subject:"Re\: ssh disconnects due to corrupt packet \(dropbear compiled with DEBUG

Re: ssh disconnects due to corrupt packet (dropbear compiled with DEBUG_TRACE)

2017-10-12 Thread Hariharasubramanian Ramasubramanian



Thanks Matt.

You are right that dropbear is being run from inetd through a systemd
service file.
However, the logs are configured to go into syslog (i.e. _no_ -E switch).

-
The configuration in dropbear@.service is as follows:
[Unit]
Description=SSH Per-Connection Server
Wants=dropbearkey.service
After=syslog.target dropbearkey.service
[Service]
Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear"
EnvironmentFile=-/etc/default/dropbear

ExecStart=-@SBINDIR@/dropbear -i -I 5 -v -r ${DROPBEAR_RSAKEY_DIR}/
dropbear_rsa_host_key

ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
StandardInput=socket
KillMode=process

-

>
> From: Matt Johnston <m...@ucc.asn.au>
> To: Hariharasubramanian Ramasubramanian <hrama...@in.ibm.com>
> Cc: dropbear@ucc.asn.au
> Date: 10/11/2017 04:18 PM
> Subject: Re: ssh disconnects due to corrupt packet (dropbear
> compiled with DEBUG_TRACE)
>
> Hi,
>
> It looks like you're running in from inetd and the TRACE output is
> ending up getting sent over the network socket. The length 1414676803 is
> 'TRAC' converted to ascii.
> I guess dropbear is running with "-E", or what is the configuration?
> That won't work, you'll need to log to syslog instead (the default) when
> using inetd.
> I can't think of any known issues in 2016.74 causing messages like that
> - if you keep seeing it could you send me the logs/pcap off-list,
> without -v.
>
> Cheers,
> Matt
>
> On 2017-10-11 11:25 am, Hariharasubramanian Ramasubramanian wrote:
>
> > I was observing occasional connection disconnect during session setup
> > with dropber version 2016.74.
> >
> > I compiled dropbear (version 2016.74) with DEBUG_TRACE flag on (in
> > debug.h) to help me debug these session setup errors.
> >
> > However when I run dropbear with the -v switch, client fails to
> > connect, _everytime_.
> >
> > The client (9.41.166.131) is OpenSSH_5.8p2 running on RHEL 6.4.
> > The server (9.3.21.44) is dropbear_2016.74
> >
> > 1) Is this a known issue in dropbear_2016.74 ?
> > 2) Also please suggest how I can debug ssh session setup failures with
> > dropbear server ?
> >
> >
>


> > The output of ssh -vvv root@9.3.21.44 is as follows:
> > -bash-4.1$ ssh -vvv root@9.3.21.44
> > OpenSSH_5.8p2, OpenSSL 1.0.0g 18 Jan 2012
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug1: Applying options for *
> > debug2: ssh_connect: needpriv 0
> > debug1: Connecting to 9.3.21.44 [9.3.21.44] port 22.
> > debug1: Connection established.
> > debug1: identity file
> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa type -1
> > debug1: identity file
> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa-cert type -1
> > debug1: identity file
> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa type -1
> > debug1: identity file
> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa-cert type -1
> > debug1: identity file
> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa type -1
> > debug1: identity file
> > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa-cert type -1
> > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed
> > loading /var/lib/dropbear/dropbear_rsa_host_key
> > debug1: ssh_exchange_identification: TRACE (1522) 0.00: leave
> > loadhostkey
> > debug1: ssh_exchange_identification: TRACE (1522) 0.001107: enter
> > buf_get_rsa_priv_key
> > debug1: ssh_exchange_identification: TRACE (1522) 0.001398: enter
> > buf_get_rsa_pub_key
> > debug1: ssh_exchange_identification: TRACE (1522) 0.002371: leave
> > buf_get_rsa_pub_key: success
> > debug1: ssh_exchange_identification: TRACE (1522) 0.003364: leave
> > buf_get_rsa_priv_key
> > debug1: ssh_exchange_identification: TRACE (1522) 0.003685: leave
> > loadhostkey
> > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed
> > loading /etc/dropbear/dropbear_dss_host_key
> > debug1: ssh_exchange_identification: TRACE (1522) 0.009414: leave
> > loadhostkey
> > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed
> > loading /etc/dropbear/dropbear_ecdsa_host_key
> > debug1: ssh_exchange_identification: TRACE (1522) 0.014786: leave
> > loadhostkey
> > debug1: ssh_exchange_identification: TRACE (1522) 0.014964: Disabling
> > key type 1
> > debug1: ssh_exchange_identification: TRACE (1522) 0.015427: Disabling
> > key type 2
> > debug1: ssh_exchange_identification: TRACE (1522) 0.016107: Disablin

Re: ssh disconnects due to corrupt packet (dropbear compiled with DEBUG_TRACE)

2017-10-11 Thread Matt Johnston


Hi,

It looks like you're running in from inetd and the TRACE output is 
ending up getting sent over the network socket. The length 1414676803 is 
'TRAC' converted to ascii.
I guess dropbear is running with "-E", or what is the configuration? 
That won't work, you'll need to log to syslog instead (the default) when 
using inetd.
I can't think of any known issues in 2016.74 causing messages like that 
- if you keep seeing it could you send me the logs/pcap off-list, 
without -v.


