<html><body><p><tt><font size="2"><br>Thanks Matt.<br></font></tt><br><tt><font size="2">You are right that dropbear is being run from inetd through a systemd service file. </font></tt><br><tt><font size="2">However, the logs are configured to go into syslog (i.e. _no_ -E switch). </font></tt><br><tt><font size="2"><br>-------------<br>The configuration in dropbear@.service is as follows:</font></tt><br><tt><font size="2">[Unit]<br>Description=SSH Per-Connection Server<br>Wants=dropbearkey.service<br>After=syslog.target dropbearkey.service</font></tt><br><tt><font size="2">[Service]<br>Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear"<br>EnvironmentFile=-/etc/default/dropbear</font></tt><br><tt><font size="2"><br>ExecStart=-@SBINDIR@/dropbear -i -I 5 -v -r ${DROPBEAR_RSAKEY_DIR}/<br>dropbear_rsa_host_key</font></tt><br><tt><font size="2"><br>ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID<br>StandardInput=socket<br>KillMode=process</font></tt><br><tt><font size="2"><br>-------------</font></tt><br><br><tt><font size="2">> <br>> From: Matt Johnston <matt@ucc.asn.au></font></tt><br><tt><font size="2">> To: Hariharasubramanian Ramasubramanian <hramasub@in.ibm.com></font></tt><br><tt><font size="2">> Cc: dropbear@ucc.asn.au</font></tt><br><tt><font size="2">> Date: 10/11/2017 04:18 PM</font></tt><br><tt><font size="2">> Subject: Re: ssh disconnects due to corrupt packet (dropbear <br>> compiled with DEBUG_TRACE)</font></tt><br><tt><font size="2">> <br>> Hi,<br>> <br>> It looks like you're running in from inetd and the TRACE output is <br>> ending up getting sent over the network socket. The length 1414676803 is <br>> 'TRAC' converted to ascii.<br>> I guess dropbear is running with "-E", or what is the configuration? <br>> That won't work, you'll need to log to syslog instead (the default) when <br>> using inetd.<br>> I can't think of any known issues in 2016.74 causing messages like that <br>> - if you keep seeing it could you send me the logs/pcap off-list, <br>> without -v.<br>> <br>> Cheers,<br>> Matt<br>> <br>> On 2017-10-11 11:25 am, Hariharasubramanian Ramasubramanian wrote:<br>> <br>> > I was observing occasional connection disconnect during session setup <br>> > with dropber version 2016.74.<br>> > <br>> > I compiled dropbear (version 2016.74) with DEBUG_TRACE flag on (in <br>> > debug.h) to help me debug these session setup errors.<br>> > <br>> > However when I run dropbear with the -v switch, client fails to <br>> > connect, _everytime_.<br>> > <br>> > The client (9.41.166.131) is OpenSSH_5.8p2 running on RHEL 6.4.<br>> > The server (9.3.21.44) is dropbear_2016.74<br>> > <br>> > 1) Is this a known issue in dropbear_2016.74 ?<br>> > 2) Also please suggest how I can debug ssh session setup failures with <br>> > dropbear server ?<br>> > <br>> > <br>> ----------------------------------------------------------------------------------------------------------------------------<br>> > The output of ssh -vvv root@9.3.21.44 is as follows:<br>> > -bash-4.1$ ssh -vvv root@9.3.21.44<br>> > OpenSSH_5.8p2, OpenSSL 1.0.0g 18 Jan 2012<br>> > debug1: Reading configuration data /etc/ssh/ssh_config<br>> > debug1: Applying options for *<br>> > debug2: ssh_connect: needpriv 0<br>> > debug1: Connecting to 9.3.21.44 [9.3.21.44] port 22.<br>> > debug1: Connection established.<br>> > debug1: identity file <br>> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa type -1<br>> > debug1: identity file <br>> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa-cert type -1<br>> > debug1: identity file <br>> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa type -1<br>> > debug1: identity file <br>> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa-cert type -1<br>> > debug1: identity file <br>> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa type -1<br>> > debug1: identity file <br>> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa-cert type -1<br>> > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed <br>> > loading /var/lib/dropbear/dropbear_rsa_host_key<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.000000: leave <br>> > loadhostkey<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.001107: enter <br>> > buf_get_rsa_priv_key<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.001398: enter <br>> > buf_get_rsa_pub_key<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.002371: leave <br>> > buf_get_rsa_pub_key: success<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.003364: leave <br>> > buf_get_rsa_priv_key<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.003685: leave <br>> > loadhostkey<br>> > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed <br>> > loading /etc/dropbear/dropbear_dss_host_key<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.009414: leave <br>> > loadhostkey<br>> > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed <br>> > loading /etc/dropbear/dropbear_ecdsa_host_key<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.014786: leave <br>> > loadhostkey<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.014964: Disabling <br>> > key type 1<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.015427: Disabling <br>> > key type 2<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.016107: Disabling <br>> > key type 3<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.016541: Disabling <br>> > key type 4<br>> > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Child <br>> > connection from ::ffff:9.41.166.131:49818<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.030210: enter <br>> > session_init<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.030381: <br>> > setnonblocking: 0<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.031095: leave <br>> > setnonblocking<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.031521: <br>> > setnonblocking: 0<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.031948: leave <br>> > setnonblocking<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.032572: <br>> > update_channel_prio<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.033036: <br>> > update_channel_prio: not any<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.033453: Dropbear <br>> > priority transitioning 10 -> 11<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.034171: <br>> > setnonblocking: 4<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.034642: leave <br>> > setnonblocking<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.035068: <br>> > setnonblocking: 5<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.035746: leave <br>> > setnonblocking<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.036801: leave <br>> > session_init<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.037927: <br>> > kexinitialise()<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.038795: <br>> > DATAALLOWED=0<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.039085: -> KEXINIT<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.039748: enter <br>> > set_connect_fds<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.040495: <br>> > maybe_empty_reply_queue - no data allowed<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.040959: enter <br>> > handle_connect_fds<br>> > debug1: ssh_exchange_identification: TRACE (1522) 0.041604: leave <br>> > handle_connect_fds - end iter<br>> > debug1: Remote protocol version 2.0, remote software version <br>> > dropbear_2016.74<br>> > debug1: no match: dropbear_2016.74<br>> > debug1: Enabling compatibility mode for protocol 2.0<br>> > debug1: Local version string SSH-2.0-OpenSSH_5.8<br>> > debug2: fd 3 setting O_NONBLOCK<br>> > debug3: load_hostkeys: loading entries for host "9.3.21.44" from file <br>> > "/afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/known_hosts"<br>> > debug3: load_hostkeys: found key type RSA in file <br>> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/known_hosts:6<br>> > debug3: load_hostkeys: loaded 1 keys<br>> > debug3: order_hostkeyalgs: prefer hostkeyalgs: <br>> > ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa<br>> > debug1: SSH2_MSG_KEXINIT sent<br>> > debug1: SSH2_MSG_KEXINIT received<br>> > debug2: kex_parse_kexinit: <br>> > ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-<br>> hellman-group-exchange-sha256,diffie-hellman-group-exchange-<br>> sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1<br>> > debug2: kex_parse_kexinit: <br>> > ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-<br>> rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-<br>> cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-<br>> dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-<br>> nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss<br>> > debug2: kex_parse_kexinit: <br>> > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,<br>> 3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-<br>> cbc,arcfour,rijndael-cbc@lysator.liu.se<br>> > debug2: kex_parse_kexinit: <br>> > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,<br>> 3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-<br>> cbc,arcfour,rijndael-cbc@lysator.liu.se<br>> > debug2: kex_parse_kexinit: <br>> > hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-<br>> ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96<br>> > debug2: kex_parse_kexinit: <br>> > hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-<br>> ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96<br>> > debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib<br>> > debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib<br>> > debug2: kex_parse_kexinit:<br>> > debug2: kex_parse_kexinit:<br>> > debug2: kex_parse_kexinit: first_kex_follows 0<br>> > debug2: kex_parse_kexinit: reserved 0<br>> > debug2: kex_parse_kexinit: <br>> > curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-<br>> nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-<br>> hellman-group1-sha1,kexguess2@matt.ucc.asn.au<br>> > debug2: kex_parse_kexinit: ssh-rsa<br>> > debug2: kex_parse_kexinit: <br>> > aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-<br>> cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc<br>> > debug2: kex_parse_kexinit: <br>> > aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-<br>> cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc<br>> > debug2: kex_parse_kexinit: <br>> > hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5<br>> > debug2: kex_parse_kexinit: <br>> > hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5<br>> > debug2: kex_parse_kexinit: zlib@openssh.com,none<br>> > debug2: kex_parse_kexinit: zlib@openssh.com,none<br>> > debug2: kex_parse_kexinit:<br>> > debug2: kex_parse_kexinit:<br>> > debug2: kex_parse_kexinit: first_kex_follows 0<br>> > debug2: kex_parse_kexinit: reserved 0<br>> > debug2: mac_setup: found hmac-md5<br>> > debug1: kex: server->client aes128-ctr hmac-md5 none<br>> > debug2: mac_setup: found hmac-md5<br>> > debug1: kex: client->server aes128-ctr hmac-md5 none<br>> > debug1: sending SSH2_MSG_KEX_ECDH_INIT<br>> > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY<br>> > Bad packet length 1414676803.<br>> > Disconnecting: Packet corrupt<br>> > <br>> ----------------------------------------------------------------------------------------------------------------------------<br>> > tcpdump of the session setup sequence is attached.<br>> > <br>> > thanks in advance,<br>> > Hariharasubramanian R.<br>> > Power Firmware Development<br>> > IBM India Systems & Technology Lab, Bangalore, India<br>> > Phone: +91 80 4025 5075<br>> <br></font></tt><BR>
</body></html>