"premature exit: string too long"

Sebastian Haag seven at 7labs.de
Sun May 14 22:06:59 WST 2006


Thank you very much for your help.

Sorry, but I didn´t get it running... now I get "no auth methods could be 
used". When I start dbclient with option "-i", it says "Ignoring unknown 
argument...".

My system/what i did:

server (dropbear) -> 192.168.0.20:
+ dropbear started as root (dropbear -v -F 
-r /etc/dropbear/dropbear_rsa_host_key) [see trace (1)]
+ -rw-------    1 root root  427 ... dropbear_rsa_host_key
+ /root/.ssh/authorized_keys contains public key of client:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwCG ... 7ITwqih9hTB9ItPfgtggvclIVlMzVJ= 
root at 192.168.0.23
It doesn´t make any difference if I append user at host or not.
+ -rw-------   1 root root 232 ... authorized_keys


client (dbclient) -> 192.168.0.23
+ generated new keys on client
+ private key in id_rsa.db / public key appended to authorized_keys on the 
server
+ under user root: dbclient -v -l root 192.168.0.20  [see trace (2)]
(+ 'dbclient -i id_rsa.db -v -l root 192.168.0.20' results in 
WARNING: Ignoring unknown argument `-i`)
+ on serverside i get the appended trace (3)


I don´t know whats wrong, but could it be that this problem occurs cause I 
compiled dropbear and dbclient statically against uclibc? (btw I use the 
original version of options.h).
When I call 'make LDFLAGS="-static" PROGRAMS=dropbear dbclient', compilation 
fails:
cli-auth.c: In function `recv_msg_userauth_specific_60':
cli-auth.c:109: error: `cli_ses' undeclared (first use in this function)
cli-auth.c:109: error: (Each undeclared identifier is reported only once
cli-auth.c:109: error: for each function it appears in.)
cli-auth.c: In function `recv_msg_userauth_failure':
cli-auth.c:147: error: `cli_ses' undeclared (first use in this function)
cli-auth.c: In function `recv_msg_userauth_success':
cli-auth.c:233: error: `cli_ses' undeclared (first use in this function)
cli-auth.c: In function `cli_auth_try':
cli-auth.c:249: error: `cli_ses' undeclared (first use in this function)
make: *** [cli-auth.o] Fehler 1

Compiling them apart works well (PROGRAMS=dropbear or PROGRAMS=dbclient).



Sorry, this mail became really long...

greetings
Sebastian



--------------------------------------------------------------------------------------------------------------
(1) Trace dropbear
prompt # dropbear -v -F -r /etc/dropbear/dropbear_rsa_host_key
TRACE: enter loadhostkeys
TRACE: enter buf_get_priv_key
TRACE: enter rsa_key_free
TRACE: leave rsa_key_free: key == NULL
TRACE: enter buf_get_rsa_priv_key
TRACE: enter buf_get_rsa_pub_key
TRACE: leave buf_get_rsa_pub_key: success
TRACE: leave buf_get_rsa_priv_key
TRACE: leave buf_get_priv_key
TRACE: leave loadhostkeys
[15632] May 14 12:51:07 Not forking
TRACE: listensockets: 1 to try

TRACE: listening on '22'
TRACE: enter dropbear_listen
TRACE: dropbear_listen: all interfaces
TRACE: bind(22) failed
TRACE: leave dropbear_listen: success, 1 socks bound

--------------------------------------------------------------------------------------------------------------
(2) Trace dbclient
prompt# ./dbclient -v -l root 192.168.0.20
TRACE: non-flag arg: '192.168.0.20'
TRACE: user='root' host='192.168.0.20' port='22'
TRACE: enter connect_remote
TRACE: leave connect_remote: sock 3

