<div dir="ltr"><div><div><div>Hi Matt,<br><br></div>During investigation I outputted list of the keys in dropbear. And I saw that requested key cannot be found because the list was corrupted. In NOMMU architectures memory corruption is frequently happens when stack pointer is running beyond stack size. <br>I checked stack size setting of dropbear in flat binary header with flthdr utility from cross tool-chain. And it showed that stack size was default 4K. What is usually very low. Default stack size was used because "-Wl,-elf2flt=..." parameters were passed only in CFLAGS. But dropbear make procedure does use only LDFLAGS during linking and no CFLAGS.<br><br>I started increasing stack size with "flthdr -s " and finally with 32K it was working as expected.<br><br></div>Regards,<br></div>Konstantin Lazarev.<br><div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Jan 29, 2017 at 5:17 AM, Matt Johnston <span dir="ltr"><<a href="mailto:matt@ucc.asn.au" target="_blank">matt@ucc.asn.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Hi Konstantin,<div><br></div><div>Glad you found what the problem was. Out of interest how did you figure it was a stack size issue? It might be useful as a debugging step for other people in future.</div><div>32kB seems a like a lot, I'll have a look if there's anything that could be improved in Dropbear or libtommath.</div><div><br></div><div>Cheers,</div><div>Matt</div><div><div class="h5"><div><br><div><blockquote type="cite"><div>On Sat 28/1/2017, at 3:14 am, Konstantin Lazarev <<a href="mailto:cnlazarev@gmail.com" target="_blank">cnlazarev@gmail.com</a>> wrote:</div><br class="m_-4556536958326046173Apple-interchange-newline"><div><div dir="ltr"><div><div><div>Hi Matt,<br><br></div>The SEGV was related to the size of insufficient stack set for the dropbear flat binary.<br></div>After setting stack to 32K problem is not observed any more. SSH client login with key parameters is working as expected.<br><br></div>Thank you,<br><div><div>Konstantin Lazarev.<br></div><div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 18, 2017 at 2:32 PM, Konstantin Lazarev <span dir="ltr"><<a href="mailto:cnlazarev@gmail.com" target="_blank">cnlazarev@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi Matt,<br><br></div>Dropbear is usually running under inetd in our system. I provide foreground run only for debug output. When dropbear runs from inetd SSH client either received connection rejection or nothing because dropbear crush.<br></div>And when default algo is used ecdsa-sha2-nistp521 is reported by client.<br></div>Please see log:<br><div><div><div><div>$ ssh -v <a href="mailto:root@172.17.152.20" target="_blank">root@172.17.152.20</a><div><div class="m_-4556536958326046173h5"><br>OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016<br>debug1: Reading configuration data /etc/ssh/ssh_config<br>debug1: /etc/ssh/ssh_config line 19: Applying options for *<br>debug1: Connecting to 172.17.152.20 [172.17.152.20] port 22.<br>debug1: Connection established.<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_rsa type -1 <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: key_load_public: No such file or directory <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: identity file /home//.ssh/id_rsa-cert type -1 <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: key_load_public: No such file or directory <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: identity file /home//.ssh/id_dsa type -1 <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: key_load_public: No such