crypt_set_algorithms2: Set output algorithm to aes256-ctr
> > crypt_set_algorithms2: Set HMAC output algorithm to hmac-sha2-256
> > crypt_set_algorithms2: Set input algorithm to aes256-ctr
> > crypt_set_algorithms2: Set HMAC output algorithm to hmac-sha2-256
> > ssh_pki_signature_verify_blob: Going to verify a ssh-ed25519 type
> signature
> > ssh_packet_newkeys: Signature verified and valid
> > ssh_connect: current state : 7
> > packet_send2: packet: wrote [len=28,padding=10,comp=17,payload=17]
> > ssh_service_request: Sent SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
> > ssh_socket_unbuffered_write: Enabling POLLOUT for socket
> > ssh_packet_socket_callback: packet: read type 6
> > [len=28,padding=10,comp=17,payload=17]
> > ssh_packet_process: Dispatching handler for packet type 6
> > ssh_packet_service_accept: Received SSH_MSG_SERVICE_ACCEPT
> > ssh_socket_unbuffered_write: Enabling POLLOUT for socket
> > packet_send2: packet: wrote [len=44,padding=8,comp=35,payload=35]
> > ssh_packet_socket_callback: packet: read type 51
> > [len=60,padding=14,comp=45,payload=45]
> > ssh_packet_process: Dispatching handler for packet type 51
> > ssh_packet_userauth_failure: Access denied. Authentication that can
> > continue: publickey,password,keyboard-interactive
> > ssh_packet_userauth_failure: Access denied. Authentication that can
> > continue: publickey,password,keyboard-interactive
> > ssh_socket_unbuffered_write: Enabling POLLOUT for socket
> > packet_send2: packet: wrote [len=60,padding=7,comp=52,payload=52]
> > ssh_socket_exception_callback: Socket exception callback: 1 (0)
> > ssh_socket_exception_callback: Socket error: disconnected
> > ssh_userauth_kbdint_init: Sending keyboard-interactive init request
> > ssh_socket_exception_callback: Socket exception callback: 2 (0)
> > ssh_socket_exception_callback: Socket error: No error
> > packet_send2: packet: wrote [len=76,padding=16,comp=59,payload=59]
> >
> > "Socket error: disconnected" - stable reproduction.
> > "Socket error: No error" - what does this mean?
> >
> > Regards,
> > Yanis.
>
>
>
| Socket error: disconnected, Socket error: No error | Yanis Kurganov <yanis.kurganov@xxxxxxxxx> |
| Re: Socket error: disconnected, Socket error: No error | Tilo Eckert <tilo.eckert@xxxxxxx> |