ssh disconnects due to corrupt packet (dropbear compiled with DEBUG_TRACE)
Hariharasubramanian Ramasubramanian
hramasub at in.ibm.com
Thu Oct 12 16:29:49 AWST 2017
Thanks Matt.
You are right that dropbear is being run from inetd through a systemd
service file.
However, the logs are configured to go into syslog (i.e. _no_ -E switch).
-------------
The configuration in dropbear at .service is as follows:
[Unit]
Description=SSH Per-Connection Server
Wants=dropbearkey.service
After=syslog.target dropbearkey.service
[Service]
Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear"
EnvironmentFile=-/etc/default/dropbear
ExecStart=- at SBINDIR@/dropbear -i -I 5 -v -r ${DROPBEAR_RSAKEY_DIR}/
dropbear_rsa_host_key
ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
StandardInput=socket
KillMode=process
-------------
>
> From: Matt Johnston <matt at ucc.asn.au>
> To: Hariharasubramanian Ramasubramanian <hramasub at in.ibm.com>
> Cc: dropbear at ucc.asn.au
> Date: 10/11/2017 04:18 PM
> Subject: Re: ssh disconnects due to corrupt packet (dropbear
> compiled with DEBUG_TRACE)
>
> Hi,
>
> It looks like you're running in from inetd and the TRACE output is
> ending up getting sent over the network socket. The length 1414676803 is
> 'TRAC' converted to ascii.
> I guess dropbear is running with "-E", or what is the configuration?
> That won't work, you'll need to log to syslog instead (the default) when
> using inetd.
> I can't think of any known issues in 2016.74 causing messages like that
> - if you keep seeing it could you send me the logs/pcap off-list,
> without -v.
>
> Cheers,
> Matt
>
> On 2017-10-11 11:25 am, Hariharasubramanian Ramasubramanian wrote:
>
> > I was observing occasional connection disconnect during session setup
> > with dropber version 2016.74.
> >
> > I compiled dropbear (version 2016.74) with DEBUG_TRACE flag on (in
> > debug.h) to help me debug these session setup errors.
> >
> > However when I run dropbear with the -v switch, client fails to
> > connect, _everytime_.
> >
> > The client (9.41.166.131) is OpenSSH_5.8p2 running on RHEL 6.4.
> > The server (9.3.21.44) is dropbear_2016.74
> >
> > 1) Is this a known issue in dropbear_2016.74 ?
> > 2) Also please suggest how I can debug ssh session setup failures with
> > dropbear server ?
> >
> >
>
----------------------------------------------------------------------------------------------------------------------------
> > The output of ssh -vvv root at 9.3.21.44 is as follows:
> > -bash-4.1$ ssh -vvv root at 9.3.21.44
> > OpenSSH_5.8p2, OpenSSL 1.0.0g 18 Jan 2012
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug1: Applying options for *
> > debug2: ssh_connect: needpriv 0
> > debug1: Connecting to 9.3.21.44 [9.3.21.44] port 22.
> > debug1: Connection established.
> > debug1: identity file
> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa type -1
> > debug1: identity file
> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa-cert type -1
> > debug1: identity file
> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa type -1
> > debug1: identity file
> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa-cert type -1
> > debug1: identity file
> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa type -1
> > debug1: identity file
> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa-cert type -1
> > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed
> > loading /var/lib/dropbear/dropbear_rsa_host_key
> > debug1: ssh_exchange_identification: TRACE (1522) 0.000000: leave
> > loadhostkey
> > debug1: ssh_exchange_identification: TRACE (1522) 0.001107: enter
> > buf_get_rsa_priv_key
> > debug1: ssh_exchange_identification: TRACE (1522) 0.001398: enter
> > buf_get_rsa_pub_key
> > debug1: ssh_exchange_identification: TRACE (1522) 0.002371: leave
> > buf_get_rsa_pub_key: success
> > debug1: ssh_exchange_identification: TRACE (1522) 0.003364: leave
> > buf_get_rsa_priv_key
> > debug1: ssh_exchange_identification: TRACE (1522) 0.003685: leave
> > loadhostkey
> > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed
> > loading /etc/dropbear/dropbear_dss_host_key
> > debug1: ssh_exchange_identification: TRACE (1522) 0.009414: leave
> > loadhostkey
> > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed
> > loading /etc/dropbear/dropbear_ecdsa_host_key
> > debug1: ssh_exchange_identification: TRACE (1522) 0.014786: leave
> > loadhostkey
> > debug1: ssh_exchange_identification: TRACE (1522) 0.014964: Disabling
> > key type 1
> > debug1: ssh_exchange_identification: TRACE (1522) 0.015427: Disabling
> > key type 2
> > debug1: ssh_exchange_identification: TRACE (1522) 0.016107: Disabling
> > key type 3
> > debug1: ssh_exchange_identification: TRACE (1522) 0.016541: Disabling
> > key type 4
> > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Child
> > connection from ::ffff:9.41.166.131:49818
> > debug1: ssh_exchange_identification: TRACE (1522) 0.030210: enter
> > session_init
> > debug1: ssh_exchange_identification: TRACE (1522) 0.030381:
> > setnonblocking: 0
> > debug1: ssh_exchange_identification: TRACE (1522) 0.031095: leave
> > setnonblocking
> > debug1: ssh_exchange_identification: TRACE (1522) 0.031521:
> > setnonblocking: 0
> > debug1: ssh_exchange_identification: TRACE (1522) 0.031948: leave
> > setnonblocking
