[jira] [Comment Edited] (SSHD-942) SSH session crashes on high latency network
[ https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935536#comment-16935536 ] Goldstein Lyor edited comment on SSHD-942 at 9/23/19 4:52 AM: -- {quote} Shouldn't there be a companion default listener that can be used, to detect client protocol misbehavior problems , that you mentioned in your last comment? {quote} I added a {{ChannelIdTrackingUnknownChannelReferenceHandler}} implementation in the _sshd-contrib_ package that behaves along the lines I have suggested. was (Author: lgoldstein): {quote} Shouldn't there be a companion default listener that can be used, to detect client protocol misbehavior problems , that you mentioned in your last comment? {quote} Yes, there should, but I am not 100% sure what it's recommended behavior should be, and more important how to test it. > SSH session crashes on high latency network > --- > > Key: SSHD-942 > URL: https://issues.apache.org/jira/browse/SSHD-942 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 1.7.0, 2.0.0, 2.3.0 >Reporter: David Ostrovsky >Assignee: Goldstein Lyor >Priority: Major > > Gerrit users report problem: [1] with {{git clone/fetch/pull}} operations on > high latency network, after upgrading Gerrit to 2.16.x from 2.15.x that > effectively means upgrade of SSHD from 1.6.0 to 1.7.0 and to 2.0.0. > The error on SSHD 2.0.0 (Gerrit 2.16) is: > {noformat} > [2019-09-16 10:27:14,256] [sshd-SshServer[24facb47]-nio2-thread-8] WARN > org.apache.sshd.server.session.ServerSessionImpl : > exceptionCaught(ServerSessionImpl[usexxx@/172.x.x.1:63306])[state=Opened] > SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on > unknown channel 0 > {noformat} > Note that the attempt to upgrade SSHD in Gerrit to 2.3.0 in this CL: [2], > didn't fix the problem: > {noformat} > [2019-09-17 14:05:27,923] [sshd-SshDaemon[189c6683](port=22)-nio2-thread-4] > WARN org.apache.sshd.server.session.ServerSessionImpl : > exceptionCaught(ServerSessionImpl[@/:55212])[state=Opened] > SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on > unknown channel 3 > [2019-09-17 14:05:27,924] [SSH git-upload-pack ()] ERROR > com.google.gerrit.sshd.BaseCommand : Internal server error (user > account 1000190) during git-upload-pack '' > org.apache.sshd.common.channel.WindowClosedException: Already closed: > Window[server/remote](ChannelSession[id=2, > recipient=6]-ServerSessionImpl[@/:55212]) > at org.apache.sshd.common.channel.Window.waitForCondition(Window.java:302) > at org.apache.sshd.common.channel.Window.waitForSpace(Window.java:252) > {noformat} > Also note, that downgrade to 1.7.0: [3] didn't fix the problem either. Only > after downgrade to SSH 1.6.0: [4] the problem disappeared, and only warnings > left in the log: > {noformat} > [2019-09-18 09:24:52,755] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 12 > [2019-09-18 09:24:52,756] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 13 > [2019-09-18 09:25:02,576] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 15 > [2019-09-18 09:25:36,508] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 18 > [2019-09-18 09:25:57,527] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 19 > [2019-09-18 09:30:16,488] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 21 > {noformat} > [1] > [https://bugs.chromium.org/p/gerrit/issues/detail?id=11491|https://bugs.chromium.org/p/gerrit/issues/detail?id=11491;] > [2] [https://gerrit-review.googlesource.com/c/gerrit/+/207752] > [3] [https://gerrit-review.googlesource.com/c/gerrit/+/237730] > [4] [https://gerrit-review.googlesource.com/c/gerrit/+/237731] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-942) SSH session crashes on high latency network
[ https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935536#comment-16935536 ] Goldstein Lyor commented on SSHD-942: - {quote} Shouldn't there be a companion default listener that can be used, to detect client protocol misbehavior problems , that you mentioned in your last comment? {quote} Yes, there should, but I am not 100% sure what it's recommended behavior should be, and more important how to test it. > SSH session crashes on high latency network > --- > > Key: SSHD-942 > URL: https://issues.apache.org/jira/browse/SSHD-942 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 1.7.0, 2.0.0, 2.3.0 >Reporter: David Ostrovsky >Assignee: Goldstein Lyor >Priority: Major > > Gerrit users report problem: [1] with {{git clone/fetch/pull}} operations on > high latency network, after upgrading Gerrit to 2.16.x from 2.15.x that > effectively means upgrade of SSHD from 1.6.0 to 1.7.0 and to 2.0.0. > The error on SSHD 2.0.0 (Gerrit 2.16) is: > {noformat} > [2019-09-16 10:27:14,256] [sshd-SshServer[24facb47]-nio2-thread-8] WARN > org.apache.sshd.server.session.ServerSessionImpl : > exceptionCaught(ServerSessionImpl[usexxx@/172.x.x.1:63306])[state=Opened] > SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on > unknown channel 0 > {noformat} > Note that the attempt to upgrade SSHD in Gerrit to 2.3.0 in this CL: [2], > didn't fix the problem: > {noformat} > [2019-09-17 14:05:27,923] [sshd-SshDaemon[189c6683](port=22)-nio2-thread-4] > WARN org.apache.sshd.server.session.ServerSessionImpl : > exceptionCaught(ServerSessionImpl[@/:55212])[state=Opened] > SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on > unknown channel 3 > [2019-09-17 14:05:27,924] [SSH git-upload-pack ()] ERROR > com.google.gerrit.sshd.BaseCommand : Internal server error (user > account 1000190) during git-upload-pack '' > org.apache.sshd.common.channel.WindowClosedException: Already closed: > Window[server/remote](ChannelSession[id=2, > recipient=6]-ServerSessionImpl[@/:55212]) > at org.apache.sshd.common.channel.Window.waitForCondition(Window.java:302) > at org.apache.sshd.common.channel.Window.waitForSpace(Window.java:252) > {noformat} > Also note, that downgrade to 1.7.0: [3] didn't fix the problem either. Only > after downgrade to SSH 1.6.0: [4] the problem disappeared, and only