Thanks Matt.
You are right that dropbear is being run from inetd through a systemd service file. However, the logs are configured to go into syslog (i.e. _no_ -E switch). ------------- The configuration in dropbear@.service is as follows: [Unit] Description=SSH Per-Connection Server Wants=dropbearkey.service After=syslog.target dropbearkey.service [Service] Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear" EnvironmentFile=-/etc/default/dropbear ExecStart=-@SBINDIR@/dropbear -i -I 5 -v -r ${DROPBEAR_RSAKEY_DIR}/ dropbear_rsa_host_key ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID StandardInput=socket KillMode=process ------------- > > From: Matt Johnston <m...@ucc.asn.au> > To: Hariharasubramanian Ramasubramanian <hrama...@in.ibm.com> > Cc: dropbear@ucc.asn.au > Date: 10/11/2017 04:18 PM > Subject: Re: ssh disconnects due to corrupt packet (dropbear > compiled with DEBUG_TRACE) > > Hi, > > It looks like you're running in from inetd and the TRACE output is > ending up getting sent over the network socket. The length 1414676803 is > 'TRAC' converted to ascii. > I guess dropbear is running with "-E", or what is the configuration? > That won't work, you'll need to log to syslog instead (the default) when > using inetd. > I can't think of any known issues in 2016.74 causing messages like that > - if you keep seeing it could you send me the logs/pcap off-list, > without -v. > > Cheers, > Matt > > On 2017-10-11 11:25 am, Hariharasubramanian Ramasubramanian wrote: > > > I was observing occasional connection disconnect during session setup > > with dropber version 2016.74. > > > > I compiled dropbear (version 2016.74) with DEBUG_TRACE flag on (in > > debug.h) to help me debug these session setup errors. > > > > However when I run dropbear with the -v switch, client fails to > > connect, _everytime_. > > > > The client (9.41.166.131) is OpenSSH_5.8p2 running on RHEL 6.4. > > The server (9.3.21.44) is dropbear_2016.74 > > > > 1) Is this a known issue in dropbear_2016.74 ? > > 2) Also please suggest how I can debug ssh session setup failures with > > dropbear server ? > > > > > ---------------------------------------------------------------------------------------------------------------------------- > > The output of ssh -vvv root@9.3.21.44 is as follows: > > -bash-4.1$ ssh -vvv root@9.3.21.44 > > OpenSSH_5.8p2, OpenSSL 1.0.0g 18 Jan 2012 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug1: Applying options for * > > debug2: ssh_connect: needpriv 0 > > debug1: Connecting to 9.3.21.44 [9.3.21.44] port 22. > > debug1: Connection established. > > debug1: identity file > > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa type -1 > > debug1: identity file > > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa-cert type -1 > > debug1: identity file > > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa type -1 > > debug1: identity file > > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa-cert type -1 > > debug1: identity file > > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa type -1 > > debug1: identity file > > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa-cert type -1 > > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed > > loading /var/lib/dropbear/dropbear_rsa_host_key > > debug1: ssh_exchange_identification: TRACE (1522) 0.000000: leave > > loadhostkey > > debug1: ssh_exchange_identification: TRACE (1522) 0.001107: enter > > buf_get_rsa_priv_key > > debug1: ssh_exchange_identification: TRACE (1522) 0.001398: enter > > buf_get_rsa_pub_key > > debug1: ssh_exchange_identification: TRACE (1522) 0.002371: leave > > buf_get_rsa_pub_key: success > > debug1: ssh_exchange_identification: TRACE (1522) 0.003364: leave > > buf_get_rsa_priv_key > > debug1: ssh_exchange_identification: TRACE (1522) 0.003685: leave > > loadhostkey > > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed > > loading /etc/dropbear/dropbear_dss_host_key > > debug1: ssh_exchange_identification: TRACE (1522) 0.009414: leave > > loadhostkey > > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed > > loading /etc/dropbear/dropbear_ecdsa_host_key > > debug1: ssh_exchange_identification: TRACE (1522) 0.014786: leave > > loadhostkey > > debug1: ssh_exchange_identification: TRACE (1522) 0.014964: Disabling > > key type 1 > > debug1: ssh_exchange_identification: TRACE (1522) 0.015427: Disabling > > key type 2 > > debug1: ssh_exchange_identification: TRACE (1522) 0.016107: Disabling > > key type 3 > > debug1: ssh_exchange_identification: TRACE (1522) 0.016541: Disabling > > key type 4 > > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Child > > connection from ::ffff:9.41.166.131:49818 > > debug1: ssh_exchange_identification: TRACE (1522) 0.030210: enter > > session_init > > debug1: ssh_exchange_identification: TRACE (1522) 0.030381: > > setnonblocking: 0 > > debug1: ssh_exchange_identification: TRACE (1522) 0.031095: leave > > setnonblocking > > debug1: ssh_exchange_identification: TRACE (1522) 0.031521: > > setnonblocking: 0 > > debug1: ssh_exchange_identification: TRACE (1522) 