<div dir="ltr">Hi Matt,<div><br></div><div>thanks, I increased the MAX_STRING_LEN and it is working now..</div><div>underneath the data from that SunOS system</div><div>I see a large list of kex_parse_kexinit lines....</div><div><br></div><div>Hans</div><div><br></div><div><div>SunOS somehost 5.10 Generic_150400-03 sun4v sparc sun4v</div><div><br></div><div>$ cat /etc/release</div><div> Oracle Solaris 10 1/13 s10s_u11wos_24a SPARC</div><div> Copyright (c) 1983, 2013, Oracle and/or its affiliates. All rights reserved.</div><div> Assembled 17 January 2013</div><div><br></div><div><br></div><div><br></div><div>OpenSSH_5.3p1 Debian-3ubuntu7.1, OpenSSL 0.9.8k 25 Mar 2009</div><div>debug1: Reading configuration data /etc/ssh/ssh_config</div><div>debug1: Applying options for *</div><div>debug2: ssh_connect: needpriv 0</div><div>debug1: Connecting to 127.0.0.1 [127.0.0.1] port 23960.</div><div>debug1: Connection established.</div><div>debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.6</div><div>debug1: no match: Sun_SSH_1.1.6</div><div>debug1: Enabling compatibility mode for protocol 2.0</div><div>debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7.1</div><div>debug2: fd 3 setting O_NONBLOCK</div><div>debug1: SSH2_MSG_KEXINIT sent</div><div>debug3: Wrote 792 bytes for a total of 833</div><div>debug1: SSH2_MSG_KEXINIT received</div><div>debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1</div><div>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss</div><div>debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a href="mailto:rijndael-cbc@lysator.liu.se">rijndael-cbc@lysator.liu.se</a></div><div>debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a href="mailto:rijndael-cbc@lysator.liu.se">rijndael-cbc@lysator.liu.se</a></div><div>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a href="mailto:umac-64@openssh.com">umac-64@openssh.com</a>,hmac-ripemd160,<a href="mailto:hmac-ripemd160@openssh.com">hmac-ripemd160@openssh.com</a>,hmac-sha1-96,hmac-md5-96</div><div>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a href="mailto:umac-64@openssh.com">umac-64@openssh.com</a>,hmac-ripemd160,<a href="mailto:hmac-ripemd160@openssh.com">hmac-ripemd160@openssh.com</a>,hmac-sha1-96,hmac-md5-96</div><div>debug2: kex_parse_kexinit: none,<a href="mailto:zlib@openssh.com">zlib@openssh.com</a>,zlib</div><div>debug2: kex_parse_kexinit: none,<a href="mailto:zlib@openssh.com">zlib@openssh.com</a>,zlib</div><div>debug2: kex_parse_kexinit:</div><div>debug2: kex_parse_kexinit:</div><div>debug2: kex_parse_kexinit: first_kex_follows 0</div><div>debug2: kex_parse_kexinit: reserved 0</div><div>debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1</div><div>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss</div><div>debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc</div><div>debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc</div><div>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96</div><div>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96</div><div>debug2: kex_parse_kexinit: none,zlib</div><div>debug2: kex_parse_kexinit: none,zlib</div><div>debug2: kex_parse_kexinit: de,de-LU,en-CA,en-GB,en-IE,en-US,es,es-MX,fr,fr-BE,fr-CA,fr-FR,fr-LU,ja-JP,ko,ko-KR,nl-BE,nl-NL,zh,zh-CN,zh-HK,zh-TW,ja,nl,i-default</div><div>debug2: kex_parse_kexinit: de,de-LU,en-CA,en-GB,en-IE,en-US,es,es-MX,fr,fr-BE,fr-CA,fr-FR,fr-LU,ja-JP,ko,ko-KR,nl-BE,nl-NL,zh,zh-CN,zh-HK,zh-TW,ja,nl,i-default</div><div>debug2: kex_parse_kexinit: first_kex_follows 0</div><div>debug2: kex_parse_kexinit: reserved 0</div><div>debug2: mac_setup: found hmac-md5</div><div>debug1: kex: server->client aes128-ctr hmac-md5 none</div><div>debug2: mac_setup: found hmac-md5</div><div>debug1: kex: client->server aes128-ctr hmac-md5 