TRACE: enter session_init
TRACE: kexinitialise()
TRACE: leave session_init
TRACE: enter ident_readln
TRACE: leave ident_readln: return 22
TRACE: remoteident: SSH-2.0-dropbear_0.48
TRACE: enter encrypt_packet()
TRACE: encrypt_packet type is 20
TRACE: enter writemac
TRACE: leave writemac
TRACE: enter enqueue
TRACE: leave enqueue
TRACE: leave encrypt_packet()
TRACE: DATAALLOWED=0
TRACE: -> KEXINIT
TRACE: enter write_packet
TRACE: empty queue dequeing
TRACE: leave write_packet
TRACE: enter read_packet
TRACE: enter decrypt_packet
TRACE: leave decrypt_packet
TRACE: leave read_packet
TRACE: enter process_packet
TRACE: process_packet: packet type = 20
TRACE: <- KEXINIT
TRACE: enter recv_msg_kexinit
TRACE: cli_buf_match_algo: diffie-hellman-group1-sha1
TRACE: kex algo diffie-hellman-group1-sha1
TRACE: cli_buf_match_algo: ssh-rsa
TRACE: hostkey algo ssh-rsa
TRACE: cli_buf_match_algo: aes128-cbc,3des-cbc,aes256-cbc
TRACE: enc c2s is  aes128-cbc
TRACE: cli_buf_match_algo: aes128-cbc,3des-cbc,aes256-cbc
TRACE: enc s2c is  aes128-cbc
TRACE: cli_buf_match_algo: hmac-sha1-96,hmac-sha1
TRACE: hash c2s is  hmac-sha1-96
TRACE: cli_buf_match_algo: hmac-sha1-96,hmac-sha1
TRACE: hash s2c is  hmac-sha1-96
TRACE: cli_buf_match_algo: none
TRACE: hash c2s is  none
TRACE: cli_buf_match_algo: none
TRACE: hash s2c is  none
TRACE: leave recv_msg_kexinit
TRACE: leave process_packet
TRACE: enter cli_sessionloop
TRACE: enter send_msg_kexdh_reply
TRACE: enter buf_putmpint
TRACE: leave buf_putmpint
TRACE: enter encrypt_packet()
TRACE: encrypt_packet type is 30
TRACE: enter writemac
TRACE: leave writemac
TRACE: enter enqueue
TRACE: leave enqueue
TRACE: leave encrypt_packet()
TRACE: leave cli_sessionloop: done with KEXINIT_RCVD
TRACE: enter write_packet
TRACE: empty queue dequeing
TRACE: leave write_packet
TRACE: enter cli_sessionloop
TRACE: leave cli_sessionloop: kex_state != KEX_NOTHING
TRACE: enter read_packet
TRACE: enter decrypt_packet
TRACE: leave decrypt_packet
TRACE: leave read_packet
TRACE: enter process_packet
TRACE: process_packet: packet type = 31
TRACE: enter recv_msg_kexdh_reply
TRACE: type is 1
TRACE: enter buf_getline
TRACE: leave buf_getline: success
TRACE: hosts don't match
TRACE: enter buf_getline
TRACE: leave buf_getline: success
TRACE: checkpubkey: base64_decode success
TRACE: good matching key
TRACE: enter buf_get_pub_key
TRACE: enter rsa_key_free
TRACE: leave rsa_key_free: key == NULL
TRACE: enter buf_get_rsa_pub_key
TRACE: leave buf_get_rsa_pub_key: success
TRACE: leave buf_get_pub_key
TRACE: enter buf_put_pub_key
TRACE: enter buf_put_rsa_pub_key
TRACE: enter buf_putmpint
TRACE: leave buf_putmpint
TRACE: enter buf_putmpint
TRACE: leave buf_putmpint
TRACE: leave buf_put_rsa_pub_key
TRACE: leave buf_put_pub_key
TRACE: enter buf_putmpint
TRACE: leave buf_putmpint
TRACE: enter buf_putmpint
TRACE: leave buf_putmpint
TRACE: enter buf_putmpint
TRACE: leave buf_putmpint
TRACE: enter buf_verify
TRACE: enter buf_rsa_verify
TRACE: success!
TRACE: leave buf_rsa_verify: ret 0
TRACE: enter sign_key_free
TRACE: enter rsa_key_free
TRACE: leave rsa_key_free
TRACE: leave sign_key_free
TRACE: enter send_msg_newkeys
TRACE: enter encrypt_packet()
TRACE: encrypt_packet type is 21
TRACE: enter writemac
TRACE: leave writemac
TRACE: enter enqueue
TRACE: leave enqueue
TRACE: leave encrypt_packet()
TRACE: SENTNEWKEYS=1
TRACE: -> MSG_NEWKEYS
TRACE: leave send_msg_newkeys
TRACE: leave recv_msg_kexdh_init
TRACE: leave process_packet
TRACE: enter cli_sessionloop
TRACE: leave cli_sessionloop: kex_state != KEX_NOTHING
TRACE: enter write_packet
TRACE: empty queue dequeing
TRACE: leave write_packet
TRACE: enter read_packet
TRACE: enter decrypt_packet
TRACE: leave decrypt_packet
TRACE: leave read_packet
TRACE: enter process_packet
TRACE: process_packet: packet type = 21
TRACE: <- MSG_NEWKEYS
TRACE: enter recv_msg_newkeys
TRACE: while SENTNEWKEYS=1
TRACE: enter gen_new_keys
TRACE: enter buf_putmpint
TRACE: leave buf_putmpint
TRACE: leave gen_new_keys
TRACE: kexinitialise()
TRACE:  -> DATAALLOWED=1
TRACE: leave recv_msg_newkeys
TRACE: leave process_packet
TRACE: enter cli_sessionloop
TRACE: enter send_msg_service_request: servicename='ssh-userauth'
TRACE: enter encrypt_packet()
TRACE: encrypt_packet type is 5
TRACE: enter writemac
TRACE: leave writemac
TRACE: enter enqueue
TRACE: leave enqueue
TRACE: leave encrypt_packet()
TRACE: leave send_msg_service_request
TRACE: leave cli_sessionloop: sent userauth service req
TRACE: enter write_packet
TRACE: empty queue dequeing
TRACE: leave write_packet
TRACE: enter cli_sessionloop
TRACE: leave cli_sessionloop: fell out
TRACE: enter read_packet
TRACE: enter decrypt_packet
TRACE: leave decrypt_packet
TRACE: leave read_packet
TRACE: enter process_packet
TRACE: process_packet: packet type = 6
TRACE: enter recv_msg_service_accept
TRACE: leave recv_msg_service_accept: done ssh-userauth
TRACE: leave process_packet
TRACE: enter cli_sessionloop
TRACE: enter cli_auth_getmethods
TRACE: enter encrypt_packet()
TRACE: encrypt_packet type is 50
TRACE: enter writemac
TRACE: leave writemac
TRACE: enter enqueue
TRACE: leave enqueue
TRACE: leave encrypt_packet()
TRACE: leave cli_auth_getmethods
TRACE: leave cli_sessionloop: sent userauth methods req
TRACE: enter write_packet
TRACE: empty queue dequeing
TRACE: leave write_packet
TRACE: enter cli_sessionloop
TRACE: leave cli_sessionloop: fell out
TRACE: enter read_packet
TRACE: enter decrypt_packet
TRACE: leave decrypt_packet
TRACE: leave read_packet
TRACE: enter process_packet
TRACE: process_packet: packet type = 51
TRACE: <- MSG_USERAUTH_FAILURE
TRACE: enter recv_msg_userauth_failure
TRACE: Methods (len 9): 'publickey'
TRACE: auth method 'publickey'
TRACE: leave recv_msg_userauth_failure
TRACE: leave process_packet
TRACE: enter cli_sessionloop
TRACE: enter cli_auth_try
TRACE: cli_auth_try lastauthtype 1
TRACE: enter cli_tty_cleanup
TRACE: leave cli_tty_cleanup: not in raw mode
TRACE: enter session_cleanup
TRACE: enter chancleanup
TRACE: leave chancleanup
TRACE: leave session_cleanup
./dbclient: connection to root at 192.168.0.20:22 exited: No auth methods could 
be used.