file or directory <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: identity file /home//.ssh/id_dsa-cert type -1 <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: key_load_public: No such file or directory <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: identity file /home//.ssh/id_ecdsa type -1 <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: key_load_public: No such file or directory <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: identity file /home//.ssh/id_ecdsa-cert type -1 <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: key_load_public: No such file or directory <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: identity file /home//.ssh/id_ed25519 type -1 <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: key_load_public: No such file or directory <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: identity file /home//.ssh/id_ed25519-cert type -1 <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: Enabling compatibility mode for protocol 2.0 <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: Remote protocol version 2.0, remote software version dropbear_2016.74 <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: no match: dropbear_2016.74 <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: Authenticating to <a href="http://172.17.152.20:22/" target="_blank">172.17.152.20:22</a> as 'root' <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: SSH2_MSG_KEXINIT sent <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: SSH2_MSG_KEXINIT received <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: kex: algorithm: <a href="mailto:curve25519-sha256@libssh.org" target="_blank">curve25519-sha256@libssh.org</a> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br></div></div>debug1: kex: host key algorithm: ecdsa-sha2-nistp521 <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br><span>debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: expecting SSH2_MSG_KEX_ECDH_REPLY <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br></span>debug1: Server host key: ecdsa-sha2-nistp521 SHA256:F7fYb86a+/mzH75THk014kU<wbr>LrbPL93EVj4jwpKsngso <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>The authenticity of host '172.17.152.20 (172.17.152.20)' can't be established. <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>ECDSA key fingerprint is SHA256:F7fYb86a+/mzH75THk014kU<wbr>LrbPL93EVj4jwpKsngso. <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>Are you sure you want to continue connecting (yes/no)? yes <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>Warning: Permanently added '172.17.152.20' (ECDSA) to the list of known hosts. <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: rekey after 4294967296 blocks <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: SSH2_MSG_NEWKEYS sent <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: expecting SSH2_MSG_NEWKEYS <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <wbr> <br>debug1: rekey after 4294967296 blocks<br>debug1: SSH2_MSG_NEWKEYS received<br>debug1: SSH2_MSG_SERVICE_ACCEPT received<br>debug1: Authentications that can continue: publickey,password<br>debug1: Next authentication method: publickey<br>debug1: Trying private key: /home//.ssh/id_rsa<br>debug1: Trying private key: /home//.ssh/id_dsa<br>debug1: Trying private key: /home//.ssh/id_ecdsa<br>debug1: Trying private key: /home//.ssh/id_ed25519<br>debug1: Next authentication method: password<br><a href="mailto:root@172.17.152.20" target="_blank">root@172.17.152.20</a>'s password: <br>debug1: Authentication succeeded (password).