none</div><div>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent</div><div>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP</div><div>debug3: Wrote 24 bytes for a total of 857</div><div>debug2: dh_gen_key: priv key bits set: 138/256</div><div>debug2: bits set: 519/1024</div><div>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent</div><div>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY</div><div>debug3: Wrote 144 bytes for a total of 1001</div><div>debug3: put_host_port: [127.0.0.1]:23960</div><div>debug3: put_host_port: [127.0.0.1]:23960</div><div>debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts</div><div>debug1: checking without port identifier</div><div>debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts</div><div>Warning: Permanently added '[127.0.0.1]:23960' (RSA) to the list of known hosts.</div><div>debug2: bits set: 499/1024</div><div>debug1: ssh_rsa_verify: signature correct</div><div>debug2: kex_derive_keys</div><div>debug2: set_newkeys: mode 1</div><div>debug1: SSH2_MSG_NEWKEYS sent</div><div>debug1: expecting SSH2_MSG_NEWKEYS</div><div>debug3: Wrote 16 bytes for a total of 1017</div><div>debug2: set_newkeys: mode 0</div><div>debug1: SSH2_MSG_NEWKEYS received</div><div>debug1: SSH2_MSG_SERVICE_REQUEST sent</div><div>debug3: Wrote 48 bytes for a total of 1065</div><div>debug2: service_accept: ssh-userauth</div><div>debug1: SSH2_MSG_SERVICE_ACCEPT received</div><div>debug2: key: xxxxxxxxxxxxxxxxx ((nil))</div><div>debug3: Wrote 64 bytes for a total of 1129</div><div>debug3: input_userauth_banner</div><div><br></div><div>Some text</div><div><br></div><div>debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive</div><div>debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive</div><div>debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password</div><div>debug3: authmethod_lookup gssapi-keyex</div><div>debug3: remaining preferred: gssapi-with-mic,gssapi,publickey,keyboard-interactive,password</div><div>debug3: authmethod_is_enabled gssapi-keyex</div><div>debug1: Next authentication method: gssapi-keyex</div><div>debug1: No valid Key exchange context</div><div>debug2: we did not send a packet, disable method</div><div>debug3: authmethod_lookup gssapi-with-mic</div><div>debug3: remaining preferred: gssapi,publickey,keyboard-interactive,password</div><div>debug3: authmethod_is_enabled gssapi-with-mic</div><div>debug1: Next authentication method: gssapi-with-mic</div><div>debug1: Unspecified GSS failure. Minor code may provide more information</div><div>Credentials cache file '/tmp/krb5cc_40000' not found</div><div><br></div><div>debug1: Unspecified GSS failure. Minor code may provide more information</div><div>Credentials cache file '/tmp/krb5cc_40000' not found</div><div><br></div><div>debug1: Unspecified GSS failure. Minor code may provide more information</div><div><br></div><div><br></div><div>debug2: we did not send a packet, disable method</div><div>debug3: authmethod_lookup publickey</div><div>debug3: remaining preferred: keyboard-interactive,password</div><div>debug3: authmethod_is_enabled publickey</div><div>debug1: Next authentication method: publickey</div><div>debug1: Trying private key: xxxxxxxxxxxxxx</div><div>debug1: read PEM private key done: type RSA</div><div>debug3: sign_and_send_pubkey</div><div>debug2: we sent a publickey packet, wait for reply</div><div>debug3: Wrote 384 bytes for a total of 1513</div><div>debug1: Authentication succeeded (publickey).</div><div>debug1: channel 0: new [client-session]</div><div>debug3: ssh_session2_open: channel_new: 0</div><div>debug2: channel 0: send open</div><div>debug1: Entering interactive session.</div><div>debug3: Wrote 64 bytes for a total of 1577</div><div>debug2: callback start</div><div>debug2: client_session2_setup: id 0</div><div>debug2: channel 0: request pty-req confirm 1</div><div>debug1: Sending environment.