[jira] [Comment Edited] (SSHD-942) SSH session crashes on high latency network
[
https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935536#comment-16935536
]
Goldstein Lyor edited comment on SSHD-942 at 9/23/19 4:52 AM:
--
{quote}
Shouldn't there be a companion default listener that can be used, to detect
client protocol misbehavior problems , that you mentioned in your last comment?
{quote}
I added a {{ChannelIdTrackingUnknownChannelReferenceHandler}} implementation in
the _sshd-contrib_ package that behaves along the lines I have suggested.
was (Author: lgoldstein):
{quote}
Shouldn't there be a companion default listener that can be used, to detect
client protocol misbehavior problems , that you mentioned in your last comment?
{quote}
Yes, there should, but I am not 100% sure what it's recommended behavior should
be, and more important how to test it.
> SSH session crashes on high latency network
> ---
>
> Key: SSHD-942
> URL: https://issues.apache.org/jira/browse/SSHD-942
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 1.7.0, 2.0.0, 2.3.0
>Reporter: David Ostrovsky
>Assignee: Goldstein Lyor
>Priority: Major
>
> Gerrit users report problem: [1] with {{git clone/fetch/pull}} operations on
> high latency network, after upgrading Gerrit to 2.16.x from 2.15.x that
> effectively means upgrade of SSHD from 1.6.0 to 1.7.0 and to 2.0.0.
> The error on SSHD 2.0.0 (Gerrit 2.16) is:
> {noformat}
> [2019-09-16 10:27:14,256] [sshd-SshServer[24facb47]-nio2-thread-8] WARN
> org.apache.sshd.server.session.ServerSessionImpl :
> exceptionCaught(ServerSessionImpl[usexxx@/172.x.x.1:63306])[state=Opened]
> SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on
> unknown channel 0
> {noformat}
> Note that the attempt to upgrade SSHD in Gerrit to 2.3.0 in this CL: [2],
> didn't fix the problem:
> {noformat}
> [2019-09-17 14:05:27,923] [sshd-SshDaemon[189c6683](port=22)-nio2-thread-4]
> WARN org.apache.sshd.server.session.ServerSessionImpl :
> exceptionCaught(ServerSessionImpl[@/:55212])[state=Opened]
> SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on
> unknown channel 3
> [2019-09-17 14:05:27,924] [SSH git-upload-pack ()] ERROR
> com.google.gerrit.sshd.BaseCommand : Internal server error (user
> account 1000190) during git-upload-pack ''
> org.apache.sshd.common.channel.WindowClosedException: Already closed:
> Window[server/remote](ChannelSession[id=2,
> recipient=6]-ServerSessionImpl[@/:55212])
> at org.apache.sshd.common.channel.Window.waitForCondition(Window.java:302)
> at org.apache.sshd.common.channel.Window.waitForSpace(Window.java:252)
> {noformat}
> Also note, that downgrade to 1.7.0: [3] didn't fix the problem either. Only
> after downgrade to SSH 1.6.0: [4] the problem disappeared, and only warnings
> left in the log:
> {noformat}
> [2019-09-18 09:24:52,755] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 12
> [2019-09-18 09:24:52,756] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 13
> [2019-09-18 09:25:02,576] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 15
> [2019-09-18 09:25:36,508] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 18
> [2019-09-18 09:25:57,527] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 19
> [2019-09-18 09:30:16,488] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 21
> {noformat}
> [1]
> [https://bugs.chromium.org/p/gerrit/issues/detail?id=11491|https://bugs.chromium.org/p/gerrit/issues/detail?id=11491;]
> [2] [https://gerrit-review.googlesource.com/c/gerrit/+/207752]
> [3] [https://gerrit-review.googlesource.com/c/gerrit/+/237730]
> [4] [https://gerrit-review.googlesource.com/c/gerrit/+/237731]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-942) SSH session crashes on high latency network
[
https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935536#comment-16935536
]
Goldstein Lyor commented on SSHD-942:
-
{quote}
Shouldn't there be a companion default listener that can be used, to detect
client protocol misbehavior problems , that you mentioned in your last comment?
{quote}
Yes, there should, but I am not 100% sure what it's recommended behavior should
be, and more important how to test it.
> SSH session crashes on high latency network
> ---
>
> Key: SSHD-942
> URL: https://issues.apache.org/jira/browse/SSHD-942
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 1.7.0, 2.0.0, 2.3.0
>Reporter: David Ostrovsky
>Assignee: Goldstein Lyor
>Priority: Major
>
> Gerrit users report problem: [1] with {{git clone/fetch/pull}} operations on
> high latency network, after upgrading Gerrit to 2.16.x from 2.15.x that
> effectively means upgrade of SSHD from 1.6.0 to 1.7.0 and to 2.0.0.
