Re: ssh disconnects due to corrupt packet (dropbear compiled with DEBUG_TRACE)
Thanks Matt. You are right that dropbear is being run from inetd through a systemd service file. However, the logs are configured to go into syslog (i.e. _no_ -E switch). - The configuration in dropbear@.service is as follows: [Unit] Description=SSH Per-Connection Server Wants=dropbearkey.service After=syslog.target dropbearkey.service [Service] Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear" EnvironmentFile=-/etc/default/dropbear ExecStart=-@SBINDIR@/dropbear -i -I 5 -v -r ${DROPBEAR_RSAKEY_DIR}/ dropbear_rsa_host_key ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID StandardInput=socket KillMode=process - > > From: Matt Johnston <m...@ucc.asn.au> > To: Hariharasubramanian Ramasubramanian <hrama...@in.ibm.com> > Cc: dropbear@ucc.asn.au > Date: 10/11/2017 04:18 PM > Subject: Re: ssh disconnects due to corrupt packet (dropbear > compiled with DEBUG_TRACE) > > Hi, > > It looks like you're running in from inetd and the TRACE output is > ending up getting sent over the network socket. The length 1414676803 is > 'TRAC' converted to ascii. > I guess dropbear is running with "-E", or what is the configuration? > That won't work, you'll need to log to syslog instead (the default) when > using inetd. > I can't think of any known issues in 2016.74 causing messages like that > - if you keep seeing it could you send me the logs/pcap off-list, > without -v. > > Cheers, > Matt > > On 2017-10-11 11:25 am, Hariharasubramanian Ramasubramanian wrote: > > > I was observing occasional connection disconnect during session setup > > with dropber version 2016.74. > > > > I compiled dropbear (version 2016.74) with DEBUG_TRACE flag on (in > > debug.h) to help me debug these session setup errors. > > > > However when I run dropbear with the -v switch, client fails to > > connect, _everytime_. > > > > The client (9.41.166.131) is OpenSSH_5.8p2 running on RHEL 6.4. > > The server (9.3.21.44) is dropbear_2016.74 > > > > 1) Is this a known issue in dropbear_2016.74 ? > > 2) Also please suggest how I can debug ssh session setup failures with > > dropbear server ? > > > > > > > The output of ssh -vvv root@9.3.21.44 is as follows: > > -bash-4.1$ ssh -vvv root@9.3.21.44 > > OpenSSH_5.8p2, OpenSSL 1.0.0g 18 Jan 2012 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug1: Applying options for * > > debug2: ssh_connect: needpriv 0 > > debug1: Connecting to 9.3.21.44 [9.3.21.44] port 22. > > debug1: Connection established. > > debug1: identity file > > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa type -1 > > debug1: identity file > > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa-cert type -1 > > debug1: identity file > > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa type -1 > > debug1: identity file > > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa-cert type -1 > > debug1: identity file > > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa type -1 > > debug1: identity file > > /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa-cert type -1 > > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed > > loading /var/lib/dropbear/dropbear_rsa_host_key > > debug1: ssh_exchange_identification: TRACE (1522) 0.00: leave > > loadhostkey > > debug1: ssh_exchange_identification: TRACE (1522) 0.001107: enter > > buf_get_rsa_priv_key > > debug1: ssh_exchange_identification: TRACE (1522) 0.001398: enter > > buf_get_rsa_pub_key > > debug1: ssh_exchange_identification: TRACE (1522) 0.002371: leave > > buf_get_rsa_pub_key: success > > debug1: ssh_exchange_identification: TRACE (1522) 0.003364: leave > > buf_get_rsa_priv_key > > debug1: ssh_exchange_identification: TRACE (1522) 0.003685: leave > > loadhostkey > > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed > > loading /etc/dropbear/dropbear_dss_host_key > > debug1: ssh_exchange_identification: TRACE (1522) 0.009414: leave > > loadhostkey > > debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed > > loading /etc/dropbear/dropbear_ecdsa_host_key > > debug1: ssh_exchange_identification: TRACE (1522) 0.014786: leave > > loadhostkey > > debug1: ssh_exchange_identification: TRACE (1522) 0.014964: Disabling > > key type 1 > > debug1: ssh_exchange_identification: TRACE (1522) 0.015427: Disabling > > key type 2 > > debug1: ssh_exchange_identification: TRACE (1522) 0.016107: Disablin
Re: ssh disconnects due to corrupt packet (dropbear compiled with DEBUG_TRACE)