</div><div>debug3: Ignored env SHELL</div><div>debug3: Ignored env TERM</div><div>debug3: Ignored env SSH_CLIENT</div><div>debug3: Ignored env SSH_USER</div><div>debug3: Ignored env SSH_TTY</div><div>debug1: Sending env LC_ALL = C</div><div>debug2: channel 0: request env confirm 0</div><div>debug3: Ignored env USER</div><div>debug3: Ignored env http_proxy</div><div>debug3: Ignored env USERSSH</div><div>debug3: Ignored env LD_LIBRARY_PATH</div><div>debug3: Ignored env LS_COLORS</div><div>debug3: Ignored env SUDO_USER</div><div>debug3: Ignored env SUDO_UID</div><div>debug3: Ignored env USERNAME</div><div>debug3: Ignored env PAGER</div><div>debug3: Ignored env PATH</div><div>debug3: Ignored env MAIL</div><div>debug3: Ignored env PWD</div><div>debug3: Ignored env EDITOR</div><div>debug1: Sending env LANG = en_GB</div><div>debug2: channel 0: request env confirm 0</div><div>debug3: Ignored env https_proxy</div><div>debug3: Ignored env SUDO_COMMAND</div><div>debug3: Ignored env HOME</div><div>debug3: Ignored env SHLVL</div><div>debug3: Ignored env LOGNAME</div><div>debug3: Ignored env SSH_CONNECTION</div><div>debug3: Ignored env LESSOPEN</div><div>debug3: Ignored env SUDO_GID</div><div>debug3: Ignored env LESSCLOSE</div><div>debug3: Ignored env HISTFILE</div><div>debug3: Ignored env _</div><div>debug3: Ignored env OLDPWD</div><div>debug2: channel 0: request shell confirm 1</div><div>debug2: fd 3 setting TCP_NODELAY</div><div>debug2: callback done</div><div>debug2: channel 0: open confirm rwindow 0 rmax 32768</div><div>debug3: Wrote 512 bytes for a total of 2089</div><div>debug2: channel_input_status_confirm: type 99 id 0</div><div>debug2: PTY allocation request accepted on channel 0</div><div>debug1: Remote: Channel 0 set: LC_ALL=C</div><div>debug1: Remote: Channel 0 set: LANG=en_GB</div><div>debug2: channel 0: rcvd adjust 198560</div><div>debug2: channel_input_status_confirm: type 99 id 0</div><div>debug2: shell request accepted on channel 0</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><span class="" style="white-space:pre">                                                        </span></div><div><span class="" style="white-space:pre">                                                        </span></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 15, 2014 at 5:10 PM, Matt Johnston <span dir="ltr"><<a href="mailto:matt@ucc.asn.au" target="_blank">matt@ucc.asn.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Hans,<br>
<br>
I think that should be OK to increase, you might need to<br>
raise MAX_PROPOSED_ALGO too. Which version of SunOS is it,<br>
can you send me the output of "dbclient -v" or OpenSSH "ssh -vvv"<br>
to that server? I guess it has lots of kerberos key exchange<br>
methods or something. It doesn't really make sense to have a<br>
fixed limit (there's already the packet size limit), I'll<br>
put that on the todo list for the next release.<br>
<br>
Cheers,<br>
Matt<br>
<br>
On Mon, Sep 15, 2014 at 04:21:22PM +0200, Hans Harder wrote:<br>
> I am getting a 'String too long' error whenever I try to connect to a SunOS<br>
> server with dbclient<br>
><br>
> In order to find out how much it is to long, I adapted 1 line in buffer.c<br>
> Now I get the message:"exited: String too long (2056 > 1400)"<br>
><br>
> That is a lot larger than 1400...<br>
> Any concerns before I increase the MAX_STRING_LEN to 2100 ?<br>
><br>
> Hans<br>
><br>
><br>
><br>
> --- a/buffer.c 2014-08-08 07:40:46.000000000 -0600<br>
> +++ b/buffer.c 2014-09-15 08:02:44.000000000 -0600<br>
> @@ -209,7 +209,7 @@ unsigned char* buf_getstring(buffer* buf<br>
> unsigned char* ret;<br>
> len = buf_getint(buf);<br>
> if (len > MAX_STRING_LEN) {<br>
> - dropbear_exit("String too long");<br>
> + dropbear_exit("String too long (%d ><br>
> %d)",len,MAX_STRING_LEN);<br>
> }<br>
><br>
> if (retlen != NULL) {<br>
</blockquote></div><br></div>