> The error on SSHD 2.0.0 (Gerrit 2.16) is:
> {noformat}
> [2019-09-16 10:27:14,256] [sshd-SshServer[24facb47]-nio2-thread-8] WARN
> org.apache.sshd.server.session.ServerSessionImpl :
> exceptionCaught(ServerSessionImpl[usexxx@/172.x.x.1:63306])[state=Opened]
> SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on
> unknown channel 0
> {noformat}
> Note that the attempt to upgrade SSHD in Gerrit to 2.3.0 in this CL: [2],
> didn't fix the problem:
> {noformat}
> [2019-09-17 14:05:27,923] [sshd-SshDaemon[189c6683](port=22)-nio2-thread-4]
> WARN org.apache.sshd.server.session.ServerSessionImpl :
> exceptionCaught(ServerSessionImpl[@/:55212])[state=Opened]
> SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on
> unknown channel 3
> [2019-09-17 14:05:27,924] [SSH git-upload-pack ()] ERROR
> com.google.gerrit.sshd.BaseCommand : Internal server error (user
> account 1000190) during git-upload-pack ''
> org.apache.sshd.common.channel.WindowClosedException: Already closed:
> Window[server/remote](ChannelSession[id=2,
> recipient=6]-ServerSessionImpl[@/:55212])
> at org.apache.sshd.common.channel.Window.waitForCondition(Window.java:302)
> at org.apache.sshd.common.channel.Window.waitForSpace(Window.java:252)
> {noformat}
> Also note, that downgrade to 1.7.0: [3] didn't fix the problem either. Only
> after downgrade to SSH 1.6.0: [4] the problem disappeared, and only warnings
> left in the log:
> {noformat}
> [2019-09-18 09:24:52,755] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 12
> [2019-09-18 09:24:52,756] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 13
> [2019-09-18 09:25:02,576] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 15
> [2019-09-18 09:25:36,508] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 18
> [2019-09-18 09:25:57,527] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 19
> [2019-09-18 09:30:16,488] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 21
> {noformat}
> [1]
> [https://bugs.chromium.org/p/gerrit/issues/detail?id=11491|https://bugs.chromium.org/p/gerrit/issues/detail?id=11491;]
> [2] [https://gerrit-review.googlesource.com/c/gerrit/+/207752]
> [3] [https://gerrit-review.googlesource.com/c/gerrit/+/237730]
> [4] [https://gerrit-review.googlesource.com/c/gerrit/+/237731]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-942) SSH session crashes on high latency network
[
https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935402#comment-16935402
]
David Ostrovsky edited comment on SSHD-942 at 9/22/19 7:15 PM:
---
I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}}
that can be used, and in fact even {{BaseBuilder}} class makes use of it:
{code:java}
protected S fillWithDefaultValues() {
if (randomFactory == null) {
randomFactory = new
SingletonRandomFactory(SecurityUtils.getRandomFactory());
}
if (cipherFactories == null) {
cipherFactories = setUpDefaultCiphers(false);
}
if (macFactories == null) {
macFactories = setUpDefaultMacs(false);
}
if (fileSystemFactory == null) {
fileSystemFactory = DEFAULT_FILE_SYSTEM_FACTORY;
}
if (forwardingFilter == null) {
forwardingFilter = DEFAULT_FORWARDING_FILTER;
}
if (forwarderFactory == null) {
forwarderFactory = DEFAULT_FORWARDER_FACTORY;
}
if (unknownChannelReferenceHandler == null) {
unknownChannelReferenceHandler =
DEFAULT_UNKNOWN_CHANNEL_REFERENCE_HANDLER;
}
return me();
}
{code}
So that the fix was:
{code:java}
diff --git a/java/com/google/gerrit/sshd/SshDaemon.java
b/java/com/google/gerrit/sshd/SshDaemon.java
index ef356f1687..433e0e92dd 100644
--- a/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/java/com/google/gerrit/sshd/SshDaemon.java
@@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random;
import org.apache.sshd.common.random.SingletonRandomFactory;
import org.apache.sshd.common.session.ConnectionService;
import org.apache.sshd.common.session.Session;
+import
org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.apache.sshd.common.util.net.SshdSocketAddress;
@@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
initMacs(cfg);
initSignatures();
initChannels();
+initUnknownChannelReferenceHandler();
initForwarding();
initFileSystemFactory();
initSubsystems();
@@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES);
}
+ private void initUnknownChannelReferenceHandler() {
+
setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE);
+ }
+
private void initSubsystems() {
setSubsystemFactories(Collections.>emptyList());
}
{code}
Shouldn't there be a companion default listener that can be used, to detect
client protocol misbehavior problems , that you mentioned in your last comment?
