ssh disconnects due to corrupt packet (dropbear compiled with DEBUG_TRACE)

Matt Johnston matt at ucc.asn.au
Wed Oct 11 18:47:59 AWST 2017


Hi,

It looks like you're running in from inetd and the TRACE output is 
ending up getting sent over the network socket. The length 1414676803 is 
'TRAC' converted to ascii.
I guess dropbear is running with "-E", or what is the configuration? 
That won't work, you'll need to log to syslog instead (the default) when 
using inetd.
I can't think of any known issues in 2016.74 causing messages like that 
- if you keep seeing it could you send me the logs/pcap off-list, 
without -v.

Cheers,
Matt

On 2017-10-11 11:25 am, Hariharasubramanian Ramasubramanian wrote:

> I was observing occasional connection disconnect during session setup 
> with dropber version 2016.74.
> 
> I compiled dropbear (version 2016.74) with DEBUG_TRACE flag on (in 
> debug.h) to help me debug these session setup errors.
> 
> However when I run dropbear with the -v switch, client fails to 
> connect, _everytime_.
> 
> The client (9.41.166.131) is OpenSSH_5.8p2 running on RHEL 6.4.
> The server (9.3.21.44) is dropbear_2016.74
> 
> 1) Is this a known issue in dropbear_2016.74 ?
> 2) Also please suggest how I can debug ssh session setup failures with 
> dropbear server ?
> 
> ----------------------------------------------------------------------------------------------------------------------------
> The output of ssh -vvv root at 9.3.21.44 is as follows:
> -bash-4.1$ ssh -vvv root at 9.3.21.44
> OpenSSH_5.8p2, OpenSSL 1.0.0g 18 Jan 2012
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to 9.3.21.44 [9.3.21.44] port 22.
> debug1: Connection established.
> debug1: identity file 
> /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa type -1
> debug1: identity file 
> /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa-cert type -1
> debug1: identity file 
> /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa type -1
> debug1: identity file 
> /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa-cert type -1
> debug1: identity file 
> /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa type -1
> debug1: identity file 
> /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa-cert type -1
> debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed 
> loading /var/lib/dropbear/dropbear_rsa_host_key
> debug1: ssh_exchange_identification: TRACE (1522) 0.000000: leave 
> loadhostkey
> debug1: ssh_exchange_identification: TRACE (1522) 0.001107: enter 
> buf_get_rsa_priv_key
> debug1: ssh_exchange_identification: TRACE (1522) 0.001398: enter 
> buf_get_rsa_pub_key
> debug1: ssh_exchange_identification: TRACE (1522) 0.002371: leave 
> buf_get_rsa_pub_key: success
> debug1: ssh_exchange_identification: TRACE (1522) 0.003364: leave 
> buf_get_rsa_priv_key
> debug1: ssh_exchange_identification: TRACE (1522) 0.003685: leave 
> loadhostkey
> debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed 
> loading /etc/dropbear/dropbear_dss_host_key
> debug1: ssh_exchange_identification: TRACE (1522) 0.009414: leave 
> loadhostkey
> debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed 
> loading /etc/dropbear/dropbear_ecdsa_host_key
> debug1: ssh_exchange_identification: TRACE (1522) 0.014786: leave 
> loadhostkey
> debug1: ssh_exchange_identification: TRACE (1522) 0.014964: Disabling 
> key type 1
> debug1: ssh_exchange_identification: TRACE (1522) 0.015427: Disabling 
> key type 2
> debug1: ssh_exchange_identification: TRACE (1522) 0.016107: Disabling 
> key type 3
> debug1: ssh_exchange_identification: TRACE (1522) 0.016541: Disabling 
> key type 4
> debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Child 
> connection from ::ffff:9.41.166.131:49818
> debug1: ssh_exchange_identification: TRACE (1522) 0.030210: enter 
> session_init
> debug1: ssh_exchange_identification: TRACE (1522) 0.030381: 
> setnonblocking: 0
> debug1: ssh_exchange_identification: TRACE (1522) 0.031095: leave 
> setnonblocking
> debug1: ssh_exchange_identification: TRACE (1522) 0.031521: 
> setnonblocking: 0
> debug1: ssh_exchange_identification: TRACE (1522) 0.031948: leave 
> setnonblocking
> debug1: ssh_exchange_identification: TRACE (1522) 0.032572: 
> update_channel_prio
> debug1: ssh_exchange_identification: TRACE (1522) 0.033036: 
> update_channel_prio: not any
> debug1: ssh_exchange_identification: TRACE (1522) 0.033453: Dropbear 
> priority transitioning 10 -> 11
> debug1: ssh_exchange_identification: TRACE (1522) 0.034171: 
> setnonblocking: 4
> debug1: ssh_exchange_identification: TRACE (1522) 0.034642: leave 
> setnonblocking
> debug1: ssh_exchange_identification: TRACE (1522) 0.035068: 
> setnonblocking: 5
> debug1: ssh_exchange_identification: TRACE (1522) 0.035746: leave 
> setnonblocking
> debug1: ssh_exchange_identification: TRACE (1522) 0.036801: leave 
> session_init
> debug1: ssh_exchange_identification: TRACE (1522) 0.037927: 
> kexinitialise()
> debug1: ssh_exchange_identification: TRACE (1522) 0.038795: 
> DATAALLOWED=0
> debug1: ssh_exchange_identification: TRACE (1522) 0.039085: -> KEXINIT
> debug1: ssh_exchange_identification: TRACE (1522) 0.039748: enter 
> set_connect_fds
> debug1: ssh_exchange_identification: TRACE (1522) 0.040495: 
> maybe_empty_reply_queue - no data allowed
> debug1: ssh_exchange_identification: TRACE (1522) 0.040959: enter 
> handle_connect_fds
> debug1: ssh_exchange_identification: TRACE (1522) 0.041604: leave 
> handle_connect_fds - end iter
> debug1: Remote protocol version 2.0, remote software version 
> dropbear_2016.74
> debug1: no match: dropbear_2016.74
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.8
> debug2: fd 3 setting O_NONBLOCK
> debug3: load_hostkeys: loading entries for host "9.3.21.44" from file 
> "/afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/known_hosts"
> debug3: load_hostkeys: found key type RSA in file 
> /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/known_hosts:6
> debug3: load_hostkeys: loaded 1 keys
> debug3: order_hostkeyalgs: prefer hostkeyalgs: 
> ssh-rsa-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-rsa
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit: 
> ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: 
> ssh-rsa-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ssh-dss-cert-v00 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
> debug2: kex_parse_kexinit: 
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit: 
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit: 
> hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: 
> hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit: 
> curve25519-sha256 at libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kexguess2 at matt.ucc.asn.au
> debug2: kex_parse_kexinit: ssh-rsa
> debug2: kex_parse_kexinit: 
> aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
> debug2: kex_parse_kexinit: 
> aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
> debug2: kex_parse_kexinit: 
> hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5
> debug2: kex_parse_kexinit: 
> hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5
> debug2: kex_parse_kexinit: zlib at openssh.com,none
> debug2: kex_parse_kexinit: zlib at openssh.com,none
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_setup: found hmac-md5
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug2: mac_setup: found hmac-md5
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: sending SSH2_MSG_KEX_ECDH_INIT
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> Bad packet length 1414676803.
> Disconnecting: Packet corrupt
> ----------------------------------------------------------------------------------------------------------------------------
> tcpdump of the session setup sequence is attached.
> 
> thanks in advance,
> Hariharasubramanian R.
> Power Firmware Development
> IBM India Systems & Technology Lab, Bangalore, India
> Phone: +91 80 4025 5075


More information about the Dropbear mailing list