<br>Authenticated to 172.17.152.20 ([172.17.152.20]:22).<br>debug1: channel 0: new [client-session]<br>debug1: Entering interactive session.<br>debug1: pledge: network<br>debug1: Sending environment.<br>debug1: Sending env LANG = en_US.UTF-8<br><br><br>[<a href="mailto:root@172.17.152.20" target="_blank">root@172.17.152.20</a>: ]# <br><br></div><div>Regards,<br></div><div>Konstantin Lazarev.<br></div><div><br></div></div></div></div></div><div class="m_-4556536958326046173HOEnZb"><div class="m_-4556536958326046173h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 18, 2017 at 5:13 AM, Matt Johnston <span dir="ltr"><<a href="mailto:matt@ucc.asn.au" target="_blank">matt@ucc.asn.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Hi Konstantin,<div><br></div><div>Would you be able to run Dropbear under inetd and see if that helps? uClinux generally requires that - though it's not obvious to me how it could cause this crash.</div><div>Is there any chance of getting a backtrace where it is crashing? The RSA and DSS crashes are at different spots, so I guess some global state might be getting corrupted.</div><div>When it successfully runs (no HostKeyAlgorithms) I assume it is using ecdsa for the hostkey?</div><div><br></div><div>Cheers,</div><div>Matt</div><div><div class="m_-4556536958326046173m_-7599827126802237065h5"><div><br></div><div><br><div><blockquote type="cite"><div>On Wed 18/1/2017, at 8:53 am, Konstantin Lazarev <<a href="mailto:cnlazarev@gmail.com" target="_blank">cnlazarev@gmail.com</a>> wrote:</div><br class="m_-4556536958326046173m_-7599827126802237065m_2670749987845157614Apple-interchange-newline"><div><div dir="ltr"><div>Hello,<br><br></div><div>I see consistent SEGV when running Dropbear v2016.74 in uClinux 2.6.33 on ARMv7m-cortex-m4 processor<br></div><div>Faults happen only if client specifying HostKeyAlgorithms option.<br></div><div>Please see verbose output from client and dropbear:<br></div><div><br>[<a href="mailto:root@172.17.152.20" target="_blank">root@172.17.152.20</a>: ]# dropbear -V<br>Dropbear v2016.74<br><br></div>------------------------------<wbr>---------- from client ------------------------------<wbr>------------------------------<wbr>---------------<br><div>$ssh -v -o HostKeyAlgorithms=ssh-dss <a href="mailto:root@172.17.152.20" target="_blank">root@172.17.152.20</a><br>OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016<br>debug1: Reading configuration data /etc/ssh/ssh_config<br>debug1: /etc/ssh/ssh_config line 19: Applying options for *<br>debug1: Connecting to 172.17.152.20 [172.17.152.20] port 22.<br>debug1: Connection established.<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_rsa type -1<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_rsa-cert type -1<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_dsa type -1<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_dsa-cert type -1<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_ecdsa type -1<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_ecdsa-cert type -1<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_ed25519 type -1<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_ed25519-cert type -1<br>debug1: Enabling compatibility mode for protocol 2.0<br>debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1<br>debug1: Remote protocol version 2.0, remote software version dropbear_2016.74<br>debug1: no match: dropbear_2016.74<br>debug1: Authenticating to <a href="http://172.17.152.20:22/" target="_blank">172.17.152.20:22</a> as 'root'<br>debug1: SSH2_MSG_KEXINIT sent<br>debug1: SSH2_MSG_KEXINIT received<br>debug1: kex: algorithm: <a href="mailto:curve25519-sha256@libssh.org" target="_blank">curve25519-sha256@libssh.org</a><br>debug1: kex: host key algorithm: ssh-dss<br>debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none<br>debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none<br>debug1: expecting SSH2_MSG_KEX_ECDH_REPLY<br>Connection closed by 172.17.152.20 port 22<br><br>------------------------------<wbr>---------- from dropbear ------------------------------<wbr>------------------------------<wbr>---------------<br>[<a href="mailto:root@172.17.152.20" target="_blank">root@172.17.152.20</a>: ]# dropbear -v -F<br>TRACE (2934) 0.000000: enter buf_get_rsa_priv_key<br>TRACE (2934) 0.000702: enter buf_get_rsa_pub_key<br>TRACE (2934) 0.003142: leave buf_get_rsa_pub_key: success<br>TRACE (2934) 0.006667: leave buf_get_rsa_priv_key<br>TRACE (2934) 0.007364: leave loadhostkey<br>TRACE (2934) 0.008475: enter buf_get_dss_pub_key<br>TRACE (2934) 0.029568: leave buf_get_dss_pub_key: success<br>TRACE (2934) 0.030491: leave loadhostkey<br>TRACE (2934) 0.031491: enter buf_get_ecdsa_priv_key<br>TRACE (2934) 0.032079: enter buf_get_ecc_raw_pubkey<br>TRACE (2934) 0.037565: leave buf_get_ecdsa_pub_key<br>TRACE (2934) 0.038492: leave loadhostkey<br>TRACE (2934) 0.049830: Disabling key type 2<br>TRACE (2934) 0.050450: Disabling key type 3<br>TRACE (2934) 0.110221: listensockets: 1 to try<br>TRACE (2934) 0.111137: listening on ':22'<br>TRACE (2934) 0.111844: enter dropbear_listen<br>TRACE (2934) 0.112368: dropbear_listen: all interfaces<br>TRACE (2934) 0.113916: bind(22) failed<br>TRACE (2934) 0.114629: leave dropbear_listen: success, 1 socks bound<br>TRACE (2934) 0.115578: set_listen_fast_open failed for socket 3: Protocol not available<br>[2934] Jan 01 00:16:07 Not backgrounding<br>[2934] Jan 01 00:16:12 Child connection from <a href="http://172.17.163.3:42180/" target="_blank">172.17.163.3:42180</a><br>TRACE (2934) 5.057261: enter session_init<br>TRACE (2934) 5.058028: setnonblocking: 5<br>TRACE (2934) 5.058726: leave setnonblocking<br>TRACE (2934) 5.059736: setnonblocking: 5<br>TRACE (2934) 5.060404: leave setnonblocking<br>TRACE (2934) 5.060983: update_channel_prio<br>TRACE (2934) 5.061525: update_channel_prio: not any<br>TRACE (2934) 5.062037: Dropbear priority transitioning 10 -> 11<br>TRACE (2934) 5.062814: setnonblocking: 3<br>TRACE (2934) 5.063414: leave setnonblocking<br>TRACE (2934) 5.063894: setnonblocking: 6<br>TRACE (2934) 5.064461: leave setnonblocking<br>TRACE (2934) 5.065835: leave session_init<br>TRACE (2934) 5.066793: kexinitialise()<br>TRACE (2934) 5.067877: DATAALLOWED=0<br>TRACE (2934) 5.068411: -> KEXINIT<br>TRACE (2934) 5.069399: enter set_connect_fds<br>TRACE (2934) 5.070012: maybe_empty_reply_queue - no data allowed<br>TRACE (2934) 5.070558: enter handle_connect_fds<br>TRACE (2934) 5.071036: leave handle_connect_fds - end iter<br>TRACE (2934) 5.071895: empty queue dequeing<br>TRACE (2934) 5.073045: enter set_connect_fds<br>TRACE (2934) 5.073657: enter ident_readln<br>TRACE (2934) 5.077698: leave ident_readln: return 40<br>TRACE (2934) 5.078328: remoteident: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1<br>TRACE (2934) 5.079270: maybe_empty_reply_queue - no data allowed<br>TRACE (2934) 5.079801: enter handle_connect_fds<br>TRACE (2934) 5.080287: leave handle_connect_fds - end iter<br>TRACE (2934) 5.080824: enter set_connect_fds<br>TRACE (2934) 5.081611: process_packet: packet type = 20, len 1048<br>TRACE (2934) 5.082330: got expected packet 20 during kexinit<br>TRACE (2934) 5.082944: <- KEXINIT<br>TRACE (2934) 5.083440: enter recv_msg_kexinit<br>TRACE (2934) 5.084130: buf_match_algo: <a href="mailto:curve25519-sha256@libssh.org" target="_blank">curve25519-sha256@libssh.org</a>,e<wbr>cdh-sha2-nistp256,ecdh-sha2-ni<wbr>stp384,ecdh-sha2-nistp521,diff<wbr>ie-hellman-group-exchange-sha2<wbr>56,diffie-hellman-group-exchan<wbr>ge-sha1,diffie-hellman-group14<wbr>-sha1,ext-info-c<br>TRACE (2934) 5.084896: kexguess2 1<br>TRACE (2934) 5.085457: kex algo <a href="mailto:curve25519-sha256@libssh.org" target="_blank">curve25519-sha256@libssh.org</a><br>TRACE (2934) 5.086025: buf_match_algo: ssh-dss<br>TRACE (2934) 5.086588: hostkey algo ssh-dss<br>TRACE (2934) 5.087174: buf_match_algo: <a href="mailto:chacha20-poly1305@openssh.com" target="_blank">chacha20-poly1305@openssh.com</a>,<wbr>aes128-ctr,aes192-ctr,aes256-c<wbr>tr,<a href="mailto:aes128-gcm@openssh.com" target="_blank">aes128-gcm@openssh.com</a>,<a href="mailto:aes256-gcm@openssh.com" target="_blank">aes2<wbr>56-gcm@openssh.com</a>,aes128-cbc,<wbr>aes192-cbc,aes256-cbc,3des-cbc<br>TRACE (2934) 5.087844: enc c2s is aes128-ctr<br>TRACE (2934) 5.088424: buf_match_algo: <a href="mailto:chacha20-poly1305@openssh.com" target="_blank">chacha20-poly1305@openssh.com</a>,<wbr>aes128-ctr,aes192-ctr,aes256-c<wbr>tr,<a href="mailto:aes128-gcm@openssh.com" target="_blank">aes128-gcm@openssh.com</a>,<a href="mailto:aes256-gcm@openssh.com" target="_blank">aes2<wbr>56-gcm@openssh.com</a>,aes128-cbc,<wbr>aes192-cbc,aes256-cbc,3des-cbc<br>TRACE (2934) 5.089247: enc s2c is aes128-ctr<br>TRACE (2934) 5.089838: buf_match_algo: <a href="mailto:umac-64-etm@openssh.com" target="_blank">umac-64-etm@openssh.com</a>,<a href="mailto:umac-128-etm@openssh.com" target="_blank">umac-1<wbr>28-etm@openssh.com</a>,<a href="mailto:hmac-sha2-256-etm@openssh.com" target="_blank">hmac-sha2-2<wbr>56-etm@openssh.com</a>,<a href="mailto:hmac-sha2-512-etm@openssh.com" target="_blank">hmac-sha2-5<wbr>12-etm@openssh.com</a>,<a href="mailto:hmac-sha1-etm@openssh.com" target="_blank">hmac-sha1-e<wbr>tm@openssh.com</a>,<a href="mailto:umac-64@openssh.com" target="_blank">umac-64@openssh<wbr>.com</a>,<a href="mailto:umac-128@openssh.com" target="_blank">umac-128@openssh.com</a>,hmac<wbr>-sha2-256,hmac-sha2-512,hmac-<wbr>sha1<br>TRACE (2934) 5.090572: hash c2s is hmac-sha2-256<br>TRACE (2934) 5.091158: buf_match_algo: <a href="mailto:umac-64-etm@openssh.com" target="_blank">umac-64-etm@openssh.com</a>,<a href="mailto:umac-128-etm@openssh.com" target="_blank">umac-1<wbr>28-etm@openssh.com</a>,<a href="mailto:hmac-sha2-256-etm@openssh.com" target="_blank">hmac-sha2-2<wbr>56-etm@openssh.com</a>,<a href="mailto:hmac-sha2-512-etm@openssh.com" target="_blank">hmac-sha2-5<wbr>12-etm@openssh.com</a>,<a href="mailto:hmac-sha1-etm@openssh.com" target="_blank">hmac-sha1-e<wbr>tm@openssh.com</a>,<a href="mailto:umac-64@openssh.com" target="_blank">umac-64@openssh<wbr>.com</a>,<a href="mailto:umac-128@openssh.com" target="_blank">umac-128@openssh.com</a>,hmac<wbr>-sha2-256,hmac-sha2-512,hmac-<wbr>sha1<br>TRACE (2934) 5.091877: hash s2c is hmac-sha2-256<br>TRACE (2934) 5.092456: buf_match_algo: none,<a href="mailto:zlib@openssh.com" target="_blank">zlib@openssh.com</a>,zlib<br>TRACE (2934) 5.093025: hash c2s is none<br>TRACE (2934) 5.093598: buf_match_algo: none,<a href="mailto:zlib@openssh.com" target="_blank">zlib@openssh.com</a>,zlib<br>TRACE (2934) 5.094179: hash s2c is none<br>TRACE (2934) 5.094836: leave recv_msg_kexinit<br>TRACE (2934) 