was (Author: davido2):
I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}}
that can be used, and in fact even {{BaseBuilder}} class makes use of it:
{code:java}
protected S fillWithDefaultValues() {
if (randomFactory == null) {
randomFactory = new
SingletonRandomFactory(SecurityUtils.getRandomFactory());
}
if (cipherFactories == null) {
cipherFactories = setUpDefaultCiphers(false);
}
if (macFactories == null) {
macFactories = setUpDefaultMacs(false);
}
if (fileSystemFactory == null) {
fileSystemFactory = DEFAULT_FILE_SYSTEM_FACTORY;
}
if (forwardingFilter == null) {
forwardingFilter = DEFAULT_FORWARDING_FILTER;
}
if (forwarderFactory == null) {
forwarderFactory = DEFAULT_FORWARDER_FACTORY;
}
if (unknownChannelReferenceHandler == null) {
unknownChannelReferenceHandler =
DEFAULT_UNKNOWN_CHANNEL_REFERENCE_HANDLER;
}
return me();
}
{code}
So that the fix was:
{code:java}
diff --git a/java/com/google/gerrit/sshd/SshDaemon.java
b/java/com/google/gerrit/sshd/SshDaemon.java
index ef356f1687..433e0e92dd 100644
--- a/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/java/com/google/gerrit/sshd/SshDaemon.java
@@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random;
import org.apache.sshd.common.random.SingletonRandomFactory;
import org.apache.sshd.common.session.ConnectionService;
import org.apache.sshd.common.session.Session;
+import
org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.apache.sshd.common.util.net.SshdSocketAddress;
@@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
initMacs(cfg);
initSignatures();
[jira] [Comment Edited] (SSHD-942) SSH session crashes on high latency network
[
https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935402#comment-16935402
]
David Ostrovsky edited comment on SSHD-942 at 9/22/19 7:13 PM:
---
I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}}
that can be used, and in fact even {{BaseBuilder}} class makes use of it:
{code:java}
protected S fillWithDefaultValues() {
if (randomFactory == null) {
randomFactory = new
SingletonRandomFactory(SecurityUtils.getRandomFactory());
}
if (cipherFactories == null) {
cipherFactories = setUpDefaultCiphers(false);
}
if (macFactories == null) {
macFactories = setUpDefaultMacs(false);
}
if (fileSystemFactory == null) {
fileSystemFactory = DEFAULT_FILE_SYSTEM_FACTORY;
}
if (forwardingFilter == null) {
forwardingFilter = DEFAULT_FORWARDING_FILTER;
}
if (forwarderFactory == null) {
forwarderFactory = DEFAULT_FORWARDER_FACTORY;
}
if (unknownChannelReferenceHandler == null) {
unknownChannelReferenceHandler =
DEFAULT_UNKNOWN_CHANNEL_REFERENCE_HANDLER;
}
return me();
}
{code}
So that the fix was:
{code:java}
diff --git a/java/com/google/gerrit/sshd/SshDaemon.java
b/java/com/google/gerrit/sshd/SshDaemon.java
index ef356f1687..433e0e92dd 100644
--- a/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/java/com/google/gerrit/sshd/SshDaemon.java
@@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random;
import org.apache.sshd.common.random.SingletonRandomFactory;
import org.apache.sshd.common.session.ConnectionService;
import org.apache.sshd.common.session.Session;
+import
org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.apache.sshd.common.util.net.SshdSocketAddress;
@@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
initMacs(cfg);
initSignatures();
initChannels();
+initUnknownChannelReferenceHandler();
initForwarding();
initFileSystemFactory();
initSubsystems();
@@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES);
}
+ private void initUnknownChannelReferenceHandler() {
+
setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE);
+ }
+
private void initSubsystems() {
setSubsystemFactories(Collections.>emptyList());
}
{code}
Shouldn't there be a companion default listener that can be used, to detect
client misbehavior, that you mentioned in your last comment?
was (Author: davido2):
I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}}
that can be used, so that the fix was:
{code:java}
diff --git a/java/com/google/gerrit/sshd/SshDaemon.java
b/java/com/google/gerrit/sshd/SshDaemon.java
index ef356f1687..433e0e92dd 100644
--- a/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/java/com/google/gerrit/sshd/SshDaemon.java
@@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random;
import org.apache.sshd.common.random.SingletonRandomFactory;
import org.apache.sshd.common.session.ConnectionService;
import org.apache.sshd.common.session.Session;
+import
org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.apache.sshd.common.util.net.SshdSocketAddress;
@@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
initMacs(cfg);
initSignatures();
initChannels();
+initUnknownChannelReferenceHandler();
initForwarding();
initFileSystemFactory();
initSubsystems();
@@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES);
}
+ private void initUnknownChannelReferenceHandler() {
+
setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE);
+ }
+
private void initSubsystems() {
setSubsystemFactories(Collections.>emptyList());
}
{code}
Shouldn't there be a companion default listener that can be used, to detect
client misbehavior, that you mentioned in your last comment?
> SSH session crashes on high latency network
> ---
>
> Key: SSHD-942
> URL: https://issues.apache.org/jira/browse/SSHD-942
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 1.7.0, 2.0.0, 2.3.0
[jira] [Comment Edited] (SSHD-942) SSH session crashes on high latency network
[
https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935402#comment-16935402
]
David Ostrovsky edited comment on SSHD-942 at 9/22/19 7:11 PM:
---
I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}}
that can be used, so that the fix was:
{code:java}
diff --git a/java/com/google/gerrit/sshd/SshDaemon.java
b/java/com/google/gerrit/sshd/SshDaemon.java
index ef356f1687..433e0e92dd 100644
--- a/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/java/com/google/gerrit/sshd/SshDaemon.java
@@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random;
import org.apache.sshd.common.random.SingletonRandomFactory;
import org.apache.sshd.common.session.ConnectionService;
import org.apache.sshd.common.session.Session;
+import
org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.apache.sshd.common.util.net.SshdSocketAddress;
@@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
initMacs(cfg);
initSignatures();
initChannels();
+initUnknownChannelReferenceHandler();
initForwarding();
initFileSystemFactory();
initSubsystems();
@@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES);
}
+ private void initUnknownChannelReferenceHandler() {
+
setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE);
+ }
+
private void initSubsystems() {
setSubsystemFactories(Collections.>emptyList());
}
{code}
Shouldn't there be a companion default listener to detect client misbehavior,
that you mentioned in your last comment?