warnings > left in the log: > {noformat} > [2019-09-18 09:24:52,755] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 12 > [2019-09-18 09:24:52,756] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 13 > [2019-09-18 09:25:02,576] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 15 > [2019-09-18 09:25:36,508] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 18 > [2019-09-18 09:25:57,527] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 19 > [2019-09-18 09:30:16,488] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 21 > {noformat} > [1] > [https://bugs.chromium.org/p/gerrit/issues/detail?id=11491|https://bugs.chromium.org/p/gerrit/issues/detail?id=11491;] > [2] [https://gerrit-review.googlesource.com/c/gerrit/+/207752] > [3] [https://gerrit-review.googlesource.com/c/gerrit/+/237730] > [4] [https://gerrit-review.googlesource.com/c/gerrit/+/237731] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-942) SSH session crashes on high latency network
[ https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935402#comment-16935402 ] David Ostrovsky edited comment on SSHD-942 at 9/22/19 7:15 PM: --- I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}} that can be used, and in fact even {{BaseBuilder}} class makes use of it: {code:java} protected S fillWithDefaultValues() { if (randomFactory == null) { randomFactory = new SingletonRandomFactory(SecurityUtils.getRandomFactory()); } if (cipherFactories == null) { cipherFactories = setUpDefaultCiphers(false); } if (macFactories == null) { macFactories = setUpDefaultMacs(false); } if (fileSystemFactory == null) { fileSystemFactory = DEFAULT_FILE_SYSTEM_FACTORY; } if (forwardingFilter == null) { forwardingFilter = DEFAULT_FORWARDING_FILTER; } if (forwarderFactory == null) { forwarderFactory = DEFAULT_FORWARDER_FACTORY; } if (unknownChannelReferenceHandler == null) { unknownChannelReferenceHandler = DEFAULT_UNKNOWN_CHANNEL_REFERENCE_HANDLER; } return me(); } {code} So that the fix was: {code:java} diff --git a/java/com/google/gerrit/sshd/SshDaemon.java b/java/com/google/gerrit/sshd/SshDaemon.java index ef356f1687..433e0e92dd 100644 --- a/java/com/google/gerrit/sshd/SshDaemon.java +++ b/java/com/google/gerrit/sshd/SshDaemon.java @@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random; import org.apache.sshd.common.random.SingletonRandomFactory; import org.apache.sshd.common.session.ConnectionService; import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler; import org.apache.sshd.common.util.buffer.Buffer; import org.apache.sshd.common.util.buffer.ByteArrayBuffer; import org.apache.sshd.common.util.net.SshdSocketAddress; @@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { initMacs(cfg); initSignatures(); initChannels(); +initUnknownChannelReferenceHandler(); initForwarding(); initFileSystemFactory(); initSubsystems(); @@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES); } + private void initUnknownChannelReferenceHandler() { + setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE); + } + private void initSubsystems() { setSubsystemFactories(Collections.>emptyList()); } {code} Shouldn't there be a companion default listener that can be used, to detect client protocol misbehavior problems , that you mentioned in your last comment? was (Author: davido2): I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}} that can be used, and in fact even {{BaseBuilder}} class makes use of it: {code:java} protected S fillWithDefaultValues() { if (randomFactory == null) { randomFactory = new SingletonRandomFactory(SecurityUtils.getRandomFactory()); } if (cipherFactories == null) { cipherFactories = setUpDefaultCiphers(false); } if (macFactories == null) { macFactories = setUpDefaultMacs(false); } if (fileSystemFactory == null) { fileSystemFactory = DEFAULT_FILE_SYSTEM_FACTORY; } if (forwardingFilter == null) { forwardingFilter = DEFAULT_FORWARDING_FILTER; } if (forwarderFactory == null) { forwarderFactory = DEFAULT_FORWARDER_FACTORY; } if (unknownChannelReferenceHandler == null) { unknownChannelReferenceHandler = DEFAULT_UNKNOWN_CHANNEL_REFERENCE_HANDLER; } return me(); } {code} So that the fix was: {code:java} diff --git a/java/com/google/gerrit/sshd/SshDaemon.java b/java/com/google/gerrit/sshd/SshDaemon.java index ef356f1687..433e0e92dd 100644 --- a/java/com/google/gerrit/sshd/SshDaemon.java +++ b/java/com/google/gerrit/sshd/SshDaemon.java @@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random; import org.apache.sshd.common.random.SingletonRandomFactory; import org.apache.sshd.common.session.ConnectionService; import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler; import org.apache.sshd.common.util.buffer.Buffer; import org.apache.sshd.common.util.buffer.ByteArrayBuffer; import org.apache.sshd.common.util.net.SshdSocketAddress; @@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { initMacs(cfg); initSignatures();
[jira] [Comment Edited] (SSHD-942) SSH session crashes on high latency network
[ https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935402#comment-16935402 ] David Ostrovsky edited comment on SSHD-942 at 9/22/19 7:13 PM: --- I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}} that can be used, and in fact even {{BaseBuilder}} class makes use of it: {code:java} protected S fillWithDefaultValues() { if (randomFactory == null) { randomFactory = new SingletonRandomFactory(SecurityUtils.getRandomFactory()); } if (cipherFactories == null) { cipherFactories = setUpDefaultCiphers(false); } if (macFactories == null) { macFactories = setUpDefaultMacs(false); } if (fileSystemFactory == null) { fileSystemFactory = DEFAULT_FILE_SYSTEM_FACTORY; } if (forwardingFilter == null) { forwardingFilter = DEFAULT_FORWARDING_FILTER; } if (forwarderFactory == null) { forwarderFactory = DEFAULT_FORWARDER_FACTORY; } if (unknownChannelReferenceHandler == null) { unknownChannelReferenceHandler = DEFAULT_UNKNOWN_CHANNEL_REFERENCE_HANDLER; } return me(); } {code} So that the fix was: {code:java} diff --git a/java/com/google/gerrit/sshd/SshDaemon.java