[jira] [Created] (SSHD-1351) Interoperability problem with SFTP server

[Roberto Deandrea (Jira)]

Roberto Deandrea created SSHD-1351:
--------------------------------------

             Summary: Interoperability problem with SFTP server
                 Key: SSHD-1351
                 URL: https://issues.apache.org/jira/browse/SSHD-1351
             Project: MINA SSHD
          Issue Type: Question
    Affects Versions: 2.12.1
            Reporter: Roberto Deandrea
         Attachments: sshd-client.log

Hi, we have a strange interoperability problem with a remote SFTP Server.

The Apache SSHD-based  sftp client manifests  an 'invalid packet' error after 
the SSH handshake completed during user authentication, in a point where SSH 
frames are encrypted and MAcd.

+The client sends SSH_MSG_USERAUTH_REQUEST, the remote SFTP server should reply 
 with SSH  message  SSH_MSG_USERAUTH_FAILURE where shows authentication methods 
 required. (i.e. password,publickey), instead it receives a  corrupted and 
clear test SSH frame...+

         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
{+}-------{-}{-}{+}-----------------------------------------------{-}++{-}---------------
|00000000|00 00 00 3c 0b 07 00 00 00 01 00 00 00 0f 73 65|...<..........se|
|00000010|72 76 65 72 2d 73 69 67 2d 61 6c 67 73 00 00 00|rver-sig-algs...|
|00000020|14 73 73 68 2d 72 73 61 2c 72 73 61 2d 73 68 61|.ssh-rsa,rsa-sha|
|00000030|32 2d 35 31 32 1a d9 a4 f6 c9 b2 b3 f4 90 f8 7a|2-512..........z|
|00000040|ce 70 a5 49 7d 8f 98 64 49 3f 7a bb 87 4c ad 54|.p.I}..dI?z..L.T|
|00000050|02 cd c7 cf d2 ed 24 88 82 f2 70 27 ad a1 73 75|......$...p'..su|

{+}-------{-}{-}{+}-----------------------------------------------{-}++{-}---------------
[3/19/26 12:48:49:583 CET] 0004506d  W UOW= 
source=org.apache.sshd.client.session.ClientSessionImpl 
class=org.apache.sshd.common.util.logging.LoggingUtils method=warn 
thread=[nioEventLoopGroup-12214-1]
          
exceptionCaught(ClientSessionImpl[st_afb6001@/62.241.29.227:2222])[state=Opened]
 SshException: Invalid packet length: -397112322
          org.apache.sshd.common.SshException: Invalid packet length: -397112322

 

*This frame seems a chunk of message SSH_MSG_EXT_INFO which should be exchanged 
before user authentication, but it seems that this message was received out of 
sequence*

*It seems that this is a protocol error caused by remote SFTP server.*

This SFTP connection works only when aes-128-ctr is negotiated as a cipher, but 
it could be a coincidence.

When this error happens the negotiated cipher is aes-128-cbc.

 

Questions :
 # What do you think about this issue ?
 # I guess this is a problem inside the remote SFTP server. Can you confirm ?

 

Thank you for your attention.

Kind Regards

Roberto 

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org