Cheers,
Matt

On 2017-10-11 11:25 am, Hariharasubramanian Ramasubramanian wrote:

I was observing occasional connection disconnect during session setup 
with dropber version 2016.74.


I compiled dropbear (version 2016.74) with DEBUG_TRACE flag on (in 
debug.h) to help me debug these session setup errors.


However when I run dropbear with the -v switch, client fails to 
connect, _everytime_.


The client (9.41.166.131) is OpenSSH_5.8p2 running on RHEL 6.4.
The server (9.3.21.44) is dropbear_2016.74

1) Is this a known issue in dropbear_2016.74 ?
2) Also please suggest how I can debug ssh session setup failures with 
dropbear server ?



The output of ssh -vvv root@9.3.21.44 is as follows:
-bash-4.1$ ssh -vvv root@9.3.21.44
OpenSSH_5.8p2, OpenSSL 1.0.0g 18 Jan 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 9.3.21.44 [9.3.21.44] port 22.
debug1: Connection established.
debug1: identity file 
/afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa type -1
debug1: identity file 
/afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa-cert type -1
debug1: identity file 
/afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa type -1
debug1: identity file 
/afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa-cert type -1
debug1: identity file 
/afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa type -1
debug1: identity file 
/afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa-cert type -1
debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed 
loading /var/lib/dropbear/dropbear_rsa_host_key
debug1: ssh_exchange_identification: TRACE (1522) 0.00: leave 
loadhostkey
debug1: ssh_exchange_identification: TRACE (1522) 0.001107: enter 
buf_get_rsa_priv_key
debug1: ssh_exchange_identification: TRACE (1522) 0.001398: enter 
buf_get_rsa_pub_key
debug1: ssh_exchange_identification: TRACE (1522) 0.002371: leave 
buf_get_rsa_pub_key: success
debug1: ssh_exchange_identification: TRACE (1522) 0.003364: leave 
buf_get_rsa_priv_key
debug1: ssh_exchange_identification: TRACE (1522) 0.003685: leave 
loadhostkey
debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed 
loading /etc/dropbear/dropbear_dss_host_key
debug1: ssh_exchange_identification: TRACE (1522) 0.009414: leave 
loadhostkey
debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed 
loading /etc/dropbear/dropbear_ecdsa_host_key
debug1: ssh_exchange_identification: TRACE (1522) 0.014786: leave 
loadhostkey
debug1: ssh_exchange_identification: TRACE (1522) 0.014964: Disabling 
key type 1
debug1: ssh_exchange_identification: TRACE (1522) 0.015427: Disabling 
key type 2
debug1: ssh_exchange_identification: TRACE (1522) 0.016107: Disabling 
key type 3
debug1: ssh_exchange_identification: TRACE (1522) 0.016541: Disabling 
key type 4
debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Child 
connection from :::9.41.166.131:49818
debug1: ssh_exchange_identification: TRACE (1522) 0.030210: enter 
session_init
debug1: ssh_exchange_identification: TRACE (1522) 0.030381: 
setnonblocking: 0
debug1: ssh_exchange_identification: TRACE (1522) 0.031095: leave 
setnonblocking
debug1: ssh_exchange_identification: TRACE (1522) 0.031521: 
setnonblocking: 0
debug1: ssh_exchange_identification: TRACE (1522) 0.031948: leave 
setnonblocking
debug1: ssh_exchange_identification: TRACE (1522) 0.032572: 
update_channel_prio
debug1: ssh_exchange_identification: TRACE (1522) 0.033036: 
update_channel_prio: not any
debug1: ssh_exchange_identification: TRACE (1522) 0.033453: Dropbear 
priority transitioning 10 -> 11
debug1: ssh_exchange_identification: TRACE (1522) 0.034171: 
setnonblocking: 4
debug1: ssh_exchange_identification: TRACE (1522) 0.034642: leave 
setnonblocking
debug1: ssh_exchange_identification: TRACE (1522) 0.035068: 
setnonblocking: 5
debug1: ssh_exchange_identification: TRACE (1522) 0.035746: leave 
setnonblocking
debug1: ssh_exchange_identification: TRACE (1522) 0.036801: leave 
session_init
debug1: ssh_exchange_identification: TRACE (1522) 0.037927: 
kexinitialise()
debug1: ssh_exchange_identification: TRACE (1522) 0.038795: 
DATAALLOWED=0

debug1: ssh_exchange_identification: TRACE (1522) 0.039085: -> KEXINIT
debug1: ssh_exchange_identification: TRACE (1522) 0.039748: enter 
set_connect_fds
debug1: ssh_exchange_identification: TRACE (1522)

Re: ssh disconnects due to corrupt packet (dropbear compiled with DEBUG_TRACE)

Re: ssh disconnects due to corrupt packet (dropbear compiled with DEBUG_TRACE)

2 matches

Site Navigation

Mail list logo

Footer information