was (Author: davido2):
I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}}
that cane be used, so that the fix was:
{code:java}
diff --git a/java/com/google/gerrit/sshd/SshDaemon.java
b/java/com/google/gerrit/sshd/SshDaemon.java
index ef356f1687..433e0e92dd 100644
--- a/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/java/com/google/gerrit/sshd/SshDaemon.java
@@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random;
import org.apache.sshd.common.random.SingletonRandomFactory;
import org.apache.sshd.common.session.ConnectionService;
import org.apache.sshd.common.session.Session;
+import
org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.apache.sshd.common.util.net.SshdSocketAddress;
@@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
initMacs(cfg);
initSignatures();
initChannels();
+initUnknownChannelReferenceHandler();
initForwarding();
initFileSystemFactory();
initSubsystems();
@@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES);
}
+ private void initUnknownChannelReferenceHandler() {
+
setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE);
+ }
+
private void initSubsystems() {
setSubsystemFactories(Collections.>emptyList());
}
{code}
Shouldn't there be a companion default listener to detect client misbehavior,
that you mentioned in your last comment?
> SSH session crashes on high latency network
> ---
>
> Key: SSHD-942
> URL: https://issues.apache.org/jira/browse/SSHD-942
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 1.7.0, 2.0.0, 2.3.0
>Reporter: David Ostrovsky
>Assignee: Goldstein Lyor
>Priority: Major
>
> Gerrit users report problem: [1] with {{git clone/fetch/pull}} operations on
> high latency network, after upgrading Gerrit to 2.16.x from 2.15.x that
> effectively means upgrade of SSHD from 1.6.0 to 1.7.0 and to 2.0.0.
> The error on SSHD 2.0.0 (Gerrit 2.16) is:
> {noformat}
> [2019-09-16 10:27:14,256] [sshd-SshServer[24facb47]-nio2-thread-8] WARN
> org.apache.sshd.server.session.ServerSessionImpl :
> exceptionCaught(ServerSessionImpl[usexxx@/172.x.x.1:63306])[state=Opened]
> SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on
> unknown channel 0
> {noformat}
> Note that the attempt to upgrade SSHD in Gerrit to 2.3.0 in this CL: [2],
> didn't fix the problem:
> {noformat}
> [2019-09-17 14:05:27,923] [sshd-SshDaemon[189c6683](port=22)-nio2-thread-4]
> WARN org.apache.sshd.server.session.ServerSessionImpl :
>
[jira] [Comment Edited] (SSHD-942) SSH session crashes on high latency network
[
https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935402#comment-16935402
]
David Ostrovsky edited comment on SSHD-942 at 9/22/19 7:11 PM:
---
I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}}
that can be used, so that the fix was:
{code:java}
diff --git a/java/com/google/gerrit/sshd/SshDaemon.java
b/java/com/google/gerrit/sshd/SshDaemon.java
index ef356f1687..433e0e92dd 100644
--- a/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/java/com/google/gerrit/sshd/SshDaemon.java
@@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random;
import org.apache.sshd.common.random.SingletonRandomFactory;
import org.apache.sshd.common.session.ConnectionService;
import org.apache.sshd.common.session.Session;
+import
org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.apache.sshd.common.util.net.SshdSocketAddress;
@@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
initMacs(cfg);
initSignatures();
initChannels();
+initUnknownChannelReferenceHandler();
initForwarding();
initFileSystemFactory();
initSubsystems();
@@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES);
}
+ private void initUnknownChannelReferenceHandler() {
+
setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE);
+ }
+
private void initSubsystems() {
setSubsystemFactories(Collections.>emptyList());
}
{code}
Shouldn't there be a companion default listener that can be used, to detect
client misbehavior, that you mentioned in your last comment?
was (Author: davido2):
I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}}
that can be used, so that the fix was:
{code:java}
diff --git a/java/com/google/gerrit/sshd/SshDaemon.java
b/java/com/google/gerrit/sshd/SshDaemon.java
index ef356f1687..433e0e92dd 100644
--- a/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/java/com/google/gerrit/sshd/SshDaemon.java
@@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random;
import org.apache.sshd.common.random.SingletonRandomFactory;
import org.apache.sshd.common.session.ConnectionService;
import org.apache.sshd.common.session.Session;
+import
org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.apache.sshd.common.util.net.SshdSocketAddress;
@@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
initMacs(cfg);
initSignatures();
initChannels();
+initUnknownChannelReferenceHandler();
initForwarding();
initFileSystemFactory();
initSubsystems();
@@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES);
}
+ private void initUnknownChannelReferenceHandler() {
+
setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE);
+ }
+
private void initSubsystems() {
setSubsystemFactories(Collections.>emptyList());
}
{code}
Shouldn't there be a companion default listener to detect client misbehavior,
that you mentioned in your last comment?
> SSH session crashes on high latency network
> ---
>
> Key: SSHD-942
> URL: https://issues.apache.org/jira/browse/SSHD-942
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 1.7.0, 2.0.0, 2.3.0
>Reporter: David Ostrovsky
>Assignee: Goldstein Lyor
>Priority: Major
>
> Gerrit users report problem: [1] with {{git clone/fetch/pull}} operations on
> high latency network, after upgrading Gerrit to 2.16.x from 2.15.x that
> effectively means upgrade of SSHD from 1.6.0 to 1.7.0 and to 2.0.0.
