116-7 commented on issue #263: URL: https://github.com/apache/mina-sshd/issues/263#issuecomment-2267570753
@tomaswolf sorry to bring this up in this old thread but I have run into an issue with an older version of mina-sshd, 2.8.0 and I am wondering if this fix would resolve the issue. Unfortunately I cannot just update the version myself as the dependency is deep within a piece of software that I do not control the source code to and is also behind multiple layers of corporate bureaucracy let's say. The gist of the issue is that when attempting to establish an ssh session to a mina-sshd 2.8.0 instance there appears to be a race condition that shows up intermittently as a "banner exchange: Connection to xxx.xxx.xxx.xxx port 22: invalid format" error. The sequence appears to be the following: 1) The client opens the connection and the initial TCP handshake completes successfully 2) The server's first data packet with a relative TCP sequence number of 1 (e.g. first packet after the SYN,ACK) is the key exchange init rather than the protocol negotiation. 3) OpenSSH sends a TCP RST and the connection attempt fails because it panics if the first input on the socket isn't the protocol negotiation packet. At step 2 for a successful connection the protocol negotiation packet is sent first and the connection opens as expected but it seems that around 1/20 attempts to connect result in the key exchange init being sent first. Java, and especially multi-threaded Java is not my area of expertise so I'm not sure if this patch would also fix the above issue. I had a look around the project's code to see if I could see anything and it seems like there are some futures and whatnot at play during a session initialisation but I couldn't tell if the key exchange waited for the protocol negotiation to complete. I'm also not sure if your patch being at the level of the output stream writing phase would side-step the need for key exchange to wait for the protocol negotiation future to complete. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