0.031948: leave > > setnonblocking > > debug1: ssh_exchange_identification: TRACE (1522) 0.032572: > > update_channel_prio > > debug1: ssh_exchange_identification: TRACE (1522) 0.033036: > > update_channel_prio: not any > > debug1: ssh_exchange_identification: TRACE (1522) 0.033453: Dropbear > > priority transitioning 10 -> 11 > > debug1: ssh_exchange_identification: TRACE (1522) 0.034171: > > setnonblocking: 4 > > debug1: ssh_exchange_identification: TRACE (1522) 0.034642: leave > > setnonblocking > > debug1: ssh_exchange_identification: TRACE (1522) 0.035068: > > setnonblocking: 5 > > debug1: ssh_exchange_identification: TRACE (1522) 0.035746: leave > > setnonblocking > > debug1: ssh_exchange_identification: TRACE (1522) 0.036801: leave > > session_init > > debug1: ssh_exchange_identification: TRACE (1522) 0.037927: > > kexinitialise() > > debug1: ssh_exchange_identification: TRACE (1522) 0.038795: > > DATAALLOWED=0 > > debug1: ssh_exchange_identification: TRACE (1522) 0.039085: -> KEXINIT > > debug1: ssh_exchange_identification: TRACE (1522) 0.039748: enter > > set_connect_fds > > debug1: ssh_exchange_identification: TRACE (1522) 0.040495: > > maybe_empty_reply_queue - no data allowed > > debug1: ssh_exchange_identification: TRACE (1522) 0.040959: enter > > handle_connect_fds > > debug1: ssh_exchange_identification: TRACE (1522) 0.041604: leave > > handle_connect_fds - end iter > > debug1: Remote protocol version 2.0, remote software version > > dropbear_2016.74 > > debug1: no match: dropbear_2016.74 > > debug1: Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_5.8 > > debug2: fd 3 setting O_NONBLOCK > > debug3: load_hostkeys: loading entries for host "9.3.21.44" from file > > "/afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/known_hosts" > > debug3: load_hostkeys: found key type RSA in file > > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/known_hosts:6 > > debug3: load_hostkeys: loaded 1 keys > > debug3: order_hostkeyalgs: prefer hostkeyalgs: > > ssh-rsa-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-rsa > > debug1: SSH2_MSG_KEXINIT sent > > debug1: SSH2_MSG_KEXINIT received > > debug2: kex_parse_kexinit: > > ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie- > hellman-group-exchange-sha256,diffie-hellman-group-exchange- > sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > > debug2: kex_parse_kexinit: > > ssh-rsa-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh- > rsa,ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384- > cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh- > dss-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ecdsa-sha2- > nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss > > debug2: kex_parse_kexinit: > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc, > 3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256- > cbc,arcfour,rijndael-...@lysator.liu.se > > debug2: kex_parse_kexinit: > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc, > 3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256- > cbc,arcfour,rijndael-...@lysator.liu.se > > debug2: kex_parse_kexinit: > > hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac- > ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: > > hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac- > ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: first_kex_follows 0 > > debug2: kex_parse_kexinit: reserved 0 > > debug2: kex_parse_kexinit: > > curve25519-sha...@libssh.org,ecdh-sha2-nistp521,ecdh-sha2- > nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie- > hellman-group1-sha1,kexgue...@matt.ucc.asn.au > > debug2: kex_parse_kexinit: ssh-rsa > > debug2: kex_parse_kexinit: > > aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256- > cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc > > debug2: kex_parse_kexinit: > > aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256- > cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc > > debug2: kex_parse_kexinit: > > hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5 > > debug2: kex_parse_kexinit: > > hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5 > > debug2: kex_parse_kexinit: z...@openssh.com,none > > debug2: kex_parse_kexinit: z...@openssh.com,none > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: first_kex_follows 0 > > debug2: kex_parse_kexinit: reserved 0 > > debug2: mac_setup: found hmac-md5 > > debug1: kex: server->client aes128-ctr hmac-md5 none > > debug2: mac_setup: found hmac-md5 > > debug1: kex: client->server aes128-ctr hmac-md5 none > > debug1: sending SSH2_MSG_KEX_ECDH_INIT > > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY > > Bad packet length 1414676803. > > Disconnecting: Packet corrupt > > > ---------------------------------------------------------------------------------------------------------------------------- > > tcpdump of the session setup sequence is attached. > > > > thanks in advance, > > Hariharasubramanian R. > > Power Firmware Development > > IBM India Systems & Technology Lab, Bangalore, India > > Phone: +91 80 4025 5075 >