b/java/com/google/gerrit/sshd/SshDaemon.java index ef356f1687..433e0e92dd 100644 --- a/java/com/google/gerrit/sshd/SshDaemon.java +++ b/java/com/google/gerrit/sshd/SshDaemon.java @@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random; import org.apache.sshd.common.random.SingletonRandomFactory; import org.apache.sshd.common.session.ConnectionService; import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler; import org.apache.sshd.common.util.buffer.Buffer; import org.apache.sshd.common.util.buffer.ByteArrayBuffer; import org.apache.sshd.common.util.net.SshdSocketAddress; @@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { initMacs(cfg); initSignatures(); initChannels(); +initUnknownChannelReferenceHandler(); initForwarding(); initFileSystemFactory(); initSubsystems(); @@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES); } + private void initUnknownChannelReferenceHandler() { + setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE); + } + private void initSubsystems() { setSubsystemFactories(Collections.>emptyList()); } {code} Shouldn't there be a companion default listener that can be used, to detect client misbehavior, that you mentioned in your last comment? was (Author: davido2): I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}} that can be used, so that the fix was: {code:java} diff --git a/java/com/google/gerrit/sshd/SshDaemon.java b/java/com/google/gerrit/sshd/SshDaemon.java index ef356f1687..433e0e92dd 100644 --- a/java/com/google/gerrit/sshd/SshDaemon.java +++ b/java/com/google/gerrit/sshd/SshDaemon.java @@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random; import org.apache.sshd.common.random.SingletonRandomFactory; import org.apache.sshd.common.session.ConnectionService; import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler; import org.apache.sshd.common.util.buffer.Buffer; import org.apache.sshd.common.util.buffer.ByteArrayBuffer; import org.apache.sshd.common.util.net.SshdSocketAddress; @@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { initMacs(cfg); initSignatures(); initChannels(); +initUnknownChannelReferenceHandler(); initForwarding(); initFileSystemFactory(); initSubsystems(); @@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES); } + private void initUnknownChannelReferenceHandler() { + setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE); + } + private void initSubsystems() { setSubsystemFactories(Collections.>emptyList()); } {code} Shouldn't there be a companion default listener that can be used, to detect client misbehavior, that you mentioned in your last comment? > SSH session crashes on high latency network > --- > > Key: SSHD-942 > URL: https://issues.apache.org/jira/browse/SSHD-942 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 1.7.0, 2.0.0, 2.3.0
[jira] [Comment Edited] (SSHD-942) SSH session crashes on high latency network
[ https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935402#comment-16935402 ] David Ostrovsky edited comment on SSHD-942 at 9/22/19 7:11 PM: --- I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}} that can be used, so that the fix was: {code:java} diff --git a/java/com/google/gerrit/sshd/SshDaemon.java b/java/com/google/gerrit/sshd/SshDaemon.java index ef356f1687..433e0e92dd 100644 --- a/java/com/google/gerrit/sshd/SshDaemon.java +++ b/java/com/google/gerrit/sshd/SshDaemon.java @@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random; import org.apache.sshd.common.random.SingletonRandomFactory; import org.apache.sshd.common.session.ConnectionService; import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler; import org.apache.sshd.common.util.buffer.Buffer; import org.apache.sshd.common.util.buffer.ByteArrayBuffer; import org.apache.sshd.common.util.net.SshdSocketAddress; @@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { initMacs(cfg); initSignatures(); initChannels(); +initUnknownChannelReferenceHandler(); initForwarding(); initFileSystemFactory(); initSubsystems(); @@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES); } + private void initUnknownChannelReferenceHandler() { + setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE); + } + private void initSubsystems() { setSubsystemFactories(Collections.>emptyList()); } {code} Shouldn't there be a companion default listener to detect client misbehavior, that you mentioned in your last comment? was (Author: davido2): I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}} that cane be used, so that the fix was: {code:java} diff --git a/java/com/google/gerrit/sshd/SshDaemon.java b/java/com/google/gerrit/sshd/SshDaemon.java index ef356f1687..433e0e92dd 100644 --- a/java/com/google/gerrit/sshd/SshDaemon.java +++ b/java/com/google/gerrit/sshd/SshDaemon.java @@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random; import org.apache.sshd.common.random.SingletonRandomFactory; import org.apache.sshd.common.session.ConnectionService; import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler; import org.apache.sshd.common.util.buffer.Buffer; import org.apache.sshd.common.util.buffer.ByteArrayBuffer; import org.apache.sshd.common.util.net.SshdSocketAddress; @@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { initMacs(cfg); initSignatures(); initChannels(); +initUnknownChannelReferenceHandler(); initForwarding(); initFileSystemFactory(); initSubsystems(); @@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES); } + private void initUnknownChannelReferenceHandler() { + setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE); + } + private void initSubsystems() { setSubsystemFactories(Collections.>emptyList()); } {code} Shouldn't there be a companion default listener to detect client misbehavior, that you mentioned in your last comment? > SSH session crashes on high latency network > --- > > Key: SSHD-942 > URL: https://issues.apache.org/jira/browse/SSHD-942 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 1.7.0, 2.0.0, 2.3.0 >Reporter: David Ostrovsky >Assignee: Goldstein Lyor >Priority: Major > > Gerrit users report problem: [1] with {{git clone/fetch/pull}} operations on > high latency network, after upgrading Gerrit to 2.16.x from 2.15.x that > effectively means upgrade of SSHD from 1.6.0 to 1.7.0 and to 2.0.0. > The error on SSHD 2.0.0 (Gerrit 2.16) is: > {noformat} > [2019-09-16 10:27:14,256] [sshd-SshServer[24facb47]-nio2-thread-8] WARN > org.apache.sshd.server.session.ServerSessionImpl : > exceptionCaught(ServerSessionImpl[usexxx@/172.x.x.1:63306])[state=Opened] > SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on > unknown channel 0 > {noformat} > Note that the attempt to upgrade SSHD in Gerrit to 2.3.0 in this CL: [2], > didn't fix the problem: > {noformat} > [2019-09-17 14:05:27,923] [sshd-SshDaemon[189c6683](port=22)-nio2-thread-4] > WARN org.apache.sshd.server.session.ServerSessionImpl : >
