<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div dir="ltr" ><div>I was observing occasional connection disconnect during session setup with dropber version 2016.74.</div>
<div><br>I compiled dropbear (version 2016.74) with DEBUG_TRACE flag on (in debug.h) to help me debug these session setup errors.</div>
<div> </div>
<div>However when I run dropbear with the -v switch, client fails to connect, _everytime_.</div>
<div> </div>
<div>The client (9.41.166.131) is OpenSSH_5.8p2 running on RHEL 6.4. <br>The server (9.3.21.44) is dropbear_2016.74</div>
<div> </div>
<div>1) Is this a known issue in dropbear_2016.74 ?</div>
<div>2) Also please suggest how I can debug ssh session setup failures with dropbear server ?</div>
<div><br>----------------------------------------------------------------------------------------------------------------------------<br>The output of ssh -vvv root@9.3.21.44 is as follows:</div>
<div>-bash-4.1$ ssh -vvv root@9.3.21.44</div>
<div>OpenSSH_5.8p2, OpenSSL 1.0.0g 18 Jan 2012<br>debug1: Reading configuration data /etc/ssh/ssh_config<br>debug1: Applying options for *<br>debug2: ssh_connect: needpriv 0<br>debug1: Connecting to 9.3.21.44 [9.3.21.44] port 22.<br>debug1: Connection established.<br>debug1: identity file /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa type -1<br>debug1: identity file /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa-cert type -1<br>debug1: identity file /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa type -1<br>debug1: identity file /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa-cert type -1<br>debug1: identity file /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa type -1<br>debug1: identity file /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa-cert type -1<br>debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed loading /var/lib/dropbear/dropbear_rsa_host_key</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.000000: leave loadhostkey</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.001107: enter buf_get_rsa_priv_key</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.001398: enter buf_get_rsa_pub_key</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.002371: leave buf_get_rsa_pub_key: success</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.003364: leave buf_get_rsa_priv_key</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.003685: leave loadhostkey</div>
<div>debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed loading /etc/dropbear/dropbear_dss_host_key</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.009414: leave loadhostkey</div>
<div>debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed loading /etc/dropbear/dropbear_ecdsa_host_key</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.014786: leave loadhostkey</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.014964: Disabling key type 1</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.015427: Disabling key type 2</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.016107: Disabling key type 3</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.016541: Disabling key type 4</div>
<div>debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Child connection from ::ffff:9.41.166.131:49818</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.030210: enter session_init</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.030381: setnonblocking: 0</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.031095: leave setnonblocking</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.031521: setnonblocking: 0</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.031948: leave setnonblocking</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.032572: update_channel_prio</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.033036: update_channel_prio: not any</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.033453: Dropbear priority transitioning 10 -> 11</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.034171: setnonblocking: 4</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.034642: leave setnonblocking</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.035068: setnonblocking: 5</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.035746: leave setnonblocking</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.036801: leave session_init</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.037927: kexinitialise()</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.038795: DATAALLOWED=0</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.039085: -> KEXINIT</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.039748: enter set_connect_fds</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.040495: maybe_empty_reply_queue - no data allowed</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.040959: enter handle_connect_fds</div>
<div>debug1: ssh_exchange_identification: TRACE (1522) 0.041604: leave handle_connect_fds - end iter</div>
<div>debug1: Remote protocol version 2.0, remote software version dropbear_2016.74<br>debug1: no match: dropbear_2016.74<br>debug1: Enabling compatibility mode for protocol 2.0<br>debug1: Local version string SSH-2.0-OpenSSH_5.8<br>debug2: fd 3 setting O_NONBLOCK<br>debug3: load_hostkeys: loading entries for host "9.3.21.44" from file "/afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/known_hosts"<br>debug3: load_hostkeys: found key type RSA in file /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/known_hosts:6<br>debug3: load_hostkeys: loaded 1 keys<br>debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa<br>debug1: SSH2_MSG_KEXINIT sent<br>debug1: SSH2_MSG_KEXINIT received<br>debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1<br>debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss<br>debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se<br>debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se<br>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96<br>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96<br>debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib<br>debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib<br>debug2: kex_parse_kexinit:<br>debug2: kex_parse_kexinit:<br>debug2: kex_parse_kexinit: first_kex_follows 0<br>debug2: kex_parse_kexinit: reserved 0<br>debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kexguess2@matt.ucc.asn.au<br>debug2: kex_parse_kexinit: ssh-rsa<br>debug2: kex_parse_kexinit: aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc<br>debug2: kex_parse_kexinit: aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc<br>debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5<br>debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5<br>debug2: kex_parse_kexinit: zlib@openssh.com,none<br>debug2: kex_parse_kexinit: zlib@openssh.com,none<br>debug2: kex_parse_kexinit:<br>debug2: kex_parse_kexinit:<br>debug2: kex_parse_kexinit: first_kex_follows 0<br>debug2: kex_parse_kexinit: reserved 0<br>debug2: mac_setup: found hmac-md5<br>debug1: kex: server->client aes128-ctr hmac-md5 none<br>debug2: mac_setup: found hmac-md5<br>debug1: kex: client->server aes128-ctr hmac-md5 none<br>debug1: sending SSH2_MSG_KEX_ECDH_INIT<br>debug1: expecting SSH2_MSG_KEX_ECDH_REPLY<br>Bad packet length 1414676803.<br>Disconnecting: Packet corrupt<br>----------------------------------------------------------------------------------------------------------------------------</div>
<div>tcpdump of the session setup sequence is attached.</div>
<div><br>thanks in advance,</div>
<div>Hariharasubramanian R.<br>Power Firmware Development<br>IBM India Systems & Technology Lab, Bangalore, India<br>Phone: +91 80 4025 5075 </div></div></div><BR>