> The error on SSHD 2.0.0 (Gerrit 2.16) is:
> {noformat}
> [2019-09-16 10:27:14,256] [sshd-SshServer[24facb47]-nio2-thread-8] WARN
> org.apache.sshd.server.session.ServerSessionImpl :
> exceptionCaught(ServerSessionImpl[usexxx@/172.x.x.1:63306])[state=Opened]
> SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on
> unknown channel 0
> {noformat}
> Note that the attempt to upgrade SSHD in Gerrit to 2.3.0 in this CL: [2],
> didn't fix the problem:
> {noformat}
> [2019-09-17 14:05:27,923] [sshd-SshDaemon[189c6683](port=22)-nio2-thread-4]
> WARN org.apache.sshd.server.session.ServerSessionImpl :
>
[jira] [Commented] (SSHD-942) SSH session crashes on high latency network
[
https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935402#comment-16935402
]
David Ostrovsky commented on SSHD-942:
--
I figured, that there is {{DefaultUnknownChannelReferenceHandler.INSTANCE}}
that cane be used, so that the fix was:
{code:java}
diff --git a/java/com/google/gerrit/sshd/SshDaemon.java
b/java/com/google/gerrit/sshd/SshDaemon.java
index ef356f1687..433e0e92dd 100644
--- a/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/java/com/google/gerrit/sshd/SshDaemon.java
@@ -89,6 +89,7 @@ import org.apache.sshd.common.random.Random;
import org.apache.sshd.common.random.SingletonRandomFactory;
import org.apache.sshd.common.session.ConnectionService;
import org.apache.sshd.common.session.Session;
+import
org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.apache.sshd.common.util.net.SshdSocketAddress;
@@ -226,6 +227,7 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
initMacs(cfg);
initSignatures();
initChannels();
+initUnknownChannelReferenceHandler();
initForwarding();
initFileSystemFactory();
initSubsystems();
@@ -653,6 +655,10 @@ public class SshDaemon extends SshServer implements
SshInfo, LifecycleListener {
setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES);
}
+ private void initUnknownChannelReferenceHandler() {
+
setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE);
+ }
+
private void initSubsystems() {
setSubsystemFactories(Collections.>emptyList());
}
{code}
Shouldn't there be a companion default listener to detect client misbehavior,
that you mentioned in your last comment?
> SSH session crashes on high latency network
> ---
>
> Key: SSHD-942
> URL: https://issues.apache.org/jira/browse/SSHD-942
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 1.7.0, 2.0.0, 2.3.0
>Reporter: David Ostrovsky
>Assignee: Goldstein Lyor
>Priority: Major
>
> Gerrit users report problem: [1] with {{git clone/fetch/pull}} operations on
> high latency network, after upgrading Gerrit to 2.16.x from 2.15.x that
> effectively means upgrade of SSHD from 1.6.0 to 1.7.0 and to 2.0.0.
> The error on SSHD 2.0.0 (Gerrit 2.16) is:
> {noformat}
> [2019-09-16 10:27:14,256] [sshd-SshServer[24facb47]-nio2-thread-8] WARN
> org.apache.sshd.server.session.ServerSessionImpl :
> exceptionCaught(ServerSessionImpl[usexxx@/172.x.x.1:63306])[state=Opened]
> SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on
> unknown channel 0
> {noformat}
> Note that the attempt to upgrade SSHD in Gerrit to 2.3.0 in this CL: [2],
> didn't fix the problem:
> {noformat}
> [2019-09-17 14:05:27,923] [sshd-SshDaemon[189c6683](port=22)-nio2-thread-4]
> WARN org.apache.sshd.server.session.ServerSessionImpl :
> exceptionCaught(ServerSessionImpl[@/:55212])[state=Opened]
> SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on
> unknown channel 3
> [2019-09-17 14:05:27,924] [SSH git-upload-pack ()] ERROR
> com.google.gerrit.sshd.BaseCommand : Internal server error (user
> account 1000190) during git-upload-pack ''
> org.apache.sshd.common.channel.WindowClosedException: Already closed:
> Window[server/remote](ChannelSession[id=2,
> recipient=6]-ServerSessionImpl[@/:55212])
> at org.apache.sshd.common.channel.Window.waitForCondition(Window.java:302)
> at org.apache.sshd.common.channel.Window.waitForSpace(Window.java:252)
> {noformat}
> Also note, that downgrade to 1.7.0: [3] didn't fix the problem either. Only
> after downgrade to SSH 1.6.0: [4] the problem disappeared, and only warnings
> left in the log:
> {noformat}
> [2019-09-18 09:24:52,755] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 12
> [2019-09-18 09:24:52,756] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 13
> [2019-09-18 09:25:02,576] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 15
> [2019-09-18 09:25:36,508] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 18