[jira] [Comment Edited] (SSHD-942) SSH session crashes on high latency network
[ https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935402#comment-16935402 ] David Ostrovsky edited comment on SSHD-942 at 9/22/19 7:11 PM: --- I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}} that can be used, so that the fix was: {code:java} diff --git a/java/com/google/gerrit/sshd/SshDaemon.java b/java/com/google/gerrit/sshd/SshDaemon.java index ef356f1687..433e0e92dd 100644 --- a/java/com/google/gerrit/sshd/SshDaemon.java +++ b/java/com/google/gerrit/sshd/SshDaemon.java @@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random; import org.apache.sshd.common.random.SingletonRandomFactory; import org.apache.sshd.common.session.ConnectionService; import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler; import org.apache.sshd.common.util.buffer.Buffer; import org.apache.sshd.common.util.buffer.ByteArrayBuffer; import org.apache.sshd.common.util.net.SshdSocketAddress; @@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { initMacs(cfg); initSignatures(); initChannels(); +initUnknownChannelReferenceHandler(); initForwarding(); initFileSystemFactory(); initSubsystems(); @@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES); } + private void initUnknownChannelReferenceHandler() { + setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE); + } + private void initSubsystems() { setSubsystemFactories(Collections.>emptyList()); } {code} Shouldn't there be a companion default listener that can be used, to detect client misbehavior, that you mentioned in your last comment? was (Author: davido2): I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}} that can be used, so that the fix was: {code:java} diff --git a/java/com/google/gerrit/sshd/SshDaemon.java b/java/com/google/gerrit/sshd/SshDaemon.java index ef356f1687..433e0e92dd 100644 --- a/java/com/google/gerrit/sshd/SshDaemon.java +++ b/java/com/google/gerrit/sshd/SshDaemon.java @@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random; import org.apache.sshd.common.random.SingletonRandomFactory; import org.apache.sshd.common.session.ConnectionService; import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler; import org.apache.sshd.common.util.buffer.Buffer; import org.apache.sshd.common.util.buffer.ByteArrayBuffer; import org.apache.sshd.common.util.net.SshdSocketAddress; @@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { initMacs(cfg); initSignatures(); initChannels(); +initUnknownChannelReferenceHandler(); initForwarding(); initFileSystemFactory(); initSubsystems(); @@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES); } + private void initUnknownChannelReferenceHandler() { + setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE); + } + private void initSubsystems() { setSubsystemFactories(Collections.>emptyList()); } {code} Shouldn't there be a companion default listener to detect client misbehavior, that you mentioned in your last comment? > SSH session crashes on high latency network > --- > > Key: SSHD-942 > URL: https://issues.apache.org/jira/browse/SSHD-942 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 1.7.0, 2.0.0, 2.3.0 >Reporter: David Ostrovsky >Assignee: Goldstein Lyor >Priority: Major > > Gerrit users report problem: [1] with {{git clone/fetch/pull}} operations on > high latency network, after upgrading Gerrit to 2.16.x from 2.15.x that > effectively means upgrade of SSHD from 1.6.0 to 1.7.0 and to 2.0.0. > The error on SSHD 2.0.0 (Gerrit 2.16) is: > {noformat} > [2019-09-16 10:27:14,256] [sshd-SshServer[24facb47]-nio2-thread-8] WARN > org.apache.sshd.server.session.ServerSessionImpl : > exceptionCaught(ServerSessionImpl[usexxx@/172.x.x.1:63306])[state=Opened] > SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on > unknown channel 0 > {noformat} > Note that the attempt to upgrade SSHD in Gerrit to 2.3.0 in this CL: [2], > didn't fix the problem: > {noformat} > [2019-09-17 14:05:27,923] [sshd-SshDaemon[189c6683](port=22)-nio2-thread-4] > WARN org.apache.sshd.server.session.ServerSessionImpl : >
[jira] [Commented] (SSHD-942) SSH session crashes on high latency network
[ https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935402#comment-16935402 ] David Ostrovsky commented on SSHD-942: -- I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}} that cane be used, so that the fix was: {code:java} diff --git a/java/com/google/gerrit/sshd/SshDaemon.java b/java/com/google/gerrit/sshd/SshDaemon.java index ef356f1687..433e0e92dd 100644 --- a/java/com/google/gerrit/sshd/SshDaemon.java +++ b/java/com/google/gerrit/sshd/SshDaemon.java @@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random; import org.apache.sshd.common.random.SingletonRandomFactory; import org.apache.sshd.common.session.ConnectionService; import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler; import org.apache.sshd.common.util.buffer.Buffer; import org.apache.sshd.common.util.buffer.ByteArrayBuffer; import org.apache.sshd.common.util.net.SshdSocketAddress; @@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { initMacs(cfg); initSignatures(); initChannels(); +initUnknownChannelReferenceHandler(); initForwarding(); initFileSystemFactory(); initSubsystems(); @@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES); } + private void initUnknownChannelReferenceHandler() { + setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE); + } + private void initSubsystems() { setSubsystemFactories(Collections.