Hi, It looks like you're running in from inetd and the TRACE output is ending up getting sent over the network socket. The length 1414676803 is 'TRAC' converted to ascii. I guess dropbear is running with "-E", or what is the configuration? That won't work, you'll need to log to syslog instead (the default) when using inetd. I can't think of any known issues in 2016.74 causing messages like that - if you keep seeing it could you send me the logs/pcap off-list, without -v. Cheers, Matt On 2017-10-11 11:25 am, Hariharasubramanian Ramasubramanian wrote: I was observing occasional connection disconnect during session setup with dropber version 2016.74. I compiled dropbear (version 2016.74) with DEBUG_TRACE flag on (in debug.h) to help me debug these session setup errors. However when I run dropbear with the -v switch, client fails to connect, _everytime_. The client (9.41.166.131) is OpenSSH_5.8p2 running on RHEL 6.4. The server (9.3.21.44) is dropbear_2016.74 1) Is this a known issue in dropbear_2016.74 ? 2) Also please suggest how I can debug ssh session setup failures with dropbear server ? The output of ssh -vvv root@9.3.21.44 is as follows: -bash-4.1$ ssh -vvv root@9.3.21.44 OpenSSH_5.8p2, OpenSSL 1.0.0g 18 Jan 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 9.3.21.44 [9.3.21.44] port 22. debug1: Connection established. debug1: identity file /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa type -1 debug1: identity file /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_rsa-cert type -1 debug1: identity file /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa type -1 debug1: identity file /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_dsa-cert type -1 debug1: identity file /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa type -1 debug1: identity file /afs/awd.austin.ibm.com/usr/u2/hramasub/.ssh/id_ecdsa-cert type -1 debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed loading /var/lib/dropbear/dropbear_rsa_host_key debug1: ssh_exchange_identification: TRACE (1522) 0.00: leave loadhostkey debug1: ssh_exchange_identification: TRACE (1522) 0.001107: enter buf_get_rsa_priv_key debug1: ssh_exchange_identification: TRACE (1522) 0.001398: enter buf_get_rsa_pub_key debug1: ssh_exchange_identification: TRACE (1522) 0.002371: leave buf_get_rsa_pub_key: success debug1: ssh_exchange_identification: TRACE (1522) 0.003364: leave buf_get_rsa_priv_key debug1: ssh_exchange_identification: TRACE (1522) 0.003685: leave loadhostkey debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed loading /etc/dropbear/dropbear_dss_host_key debug1: ssh_exchange_identification: TRACE (1522) 0.009414: leave loadhostkey debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Failed loading /etc/dropbear/dropbear_ecdsa_host_key debug1: ssh_exchange_identification: TRACE (1522) 0.014786: leave loadhostkey debug1: ssh_exchange_identification: TRACE (1522) 0.014964: Disabling key type 1 debug1: ssh_exchange_identification: TRACE (1522) 0.015427: Disabling key type 2 debug1: ssh_exchange_identification: TRACE (1522) 0.016107: Disabling key type 3 debug1: ssh_exchange_identification: TRACE (1522) 0.016541: Disabling key type 4 debug1: ssh_exchange_identification: [1522] Oct 09 11:35:43 Child connection from :::9.41.166.131:49818 debug1: ssh_exchange_identification: TRACE (1522) 0.030210: enter session_init debug1: ssh_exchange_identification: TRACE (1522) 0.030381: setnonblocking: 0 debug1: ssh_exchange_identification: TRACE (1522) 0.031095: leave setnonblocking debug1: ssh_exchange_identification: TRACE (1522) 0.031521: setnonblocking: 0 debug1: ssh_exchange_identification: TRACE (1522) 0.031948: leave setnonblocking debug1: ssh_exchange_identification: TRACE (1522) 0.032572: update_channel_prio debug1: ssh_exchange_identification: TRACE (1522) 0.033036: update_channel_prio: not any debug1: ssh_exchange_identification: TRACE (1522) 0.033453: Dropbear priority transitioning 10 -> 11 debug1: ssh_exchange_identification: TRACE (1522) 0.034171: setnonblocking: 4 debug1: ssh_exchange_identification: TRACE (1522) 0.034642: leave setnonblocking debug1: ssh_exchange_identification: TRACE (1522) 0.035068: setnonblocking: 5 debug1: ssh_exchange_identification: TRACE (1522) 0.035746: leave setnonblocking debug1: ssh_exchange_identification: TRACE (1522) 0.036801: leave session_init debug1: ssh_exchange_identification: TRACE (1522) 0.037927: kexinitialise() debug1: ssh_exchange_identification: TRACE (1522) 0.038795: DATAALLOWED=0 debug1: ssh_exchange_identification: TRACE (1522) 0.039085: -> KEXINIT debug1: ssh_exchange_identification: TRACE (1522) 0.039748: enter set_connect_fds debug1: ssh_exchange_identification: TRACE (1522)