> > debug1: ssh_exchange_identification: TRACE (1522) 0.032572:
> > update_channel_prio
> > debug1: ssh_exchange_identification: TRACE (1522) 0.033036:
> > update_channel_prio: not any
> > debug1: ssh_exchange_identification: TRACE (1522) 0.033453: Dropbear
> > priority transitioning 10 -> 11
> > debug1: ssh_exchange_identification: TRACE (1522) 0.034171:
> > setnonblocking: 4
> > debug1: ssh_exchange_identification: TRACE (1522) 0.034642: leave
> > setnonblocking
> > debug1: ssh_exchange_identification: TRACE (1522) 0.035068:
> > setnonblocking: 5
> > debug1: ssh_exchange_identification: TRACE (1522) 0.035746: leave
> > setnonblocking
> > debug1: ssh_exchange_identification: TRACE (1522) 0.036801: leave
> > session_init
> > debug1: ssh_exchange_identification: TRACE (1522) 0.037927:
> > kexinitialise()
> > debug1: ssh_exchange_identification: TRACE (1522) 0.038795:
> > DATAALLOWED=0
> > debug1: ssh_exchange_identification: TRACE (1522) 0.039085: -> KEXINIT
> > debug1: ssh_exchange_identification: TRACE (1522) 0.039748: enter
> > set_connect_fds
> > debug1: ssh_exchange_identification: TRACE (1522) 0.040495:
> > maybe_empty_reply_queue - no data allowed
> > debug1: ssh_exchange_identification: TRACE (1522) 0.040959: enter
> > handle_connect_fds
> > debug1: ssh_exchange_identification: TRACE (1522) 0.041604: leave
> > handle_connect_fds - end iter
> > debug1: Remote protocol version 2.0, remote software version
> > dropbear_2016.74
> > debug1: no match: dropbear_2016.74
> > debug1: Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_5.8
> > debug2: fd 3 setting O_NONBLOCK
> > debug3: load_hostkeys: loading entries for host "9.3.21.44" from file
> > "/afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/known_hosts"
> > debug3: load_hostkeys: found key type RSA in file
> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/known_hosts:6
> > debug3: load_hostkeys: loaded 1 keys
> > debug3: order_hostkeyalgs: prefer hostkeyalgs:
> > ssh-rsa-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-rsa
> > debug1: SSH2_MSG_KEXINIT sent
> > debug1: SSH2_MSG_KEXINIT received
> > debug2: kex_parse_kexinit:
> > ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-
> hellman-group-exchange-sha256,diffie-hellman-group-exchange-
> sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> > debug2: kex_parse_kexinit:
> > ssh-rsa-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-
> rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-
> cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-
> dss-cert-v01 at openssh.com,ssh-dss-cert-v00 at openssh.com,ecdsa-sha2-
> nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
> > debug2: kex_parse_kexinit:
> > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,
> 3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-
> cbc,arcfour,rijndael-cbc at lysator.liu.se
> > debug2: kex_parse_kexinit:
> > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,
> 3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-
> cbc,arcfour,rijndael-cbc at lysator.liu.se
> > debug2: kex_parse_kexinit:
> > hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-
> ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> > debug2: kex_parse_kexinit:
> > hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-
> ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> > debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> > debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit: first_kex_follows 0
> > debug2: kex_parse_kexinit: reserved 0
> > debug2: kex_parse_kexinit:
> > curve25519-sha256 at libssh.org,ecdh-sha2-nistp521,ecdh-sha2-
> nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-
> hellman-group1-sha1,kexguess2 at matt.ucc.asn.au
> > debug2: kex_parse_kexinit: ssh-rsa
> > debug2: kex_parse_kexinit:
> > aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-
> cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
> > debug2: kex_parse_kexinit:
> > aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-
> cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
> > debug2: kex_parse_kexinit:
> > hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5
> > debug2: kex_parse_kexinit:
> > hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5
> > debug2: kex_parse_kexinit: zlib at openssh.com,none
> > debug2: kex_parse_kexinit: zlib at openssh.com,none
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit: first_kex_follows 0
> > debug2: kex_parse_kexinit: reserved 0
> > debug2: mac_setup: found hmac-md5
> > debug1: kex: server->client aes128-ctr hmac-md5 none
> > debug2: mac_setup: found hmac-md5
> > debug1: kex: client->server aes128-ctr hmac-md5 none
> > debug1: sending SSH2_MSG_KEX_ECDH_INIT
> > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> > Bad packet length 1414676803.
> > Disconnecting: Packet corrupt
> >
>
----------------------------------------------------------------------------------------------------------------------------
> > tcpdump of the session setup sequence is attached.
> >
> > thanks in advance,
> > Hariharasubramanian R.
> > Power Firmware Development
> > IBM India Systems & Technology Lab, Bangalore, India
> > Phone: +91 80 4025 5075
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20171012/a2cd170b/attachment-0001.htm
More information about the Dropbear
mailing list