> [2019-09-18 09:25:57,527] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 19
> [2019-09-18 09:30:16,488] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
>
[jira] [Commented] (SSHD-941) mina ssh client times out connecting with IOS 15.2
[
https://issues.apache.org/jira/browse/SSHD-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935361#comment-16935361
]
Goldstein Lyor commented on SSHD-941:
-
Thanks a lot [~wolft] for the valuable information. Assuming this is what is
causing this problem there are 2 possible workarounds:
1. define system property {{org.apache.sshd.maxDHGexKeySize=4096}} (or whatever
lower value is needed)
2. drop {{dhgex}} and {{dhgex256}} key exachange factories from the client setup
> mina ssh client times out connecting with IOS 15.2
> --
>
> Key: SSHD-941
> URL: https://issues.apache.org/jira/browse/SSHD-941
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.0.0
>Reporter: Yuefeng
>Priority: Major
>
> Other device is Cisco IOS 15.2 -
> IOS-15#show version
> Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version
> 15.2(CML_NIGHTLY_20180510)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD,
> synced to V152_6_0_81_E
>
> apache.sshd always times out connecting to this device -
>
> {code:java}
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:68 - Client session created:
> Nio2Session[local=/10.10.20.1:41950, remote=/10.10.20.25:22]
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.s.ClientUserAuthService:101 -
> ClientUserAuthService(ClientSessionImpl[null@/10.10.20.25:22]) client
> methods: [publickey, keyboard-interactive, password]
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:1569 -
> sendIdentification(ClientSessionImpl[null@/10.10.20.25:22]):
> SSH-2.0-SSHD-CORE-2.0.0
> 2019-09-12 20:42:30.560Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:1716 -
> sendKexInit(ClientSessionImpl[null@/10.10.20.25:22]) Send SSH_MSG_KEXINIT
> 2019-09-12 20:42:30.560Z [collector-55326-2] DEBUG
> o.a.s.c.s.ClientUserAuthService:150 -
> auth(ClientSessionImpl[admin@/10.10.20.25:22])[ssh-connection] send
> SSH_MSG_USERAUTH_REQUEST for 'none'
> 2019-09-12 20:42:30.564Z [collector-55326-2] DEBUG
> o.a.s.c.session.ClientSessionImpl:1110 -
> writePacket(ClientSessionImpl[admin@/10.10.20.25:22])[SSH_MSG_USERAUTH_REQUEST]
> Start flagging packets as pending until key exchange is done
> 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG
> o.a.s.c.session.ClientSessionImpl:1653 -
> doReadIdentification(ClientSessionImpl[admin@/10.10.20.25:22])
> line='SSH-2.0-Cisco-1.25'
> 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG
> o.a.s.c.session.ClientSessionImpl:375 -
> readIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) Server version
> string: SSH-2.0-Cisco-1.25
> 2019-09-12 20:42:50.565Z [collector-55326-2] WARN
> c.forwardnetworks.client.web.a.b.e:181 - SSH auth failed:
> DefaultAuthFuture[ssh-connection]: Failed to get operation result within
> specified timeout: 2
> org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
> Failed to get operation result within specified timeout: 2
> {code}
>
> ssh on linux has no problem connecting -
> {code:java}
> root@eve-ng:/opt/fwd/logs# ssh - admin@10.10.20.25
> OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug2: resolving "10.10.20.25" port 22
> debug2: ssh_connect_direct: needpriv 0
> debug1: Connecting to 10.10.20.25 [10.10.20.25] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ecdsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
> debug1: Remote protocol version 2.0, remote software version Cisco-1.25
> debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x6000
> debug2: fd 3 setting
[jira] [Resolved] (SSHD-942) SSH session crashes on high latency network
[
https://issues.apache.org/jira/browse/SSHD-942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Goldstein Lyor resolved SSHD-942.
-
Assignee: Goldstein Lyor
Resolution: Workaround
> SSH session crashes on high latency network
> ---
>
> Key: SSHD-942
> URL: https://issues.apache.org/jira/browse/SSHD-942
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 1.7.0, 2.0.0, 2.3.0
>Reporter: David Ostrovsky
>Assignee: Goldstein Lyor
>Priority: Major
>
> Gerrit users report problem: [1] with {{git clone/fetch/pull}} operations on
> high latency network, after upgrading Gerrit to 2.16.x from 2.15.x that
> effectively means upgrade of SSHD from 1.6.0 to 1.7.0 and to 2.0.0.