5.095394: maybe_empty_reply_queue - no data allowed<br>TRACE (2934) 5.095885: enter handle_connect_fds<br>TRACE (2934) 5.096379: leave handle_connect_fds - end iter<br>TRACE (2934) 5.096902: enter set_connect_fds<br>TRACE (2934) 5.097611: process_packet: packet type = 30, len 42<br>TRACE (2934) 5.098344: got expected packet 30 during kexinit<br>TRACE (2934) 5.099060: enter recv_msg_kexdh_init<br>TRACE (2934) 5.099589: enter send_msg_kexdh_reply<br>TRACE (2934) 5.234566: enter buf_put_dss_sign<br>TRACE (2934) 5.336603: leave buf_put_dss_sign<br>TRACE (2934) 5.337367: leave send_msg_kexdh_reply<br>TRACE (2934) 5.337903: enter send_msg_newkeys<br>TRACE (2934) 5.338527: enter gen_new_keys<br>Aiee, segfault! You should probably report this as a bug to the developer<br>[<a href="mailto:root@172.17.152.20" target="_blank">root@172.17.152.20</a>: ]# <br><br><br>------------------------------<wbr>---------- from client ------------------------------<wbr>------------------------------<wbr>---------------<br>$ ssh -v -o HostKeyAlgorithms=ssh-rsa <a href="mailto:root@172.17.152.20" target="_blank">root@172.17.152.20</a><br>OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016<br>debug1: Reading configuration data /etc/ssh/ssh_config<br>debug1: /etc/ssh/ssh_config line 19: Applying options for *<br>debug1: Connecting to 172.17.152.20 [172.17.152.20] port 22.<br>debug1: Connection established.<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_rsa type -1<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_rsa-cert type -1<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_dsa type -1<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_dsa-cert type -1<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_ecdsa type -1<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_ecdsa-cert type -1<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_ed25519 type -1<br>debug1: key_load_public: No such file or directory<br>debug1: identity file /home//.ssh/id_ed25519-cert type -1<br>debug1: Enabling compatibility mode for protocol 2.0<br>debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1<br>debug1: Remote protocol version 2.0, remote software version dropbear_2016.74<br>debug1: no match: dropbear_2016.74<br>debug1: Authenticating to <a href="http://172.17.152.20:22/" target="_blank">172.17.152.20:22</a> as 'root'<br>debug1: SSH2_MSG_KEXINIT sent<br>debug1: SSH2_MSG_KEXINIT received<br>debug1: kex: algorithm: <a href="mailto:curve25519-sha256@libssh.org" target="_blank">curve25519-sha256@libssh.org</a><br>debug1: kex: host key algorithm: ssh-rsa<br>debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none<br>debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none<br>debug1: expecting SSH2_MSG_KEX_ECDH_REPLY<br>Connection closed by 172.17.152.20 port 22<br><br>------------------------------<wbr>---------- from dropbear
------------------------------<wbr>------------------------------<wbr>---------------<br>[<a href="mailto:root@172.17.152.20" target="_blank">root@172.17.152.20</a>: ]# dropbear -v -F<br>TRACE (3066) 0.000000: enter buf_get_rsa_priv_key<br>TRACE (3066) 0.000692: enter buf_get_rsa_pub_key<br>TRACE (3066) 0.003467: leave buf_get_rsa_pub_key: success<br>TRACE (3066) 0.007054: leave buf_get_rsa_priv_key<br>TRACE (3066) 0.007749: leave loadhostkey<br>TRACE (3066) 0.008958: enter buf_get_dss_pub_key<br>TRACE (3066) 0.011581: leave buf_get_dss_pub_key: success<br>TRACE (3066) 0.012362: leave loadhostkey<br>TRACE (3066) 0.013428: enter buf_get_ecdsa_priv_key<br>TRACE (3066) 0.014002: enter