>emptyList()); } {code} Shouldn't there be a companion default listener to detect client misbehavior, that you mentioned in your last comment? > SSH session crashes on high latency network > --- > > Key: SSHD-942 > URL: https://issues.apache.org/jira/browse/SSHD-942 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 1.7.0, 2.0.0, 2.3.0 >Reporter: David Ostrovsky >Assignee: Goldstein Lyor >Priority: Major > > Gerrit users report problem: [1] with {{git clone/fetch/pull}} operations on > high latency network, after upgrading Gerrit to 2.16.x from 2.15.x that > effectively means upgrade of SSHD from 1.6.0 to 1.7.0 and to 2.0.0. > The error on SSHD 2.0.0 (Gerrit 2.16) is: > {noformat} > [2019-09-16 10:27:14,256] [sshd-SshServer[24facb47]-nio2-thread-8] WARN > org.apache.sshd.server.session.ServerSessionImpl : > exceptionCaught(ServerSessionImpl[usexxx@/172.x.x.1:63306])[state=Opened] > SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on > unknown channel 0 > {noformat} > Note that the attempt to upgrade SSHD in Gerrit to 2.3.0 in this CL: [2], > didn't fix the problem: > {noformat} > [2019-09-17 14:05:27,923] [sshd-SshDaemon[189c6683](port=22)-nio2-thread-4] > WARN org.apache.sshd.server.session.ServerSessionImpl : > exceptionCaught(ServerSessionImpl[@/:55212])[state=Opened] > SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on > unknown channel 3 > [2019-09-17 14:05:27,924] [SSH git-upload-pack ()] ERROR > com.google.gerrit.sshd.BaseCommand : Internal server error (user > account 1000190) during git-upload-pack '' > org.apache.sshd.common.channel.WindowClosedException: Already closed: > Window[server/remote](ChannelSession[id=2, > recipient=6]-ServerSessionImpl[@/:55212]) > at org.apache.sshd.common.channel.Window.waitForCondition(Window.java:302) > at org.apache.sshd.common.channel.Window.waitForSpace(Window.java:252) > {noformat} > Also note, that downgrade to 1.7.0: [3] didn't fix the problem either. Only > after downgrade to SSH 1.6.0: [4] the problem disappeared, and only warnings > left in the log: > {noformat} > [2019-09-18 09:24:52,755] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 12 > [2019-09-18 09:24:52,756] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 13 > [2019-09-18 09:25:02,576] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 15 > [2019-09-18 09:25:36,508] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 18 > [2019-09-18 09:25:57,527] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 19 > [2019-09-18 09:30:16,488] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received >
[jira] [Commented] (SSHD-941) mina ssh client times out connecting with IOS 15.2
[ https://issues.apache.org/jira/browse/SSHD-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935361#comment-16935361 ] Goldstein Lyor commented on SSHD-941: - Thanks a lot [~wolft] for the valuable information. Assuming this is what is causing this problem there are 2 possible workarounds: 1. define system property {{org.apache.sshd.maxDHGexKeySize=4096}} (or whatever lower value is needed) 2. drop {{dhgex}} and {{dhgex256}} key exachange factories from the client setup > mina ssh client times out connecting with IOS 15.2 > -- > > Key: SSHD-941 > URL: https://issues.apache.org/jira/browse/SSHD-941 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.0.0 >Reporter: Yuefeng >Priority: Major > > Other device is Cisco IOS 15.2 - > IOS-15#show version > Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version > 15.2(CML_NIGHTLY_20180510)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, > synced to V152_6_0_81_E > > apache.sshd always times out connecting to this device - > > {code:java} > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:68 - Client session created: > Nio2Session[local=/10.10.20.1:41950, remote=/10.10.20.25:22] > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.s.ClientUserAuthService:101 - > ClientUserAuthService(ClientSessionImpl[null@/10.10.20.25:22]) client > methods: [publickey, keyboard-interactive, password] > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:1569 - > sendIdentification(ClientSessionImpl[null@/10.10.20.25:22]): > SSH-2.0-SSHD-CORE-2.0.0 > 2019-09-12 20:42:30.560Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:1716 - > sendKexInit(ClientSessionImpl[null@/10.10.20.25:22]) Send SSH_MSG_KEXINIT > 2019-09-12 20:42:30.560Z [collector-55326-2] DEBUG > o.a.s.c.s.ClientUserAuthService:150 - > auth(ClientSessionImpl[admin@/10.10.20.25:22])[ssh-connection] send > SSH_MSG_USERAUTH_REQUEST for 'none' > 2019-09-12 20:42:30.564Z [collector-55326-2] DEBUG > o.a.s.c.session.ClientSessionImpl:1110 - > writePacket(ClientSessionImpl[admin@/10.10.20.25:22])[SSH_MSG_USERAUTH_REQUEST] > Start flagging packets as pending until key exchange is done > 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG > o.a.s.c.session.ClientSessionImpl:1653 - > doReadIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) > line='SSH-2.0-Cisco-1.25' > 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG > o.a.s.c.session.ClientSessionImpl:375 - > readIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) Server version > string: SSH-2.0-Cisco-1.25 > 2019-09-12 20:42:50.565Z [collector-55326-2] WARN > c.forwardnetworks.client.web.a.b.e:181 - SSH auth failed: > DefaultAuthFuture[ssh-connection]: Failed to get operation result within > specified timeout: 2 > org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: > Failed to get operation result within specified timeout: 2 > {code} > > ssh on linux has no problem connecting - > {code:java} > root@eve-ng:/opt/fwd/logs# ssh - admin@10.10.20.25 > OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 19: Applying options for * > debug2: resolving "10.10.20.25" port 22 > debug2: ssh_connect_direct: needpriv 0 > debug1: Connecting to 10.10.20.25 [10.10.20.25] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519 type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 > debug1: Remote protocol version 2.0, remote software version Cisco-1.25 > debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x6000 > debug2: fd 3 setting