--------------------------------------------------------------------------------------------------------------
(3) Trace serverside after executing dbclient (excerpt)
...
TRACE: enter recv_msg_userauth_request
TRACE: recv_msg_userauth_request: 'none' request
TRACE: enter send_msg_userauth_failure
TRACE: enter encrypt_packet()
TRACE: encrypt_packet type is 51
TRACE: enter writemac
TRACE: leave writemac
TRACE: enter enqueue
TRACE: leave enqueue
TRACE: leave encrypt_packet()
TRACE: auth fail: methods 2, ''
TRACE: leave send_msg_userauth_failure
TRACE: leave process_packet
TRACE: enter write_packet
TRACE: empty queue dequeing
TRACE: leave write_packet
TRACE: enter read_packet
[16168] May 14 13:06:46 exit before auth: Exited normally
...



Am Samstag, 13. Mai 2006 06:42 schrieben Sie:
>
> The /etc/dropbear/dropbear_rsa_host_key file is the server's
> _private_ key, used for all sessions (even password authed)
> so that the client knows that it's talking to the same
> server each time. This is independent of using public keys for
> user auth. If you generate a key using dropbearkey and copy
> the private key part to dropbear_rsa_host_key, it should
> work fine.
>
> If you then want to use public key authentication, on the
> client you have to generate a key, then paste the public
> part into ~/.ssh/authorized_keys on the server. If you're
> using dbclient then you'd generate it with dropbearkey and
> specify it with "dbclient -i ~/.ssh/id_rsa.db", otherwise
> you'd use the client-specific key generator - dbclient for
> OpenSSH, PuTTYgen for putty, etc.
>
> Cheers,
> Matt



More information about the Dropbear mailing list