buf_get_ecc_raw_pubkey<br>TRACE (3066) 0.019249: leave buf_get_ecdsa_pub_key<br>TRACE (3066) 0.020103: leave loadhostkey<br>TRACE (3066) 0.020569: Disabling key type 2<br>TRACE (3066) 0.021071: Disabling key type 3<br>TRACE (3066) 0.059965: listensockets: 1 to try<br>TRACE (3066) 0.061012: listening on ':22'<br>TRACE (3066) 0.061761: enter dropbear_listen<br>TRACE (3066) 0.062337: dropbear_listen: all interfaces<br>TRACE (3066) 0.064058: bind(22) failed<br>TRACE (3066) 0.064837: leave dropbear_listen: success, 1 socks bound<br>TRACE (3066) 0.065962: set_listen_fast_open failed for socket 3: Protocol not available<br>[3066] Jan 01 00:18:21 Not backgrounding<br>[3066] Jan 01 00:18:23 Child connection from <a href="http://172.17.163.3:42554/" target="_blank">172.17.163.3:42554</a><br>TRACE (3066) 2.443367: enter session_init<br>TRACE (3066) 2.444121: setnonblocking: 5<br>TRACE (3066) 2.444770: leave setnonblocking<br>TRACE (3066) 2.445351: setnonblocking: 5<br>TRACE (3066) 2.445970: leave setnonblocking<br>TRACE (3066) 2.446569: update_channel_prio<br>TRACE (3066) 2.447120: update_channel_prio: not any<br>TRACE (3066) 2.447636: Dropbear priority transitioning 10 -> 11<br>TRACE (3066) 2.448406: setnonblocking: 3<br>TRACE (3066) 2.449024: leave setnonblocking<br>TRACE (3066) 2.449518: setnonblocking: 6<br>TRACE (3066) 2.450104: leave setnonblocking<br>TRACE (3066) 2.451526: leave session_init<br>TRACE (3066) 2.452468: kexinitialise()<br>TRACE (3066) 2.453758: DATAALLOWED=0<br>TRACE (3066) 2.454296: -> KEXINIT<br>TRACE (3066) 2.454825: enter set_connect_fds<br>TRACE (3066) 2.455418: maybe_empty_reply_queue - no data allowed<br>TRACE (3066) 2.455931: enter handle_connect_fds<br>TRACE (3066) 2.456436: leave handle_connect_fds - end iter<br>TRACE (3066) 2.457321: empty queue dequeing<br>TRACE (3066) 2.458488: enter set_connect_fds<br>TRACE (3066) 2.459096: enter ident_readln<br>TRACE (3066) 2.463414: leave ident_readln: return 40<br>TRACE (3066) 2.464057: remoteident: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1<br>TRACE (3066) 2.464651: maybe_empty_reply_queue - no data allowed<br>TRACE (3066) 2.465149: enter handle_connect_fds<br>TRACE (3066) 2.465624: leave handle_connect_fds - end iter<br>TRACE (3066) 2.466161: enter set_connect_fds<br>TRACE (3066) 2.466961: process_packet: packet type = 20, len 1048<br>TRACE (3066) 2.467688: got expected packet 20 during kexinit<br>TRACE (3066) 2.468301: <- KEXINIT<br>TRACE (3066) 2.468759: enter recv_msg_kexinit<br>TRACE (3066) 2.469425: buf_match_algo: <a href="mailto:curve25519-sha256@libssh.org" target="_blank">curve25519-sha256@libssh.org</a>,e<wbr>cdh-sha2-nistp256,ecdh-sha2-ni<wbr>stp384,ecdh-sha2-nistp521,diff<wbr>ie-hellman-group-exchange-sha2<wbr>56,diffie-hellman-group-exchan<wbr>ge-sha1,diffie-hellman-group14<wbr>-sha1,ext-info-c<br>TRACE (3066) 2.470150: kexguess2 1<br>TRACE (3066) 2.470744: kex algo <a href="mailto:curve25519-sha256@libssh.org" target="_blank">curve25519-sha256@libssh.org</a><br>TRACE (3066) 2.471337: buf_match_algo: ssh-rsa<br>TRACE (3066) 2.471917: hostkey algo ssh-rsa<br>TRACE (3066) 2.472489: buf_match_algo: <a href="mailto:chacha20-poly1305@openssh.com" target="_blank">chacha20-poly1305@openssh.com</a>,<wbr>aes128-ctr,aes192-ctr,aes256-c<wbr>tr,<a href="mailto:aes128-gcm@openssh.com" target="_blank">aes128-gcm@openssh.com</a>,<a href="mailto:aes256-gcm@openssh.com" target="_blank">aes2<wbr>56-gcm@openssh.com</a>,aes128-cbc,<wbr>aes192-cbc,aes256-cbc,3des-cbc<br>TRACE (3066) 2.473777: enc c2s is aes128-ctr<br>TRACE (3066) 2.474389: buf_match_algo: <a