[jira] [Resolved] (SSHD-942) SSH session crashes on high latency network
[ https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Goldstein Lyor resolved SSHD-942. - Assignee: Goldstein Lyor Resolution: Workaround > SSH session crashes on high latency network > --- > > Key: SSHD-942 > URL: https://issues.apache.org/jira/browse/SSHD-942 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 1.7.0, 2.0.0, 2.3.0 >Reporter: David Ostrovsky >Assignee: Goldstein Lyor >Priority: Major > > Gerrit users report problem: [1] with {{git clone/fetch/pull}} operations on > high latency network, after upgrading Gerrit to 2.16.x from 2.15.x that > effectively means upgrade of SSHD from 1.6.0 to 1.7.0 and to 2.0.0. > The error on SSHD 2.0.0 (Gerrit 2.16) is: > {noformat} > [2019-09-16 10:27:14,256] [sshd-SshServer[24facb47]-nio2-thread-8] WARN > org.apache.sshd.server.session.ServerSessionImpl : > exceptionCaught(ServerSessionImpl[usexxx@/172.x.x.1:63306])[state=Opened] > SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on > unknown channel 0 > {noformat} > Note that the attempt to upgrade SSHD in Gerrit to 2.3.0 in this CL: [2], > didn't fix the problem: > {noformat} > [2019-09-17 14:05:27,923] [sshd-SshDaemon[189c6683](port=22)-nio2-thread-4] > WARN org.apache.sshd.server.session.ServerSessionImpl : > exceptionCaught(ServerSessionImpl[@/:55212])[state=Opened] > SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on > unknown channel 3 > [2019-09-17 14:05:27,924] [SSH git-upload-pack ()] ERROR > com.google.gerrit.sshd.BaseCommand : Internal server error (user > account 1000190) during git-upload-pack '' > org.apache.sshd.common.channel.WindowClosedException: Already closed: > Window[server/remote](ChannelSession[id=2, > recipient=6]-ServerSessionImpl[@/:55212]) > at org.apache.sshd.common.channel.Window.waitForCondition(Window.java:302) > at org.apache.sshd.common.channel.Window.waitForSpace(Window.java:252) > {noformat} > Also note, that downgrade to 1.7.0: [3] didn't fix the problem either. Only > after downgrade to SSH 1.6.0: [4] the problem disappeared, and only warnings > left in the log: > {noformat} > [2019-09-18 09:24:52,755] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 12 > [2019-09-18 09:24:52,756] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 13 > [2019-09-18 09:25:02,576] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 15 > [2019-09-18 09:25:36,508] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 18 > [2019-09-18 09:25:57,527] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 19 > [2019-09-18 09:30:16,488] [NioProcessor-2] WARN > org.apache.sshd.server.session.ServerConnectionService : Received > SSH_MSG_CHANNEL_CLOSE on unknown channel 21 > {noformat} > [1] > [https://bugs.chromium.org/p/gerrit/issues/detail?id=11491|https://bugs.chromium.org/p/gerrit/issues/detail?id=11491;] > [2] [https://gerrit-review.googlesource.com/c/gerrit/+/207752] > [3] [https://gerrit-review.googlesource.com/c/gerrit/+/237730] > [4] [https://gerrit-review.googlesource.com/c/gerrit/+/237731] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-941) mina ssh client times out connecting with IOS 15.2
[ https://issues.apache.org/jira/browse/SSHD-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935309#comment-16935309 ] Thomas Wolf edited comment on SSHD-941 at 9/22/19 2:00 PM: --- {quote}what does {{SSH_BUG_DHGEX_LARGE}} control ? {quote} See commit [b282fec1aa05246ed3482270eb70fc3ec5f39a00|https://github.com/openssh/openssh-portable/commit/b282fec1aa05246ed3482270eb70fc3ec5f39a00] in OpenSSH-portable. More info including a ssh config work-around in the corresponding OpenSSH [bug 2209|https://bugzilla.mindrot.org/show_bug.cgi?id=2209]. was (Author: wolft): {quote}what does {{SSH_BUG_DHGEX_LARGE}} control ?{quote} See commit [b282fec1aa05246ed3482270eb70fc3ec5f39a00|https://github.com/openssh/openssh-portable/commit/b282fec1aa05246ed3482270eb70fc3ec5f39a00] in OpenSSH-portable. > mina ssh client times out connecting with IOS 15.2 > -- > > Key: SSHD-941 > URL: https://issues.apache.org/jira/browse/SSHD-941 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.0.0 >Reporter: Yuefeng >Priority: Major > > Other device is Cisco IOS 15.2 - > IOS-15#show version > Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version > 15.2(CML_NIGHTLY_20180510)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, > synced to V152_6_0_81_E > > apache.sshd always times out connecting to this device - > > {code:java} > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:68 - Client session created: > Nio2Session[local=/10.10.20.1:41950, remote=/10.10.20.25:22] > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.s.ClientUserAuthService:101 - > ClientUserAuthService(ClientSessionImpl[null@/10.10.20.25:22]) client > methods: [publickey, keyboard-interactive, password] > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:1569 - > sendIdentification(ClientSessionImpl[null@/10.10.20.25:22]): > SSH-2.0-SSHD-CORE-2.0.0 > 2019-09-12 20:42:30.560Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:1716 - > sendKexInit(ClientSessionImpl[null@/10.10.20.25:22]) Send SSH_MSG_KEXINIT > 2019-09-12 20:42:30.560Z [collector-55326-2] DEBUG > o.a.s.c.s.ClientUserAuthService:150 - > auth(ClientSessionImpl[admin@/10.10.20.25:22])[ssh-connection] send > SSH_MSG_USERAUTH_REQUEST for 'none' > 2019-09-12 20:42:30.564Z [collector-55326-2] DEBUG > o.a.s.c.session.ClientSessionImpl:1110 - > writePacket(ClientSessionImpl[admin@/10.10.20.25:22])[SSH_MSG_USERAUTH_REQUEST] > Start flagging packets as pending until key exchange is done > 