> The error on SSHD 2.0.0 (Gerrit 2.16) is:
> {noformat}
> [2019-09-16 10:27:14,256] [sshd-SshServer[24facb47]-nio2-thread-8] WARN
> org.apache.sshd.server.session.ServerSessionImpl :
> exceptionCaught(ServerSessionImpl[usexxx@/172.x.x.1:63306])[state=Opened]
> SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on
> unknown channel 0
> {noformat}
> Note that the attempt to upgrade SSHD in Gerrit to 2.3.0 in this CL: [2],
> didn't fix the problem:
> {noformat}
> [2019-09-17 14:05:27,923] [sshd-SshDaemon[189c6683](port=22)-nio2-thread-4]
> WARN org.apache.sshd.server.session.ServerSessionImpl :
> exceptionCaught(ServerSessionImpl[@/:55212])[state=Opened]
> SshChannelNotFoundException: Received SSH_MSG_CHANNEL_WINDOW_ADJUST on
> unknown channel 3
> [2019-09-17 14:05:27,924] [SSH git-upload-pack ()] ERROR
> com.google.gerrit.sshd.BaseCommand : Internal server error (user
> account 1000190) during git-upload-pack ''
> org.apache.sshd.common.channel.WindowClosedException: Already closed:
> Window[server/remote](ChannelSession[id=2,
> recipient=6]-ServerSessionImpl[@/:55212])
> at org.apache.sshd.common.channel.Window.waitForCondition(Window.java:302)
> at org.apache.sshd.common.channel.Window.waitForSpace(Window.java:252)
> {noformat}
> Also note, that downgrade to 1.7.0: [3] didn't fix the problem either. Only
> after downgrade to SSH 1.6.0: [4] the problem disappeared, and only warnings
> left in the log:
> {noformat}
> [2019-09-18 09:24:52,755] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 12
> [2019-09-18 09:24:52,756] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 13
> [2019-09-18 09:25:02,576] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 15
> [2019-09-18 09:25:36,508] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 18
> [2019-09-18 09:25:57,527] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 19
> [2019-09-18 09:30:16,488] [NioProcessor-2] WARN
> org.apache.sshd.server.session.ServerConnectionService : Received
> SSH_MSG_CHANNEL_CLOSE on unknown channel 21
> {noformat}
> [1]
> [https://bugs.chromium.org/p/gerrit/issues/detail?id=11491|https://bugs.chromium.org/p/gerrit/issues/detail?id=11491;]
> [2] [https://gerrit-review.googlesource.com/c/gerrit/+/207752]
> [3] [https://gerrit-review.googlesource.com/c/gerrit/+/237730]
> [4] [https://gerrit-review.googlesource.com/c/gerrit/+/237731]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-941) mina ssh client times out connecting with IOS 15.2
[
https://issues.apache.org/jira/browse/SSHD-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935309#comment-16935309
]
Thomas Wolf edited comment on SSHD-941 at 9/22/19 2:00 PM:
---
{quote}what does {{SSH_BUG_DHGEX_LARGE}} control ?
{quote}
See commit
[b282fec1aa05246ed3482270eb70fc3ec5f39a00|https://github.com/openssh/openssh-portable/commit/b282fec1aa05246ed3482270eb70fc3ec5f39a00]
in OpenSSH-portable.
More info including a ssh config work-around in the corresponding OpenSSH [bug
2209|https://bugzilla.mindrot.org/show_bug.cgi?id=2209].
was (Author: wolft):
{quote}what does {{SSH_BUG_DHGEX_LARGE}} control ?{quote}
See commit
[b282fec1aa05246ed3482270eb70fc3ec5f39a00|https://github.com/openssh/openssh-portable/commit/b282fec1aa05246ed3482270eb70fc3ec5f39a00]
in OpenSSH-portable.
> mina ssh client times out connecting with IOS 15.2
> --
>
> Key: SSHD-941
> URL: https://issues.apache.org/jira/browse/SSHD-941
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.0.0
>Reporter: Yuefeng
>Priority: Major
>
> Other device is Cisco IOS 15.2 -
> IOS-15#show version
> Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version
> 15.2(CML_NIGHTLY_20180510)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD,
> synced to V152_6_0_81_E
>
> apache.sshd always times out connecting to this device -
>
> {code:java}
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:68 - Client session created:
> Nio2Session[local=/10.10.20.1:41950, remote=/10.10.20.25:22]
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.s.ClientUserAuthService:101 -
> ClientUserAuthService(ClientSessionImpl[null@/10.10.20.25:22]) client
> methods: [publickey, keyboard-interactive, password]
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:1569 -
> sendIdentification(ClientSessionImpl[null@/10.10.20.25:22]):
> SSH-2.0-SSHD-CORE-2.0.0
> 2019-09-12 20:42:30.560Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:1716 -
> sendKexInit(ClientSessionImpl[null@/10.10.20.25:22]) Send SSH_MSG_KEXINIT
> 2019-09-12 20:42:30.560Z [collector-55326-2] DEBUG
> o.a.s.c.s.ClientUserAuthService:150 -
> auth(ClientSessionImpl[admin@/10.10.20.25:22])[ssh-connection] send
> SSH_MSG_USERAUTH_REQUEST for 'none'
> 2019-09-12 20:42:30.564Z [collector-55326-2] DEBUG
> o.a.s.c.session.ClientSessionImpl:1110 -
> writePacket(ClientSessionImpl[admin@/10.10.20.25:22])[SSH_MSG_USERAUTH_REQUEST]
> Start flagging packets as pending until key exchange is done
> 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG
> o.a.s.c.session.ClientSessionImpl:1653 -
> doReadIdentification(ClientSessionImpl[admin@/10.10.20.25:22])
> line='SSH-2.0-Cisco-1.25'
> 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG
> o.a.s.c.session.ClientSessionImpl:375 -
> readIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) Server version
> string: SSH-2.0-Cisco-1.25
> 2019-09-12 20:42:50.565Z [collector-55326-2] WARN
> c.forwardnetworks.client.web.a.b.e:181 - SSH auth failed:
> DefaultAuthFuture[ssh-connection]: Failed to get operation result within
> specified timeout: 2
> org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
> Failed to get operation result within specified timeout: 2
> {code}
>
> ssh on linux has no problem connecting -
> {code:java}
> root@eve-ng:/opt/fwd/logs# ssh - admin@10.10.20.25
> OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug2: resolving "10.10.20.25" port 22
> debug2: ssh_connect_direct: needpriv 0
> debug1: Connecting to 10.10.20.25 [10.10.20.25] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ecdsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory
>
[jira] [Commented] (SSHD-941) mina ssh client times out connecting with IOS 15.2
[
https://issues.apache.org/jira/browse/SSHD-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935309#comment-16935309
]
Thomas Wolf commented on SSHD-941:
--
{quote}what does {{SSH_BUG_DHGEX_LARGE}} control ?{quote}
See commit
[b282fec1aa05246ed3482270eb70fc3ec5f39a00|https://github.com/openssh/openssh-portable/commit/b282fec1aa05246ed3482270eb70fc3ec5f39a00]
in OpenSSH-portable.