href="mailto:chacha20-poly1305@openssh.com" target="_blank">chacha20-poly1305@openssh.com</a>,<wbr>aes128-ctr,aes192-ctr,aes256-c<wbr>tr,<a href="mailto:aes128-gcm@openssh.com" target="_blank">aes128-gcm@openssh.com</a>,<a href="mailto:aes256-gcm@openssh.com" target="_blank">aes2<wbr>56-gcm@openssh.com</a>,aes128-cbc,<wbr>aes192-cbc,aes256-cbc,3des-cbc<br>TRACE (3066) 2.475073: enc s2c is aes128-ctr<br>TRACE (3066) 2.475668: buf_match_algo: <a href="mailto:umac-64-etm@openssh.com" target="_blank">umac-64-etm@openssh.com</a>,<a href="mailto:umac-128-etm@openssh.com" target="_blank">umac-1<wbr>28-etm@openssh.com</a>,<a href="mailto:hmac-sha2-256-etm@openssh.com" target="_blank">hmac-sha2-2<wbr>56-etm@openssh.com</a>,<a href="mailto:hmac-sha2-512-etm@openssh.com" target="_blank">hmac-sha2-5<wbr>12-etm@openssh.com</a>,<a href="mailto:hmac-sha1-etm@openssh.com" target="_blank">hmac-sha1-e<wbr>tm@openssh.com</a>,<a href="mailto:umac-64@openssh.com" target="_blank">umac-64@openssh<wbr>.com</a>,<a href="mailto:umac-128@openssh.com" target="_blank">umac-128@openssh.com</a>,hmac<wbr>-sha2-256,hmac-sha2-512,hmac-<wbr>sha1<br>TRACE (3066) 2.476384: hash c2s is hmac-sha2-256<br>TRACE (3066) 2.476967: buf_match_algo: <a href="mailto:umac-64-etm@openssh.com" target="_blank">umac-64-etm@openssh.com</a>,<a href="mailto:umac-128-etm@openssh.com" target="_blank">umac-1<wbr>28-etm@openssh.com</a>,<a href="mailto:hmac-sha2-256-etm@openssh.com" target="_blank">hmac-sha2-2<wbr>56-etm@openssh.com</a>,<a href="mailto:hmac-sha2-512-etm@openssh.com" target="_blank">hmac-sha2-5<wbr>12-etm@openssh.com</a>,<a href="mailto:hmac-sha1-etm@openssh.com" target="_blank">hmac-sha1-e<wbr>tm@openssh.com</a>,<a href="mailto:umac-64@openssh.com" target="_blank">umac-64@openssh<wbr>.com</a>,<a href="mailto:umac-128@openssh.com" target="_blank">umac-128@openssh.com</a>,hmac<wbr>-sha2-256,hmac-sha2-512,hmac-<wbr>sha1<br>TRACE (3066) 2.477690: hash s2c is hmac-sha2-256<br>TRACE (3066) 2.478301: buf_match_algo: none,<a href="mailto:zlib@openssh.com" target="_blank">zlib@openssh.com</a>,zlib<br>TRACE (3066) 2.478884: hash c2s is none<br>TRACE (3066) 2.479439: buf_match_algo: none,<a href="mailto:zlib@openssh.com" target="_blank">zlib@openssh.com</a>,zlib<br>TRACE (3066) 2.480033: hash s2c is none<br>TRACE (3066) 2.480702: leave recv_msg_kexinit<br>TRACE (3066) 2.481229: maybe_empty_reply_queue - no data allowed<br>TRACE (3066) 2.481743: enter handle_connect_fds<br>TRACE (3066) 2.482215: leave handle_connect_fds - end iter<br>TRACE (3066) 2.482777: enter set_connect_fds<br>TRACE (3066) 2.483639: process_packet: packet type = 30, len 42<br>TRACE (3066) 2.484336: got expected packet 30 during kexinit<br>TRACE (3066) 2.484948: enter recv_msg_kexdh_init<br>TRACE (3066) 2.485459: enter send_msg_kexdh_reply<br>TRACE (3066) 2.486015: enter buf_put_rsa_pub_key<br>TRACE (3066) 2.492135: leave buf_put_rsa_pub_key<br>TRACE (3066) 2.596695: enter buf_put_rsa_pub_key<br>TRACE (3066) 2.602879: leave buf_put_rsa_pub_key<br>TRACE (3066) 2.606368: enter buf_put_rsa_sign<br>Aiee, segfault! You should probably report this as a bug to the developer<br><br><br></div><div>Please advise how to fix the problem in Dropbear.<br><br></div><div>Please let me know if additional information is needed.<br><br></div><div>Thank you,<br></div><div>Konstantin Lazarev.<br></div></div>
</div></blockquote></div><br></div></div></div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div></div></div></div></div></div>
</div></blockquote></div><br></div></div></div></div></blockquote></div><br></div>