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG > o.a.s.c.session.ClientSessionImpl:1653 - > doReadIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) > line='SSH-2.0-Cisco-1.25' > 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG > o.a.s.c.session.ClientSessionImpl:375 - > readIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) Server version > string: SSH-2.0-Cisco-1.25 > 2019-09-12 20:42:50.565Z [collector-55326-2] WARN > c.forwardnetworks.client.web.a.b.e:181 - SSH auth failed: > DefaultAuthFuture[ssh-connection]: Failed to get operation result within > specified timeout: 2 > org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: > Failed to get operation result within specified timeout: 2 > {code} > > ssh on linux has no problem connecting - > {code:java} > root@eve-ng:/opt/fwd/logs# ssh - admin@10.10.20.25 > OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 19: Applying options for * > debug2: resolving "10.10.20.25" port 22 > debug2: ssh_connect_direct: needpriv 0 > debug1: Connecting to 10.10.20.25 [10.10.20.25] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519 type -1 > debug1: key_load_public: No such file or directory >
[jira] [Commented] (SSHD-941) mina ssh client times out connecting with IOS 15.2
[ https://issues.apache.org/jira/browse/SSHD-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935309#comment-16935309 ] Thomas Wolf commented on SSHD-941: -- {quote}what does {{SSH_BUG_DHGEX_LARGE}} control ?{quote} See commit [b282fec1aa05246ed3482270eb70fc3ec5f39a00|https://github.com/openssh/openssh-portable/commit/b282fec1aa05246ed3482270eb70fc3ec5f39a00] in OpenSSH-portable. > mina ssh client times out connecting with IOS 15.2 > -- > > Key: SSHD-941 > URL: https://issues.apache.org/jira/browse/SSHD-941 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.0.0 >Reporter: Yuefeng >Priority: Major > > Other device is Cisco IOS 15.2 - > IOS-15#show version > Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version > 15.2(CML_NIGHTLY_20180510)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, > synced to V152_6_0_81_E > > apache.sshd always times out connecting to this device - > > {code:java} > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:68 - Client session created: > Nio2Session[local=/10.10.20.1:41950, remote=/10.10.20.25:22] > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.s.ClientUserAuthService:101 - > ClientUserAuthService(ClientSessionImpl[null@/10.10.20.25:22]) client > methods: [publickey, keyboard-interactive, password] > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:1569 - > sendIdentification(ClientSessionImpl[null@/10.10.20.25:22]): > SSH-2.0-SSHD-CORE-2.0.0 > 2019-09-12 20:42:30.560Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:1716 - > sendKexInit(ClientSessionImpl[null@/10.10.20.25:22]) Send SSH_MSG_KEXINIT > 2019-09-12 20:42:30.560Z [collector-55326-2] DEBUG > o.a.s.c.s.ClientUserAuthService:150 - > auth(ClientSessionImpl[admin@/10.10.20.25:22])[ssh-connection] send > SSH_MSG_USERAUTH_REQUEST for 'none' > 2019-09-12 20:42:30.564Z [collector-55326-2] DEBUG > o.a.s.c.session.ClientSessionImpl:1110 - > writePacket(ClientSessionImpl[admin@/10.10.20.25:22])[SSH_MSG_USERAUTH_REQUEST] > Start flagging packets as pending until key exchange is done > 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG > o.a.s.c.session.ClientSessionImpl:1653 - > doReadIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) > line='SSH-2.0-Cisco-1.25' > 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG > o.a.s.c.session.ClientSessionImpl:375 - > readIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) Server version > string: SSH-2.0-Cisco-1.25 > 2019-09-12 20:42:50.565Z [collector-55326-2] WARN > c.forwardnetworks.client.web.a.b.e:181 - SSH auth failed: > DefaultAuthFuture[ssh-connection]: Failed to get operation result within > specified timeout: 2 > org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: > Failed to get operation result within specified timeout: 2 > {code} > > ssh on linux has no problem connecting - > {code:java} > root@eve-ng:/opt/fwd/logs# ssh - admin@10.10.20.25 > OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 19: Applying options for * > debug2: resolving "10.10.20.25" port 22 > debug2: ssh_connect_direct: needpriv 0 > debug1: Connecting to 10.10.20.25 [10.10.20.25] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519 type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 > debug1: Remote protocol version 2.0, remote software version Cisco-1.25 > debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x6000 > debug2: fd 3 setting O_NONBLOCK > debug1: Authenticating to 10.10.20.25:22 as 'admin' > debug3: hostkeys_foreach: reading
[jira] [Comment Edited] (SSHD-941) mina ssh client times out connecting with IOS 15.2
[ https://issues.apache.org/jira/browse/SSHD-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935293#comment-16935293 ] Goldstein Lyor edited comment on SSHD-941 at 9/22/19 11:48 AM: --- Thx - will look into it, but specifically for {{SSH_BUG_HOSTKEYS}} MINA SSHD knows how to handle the {{hostkeys}} messages (see {{OpenSshHostKeysHandler}}) - unless your code disabled it or some other message is sent. In this context, what does {{SSH_BUG_DHGEX_LARGE}} control ? Note that you can conceivably debug the code on the client side and see what messages are sent by the server - then perhaps glean from that what cause it to hang. was (Author: lgoldstein): Thx - will look into it, but specifically for {{SSH_BUG_HOSTKEYS}} MINA SSHD knows how to handle the {{hostkeys}} messages (see {{OpenSshHostKeysHandler}}) - unless your code disabled it or some other message is sent. In this context, what does {{SSH_BUG_DHGEX_LARGE}} control ? > mina ssh client times out connecting with IOS 15.2 > -- > > Key: SSHD-941 > URL: https://issues.apache.org/jira/browse/SSHD-941 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.0.0 >Reporter: Yuefeng >Priority: Major > > Other device is Cisco IOS 15.2 - > IOS-15#show version > Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version > 15.2(CML_NIGHTLY_20180510)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, > synced to V152_6_0_81_E > > apache.sshd always times out connecting to this device - > > {code:java} > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:68 - Client session created: > Nio2Session[local=/10.10.20.1:41950, remote=/10.10.20.25:22] > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.s.ClientUserAuthService:101 - > ClientUserAuthService(ClientSessionImpl[null@/10.10.20.25:22]) client > methods: [publickey, keyboard-interactive, password] > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:1569 - > sendIdentification(ClientSessionImpl[null@/10.10.20.25:22]): > SSH-2.0-SSHD-CORE-2.0.0 > 2019-09-12 20:42:30.560Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:1716 - > sendKexInit(ClientSessionImpl[null@/10.10.20.25:22]) Send SSH_MSG_KEXINIT > 2019-09-12 20:42:30.560Z [collector-55326-2] DEBUG > o.a.s.c.s.ClientUserAuthService:150 - > auth(ClientSessionImpl[admin@/10.10.20.25:22])[ssh-connection] send > SSH_MSG_USERAUTH_REQUEST for 'none' > 2019-09-12 20:42:30.564Z [collector-55326-2] DEBUG > o.a.s.c.session.ClientSessionImpl:1110 - > writePacket(ClientSessionImpl[admin@/10.10.20.25:22])[SSH_MSG_USERAUTH_REQUEST] > Start flagging packets as pending until key exchange is done > 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG > o.a.s.c.session.ClientSessionImpl:1653 - > doReadIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) > line='SSH-2.0-Cisco-1.25' > 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG > o.a.s.c.session.ClientSessionImpl:375 - > readIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) Server version > string: SSH-2.0-Cisco-1.25 > 2019-09-12 20:42:50.565Z [collector-55326-2] WARN > c.forwardnetworks.client.web.a.b.e:181 - SSH auth failed: > DefaultAuthFuture[ssh-connection]: Failed to get operation result within > specified timeout: 2 > org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: > Failed to get operation result within specified timeout: 2 > {code} > > ssh on linux has no problem connecting - > {code:java} > root@eve-ng:/opt/fwd/logs# ssh - admin@10.10.20.25 > OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 19: Applying options for * > debug2: resolving "10.10.20.25" port 22 > debug2: ssh_connect_direct: needpriv 0 > debug1: Connecting to 10.10.20.25 [10.10.20.25] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > debug1:
[jira] [Commented] (SSHD-941) mina ssh client times out connecting with IOS 15.2
[ https://issues.apache.org/jira/browse/SSHD-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935293#comment-16935293 ] Goldstein Lyor commented on SSHD-941: - Thx - will look into it, but specifically for {{SSH_BUG_HOSTKEYS}} MINA SSHD knows how to handle the {{hostkeys}} messages (see {{OpenSshHostKeysHandler}}) - unless your code disabled it or some other message is sent. In this context, what does {{SSH_BUG_DHGEX_LARGE}} control ? > mina ssh client times out connecting with IOS 15.2 > -- > > Key: SSHD-941 > URL: https://issues.apache.org/jira/browse/SSHD-941 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.0.0 >Reporter: Yuefeng >Priority: Major > > Other device is Cisco IOS 15.2 - > IOS-15#show version > Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version > 15.2(CML_NIGHTLY_20180510)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, > synced to V152_6_0_81_E > > apache.sshd always times out connecting to this device - > > {code:java} > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:68 - Client session created: > Nio2Session[local=/10.10.20.1:41950, remote=/10.10.20.25:22] > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.s.ClientUserAuthService:101 - > ClientUserAuthService(ClientSessionImpl[null@/10.10.20.25:22]) client > methods: [publickey, keyboard-interactive, password] > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:1569 - > sendIdentification(ClientSessionImpl[null@/10.10.20.25:22]): > SSH-2.0-SSHD-CORE-2.0.0 > 2019-09-12 20:42:30.560Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:1716 - > sendKexInit(ClientSessionImpl[null@/10.10.20.25:22]) Send SSH_MSG_KEXINIT > 2019-09-12 20:42:30.560Z [collector-55326-2] DEBUG > o.a.s.c.s.ClientUserAuthService:150 - > auth(ClientSessionImpl[admin@/10.10.20.25:22])[ssh-connection] send > SSH_MSG_USERAUTH_REQUEST for 'none' > 2019-09-12 20:42:30.564Z [collector-55326-2] DEBUG > o.a.s.c.session.ClientSessionImpl:1110 - > writePacket(ClientSessionImpl[admin@/10.10.20.25:22])[SSH_MSG_USERAUTH_REQUEST] > Start flagging packets as pending until key exchange is done > 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG > o.a.s.c.session.ClientSessionImpl:1653 - > doReadIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) > line='SSH-2.0-Cisco-1.25' > 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG > o.a.s.c.session.ClientSessionImpl:375 - > readIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) Server version > string: SSH-2.0-Cisco-1.25 > 2019-09-12 20:42:50.565Z [collector-55326-2] WARN > c.forwardnetworks.client.web.a.b.e:181 - SSH auth failed: > DefaultAuthFuture[ssh-connection]: Failed to get operation result within > specified timeout: 2 > org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: > Failed to get operation result within specified timeout: 2 > {code} > > ssh on linux has no problem connecting - > {code:java} > root@eve-ng:/opt/fwd/logs# ssh - admin@10.10.20.25 > OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 19: Applying options for * > debug2: resolving "10.10.20.25" port 22 > debug2: ssh_connect_direct: needpriv 0 > debug1: Connecting to 10.10.20.25 [10.10.20.25] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519 type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 > debug1: Remote protocol version 2.0, remote software version Cisco-1.25 > debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x6000 > debug2: fd 3 setting O_NONBLOCK > debug1: Authenticating to