> mina ssh client times out connecting with IOS 15.2
> --
>
> Key: SSHD-941
> URL: https://issues.apache.org/jira/browse/SSHD-941
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.0.0
>Reporter: Yuefeng
>Priority: Major
>
> Other device is Cisco IOS 15.2 -
> IOS-15#show version
> Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version
> 15.2(CML_NIGHTLY_20180510)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD,
> synced to V152_6_0_81_E
>
> apache.sshd always times out connecting to this device -
>
> {code:java}
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:68 - Client session created:
> Nio2Session[local=/10.10.20.1:41950, remote=/10.10.20.25:22]
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.s.ClientUserAuthService:101 -
> ClientUserAuthService(ClientSessionImpl[null@/10.10.20.25:22]) client
> methods: [publickey, keyboard-interactive, password]
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:1569 -
> sendIdentification(ClientSessionImpl[null@/10.10.20.25:22]):
> SSH-2.0-SSHD-CORE-2.0.0
> 2019-09-12 20:42:30.560Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:1716 -
> sendKexInit(ClientSessionImpl[null@/10.10.20.25:22]) Send SSH_MSG_KEXINIT
> 2019-09-12 20:42:30.560Z [collector-55326-2] DEBUG
> o.a.s.c.s.ClientUserAuthService:150 -
> auth(ClientSessionImpl[admin@/10.10.20.25:22])[ssh-connection] send
> SSH_MSG_USERAUTH_REQUEST for 'none'
> 2019-09-12 20:42:30.564Z [collector-55326-2] DEBUG
> o.a.s.c.session.ClientSessionImpl:1110 -
> writePacket(ClientSessionImpl[admin@/10.10.20.25:22])[SSH_MSG_USERAUTH_REQUEST]
> Start flagging packets as pending until key exchange is done
> 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG
> o.a.s.c.session.ClientSessionImpl:1653 -
> doReadIdentification(ClientSessionImpl[admin@/10.10.20.25:22])
> line='SSH-2.0-Cisco-1.25'
> 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG
> o.a.s.c.session.ClientSessionImpl:375 -
> readIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) Server version
> string: SSH-2.0-Cisco-1.25
> 2019-09-12 20:42:50.565Z [collector-55326-2] WARN
> c.forwardnetworks.client.web.a.b.e:181 - SSH auth failed:
> DefaultAuthFuture[ssh-connection]: Failed to get operation result within
> specified timeout: 2
> org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
> Failed to get operation result within specified timeout: 2
> {code}
>
> ssh on linux has no problem connecting -
> {code:java}
> root@eve-ng:/opt/fwd/logs# ssh - admin@10.10.20.25
> OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug2: resolving "10.10.20.25" port 22
> debug2: ssh_connect_direct: needpriv 0
> debug1: Connecting to 10.10.20.25 [10.10.20.25] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ecdsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
> debug1: Remote protocol version 2.0, remote software version Cisco-1.25
> debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x6000
> debug2: fd 3 setting O_NONBLOCK
> debug1: Authenticating to 10.10.20.25:22 as 'admin'
> debug3: hostkeys_foreach: reading
[jira] [Comment Edited] (SSHD-941) mina ssh client times out connecting with IOS 15.2
[
https://issues.apache.org/jira/browse/SSHD-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935293#comment-16935293
]
Goldstein Lyor edited comment on SSHD-941 at 9/22/19 11:48 AM:
---
Thx - will look into it, but specifically for {{SSH_BUG_HOSTKEYS}} MINA SSHD
knows how to handle the {{hostkeys}} messages (see {{OpenSshHostKeysHandler}})
- unless your code disabled it or some other message is sent. In this context,
what does {{SSH_BUG_DHGEX_LARGE}} control ?
Note that you can conceivably debug the code on the client side and see what
messages are sent by the server - then perhaps glean from that what cause it to
hang.
was (Author: lgoldstein):
Thx - will look into it, but specifically for {{SSH_BUG_HOSTKEYS}} MINA SSHD
knows how to handle the {{hostkeys}} messages (see {{OpenSshHostKeysHandler}})
- unless your code disabled it or some other message is sent. In this context,
what does {{SSH_BUG_DHGEX_LARGE}} control ?
> mina ssh client times out connecting with IOS 15.2
> --
>
> Key: SSHD-941
> URL: https://issues.apache.org/jira/browse/SSHD-941
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.0.0
>Reporter: Yuefeng
>Priority: Major
>
> Other device is Cisco IOS 15.2 -
> IOS-15#show version
> Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version
> 15.2(CML_NIGHTLY_20180510)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD,
> synced to V152_6_0_81_E
>
> apache.sshd always times out connecting to this device -
>
> {code:java}
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:68 - Client session created:
> Nio2Session[local=/10.10.20.1:41950, remote=/10.10.20.25:22]
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.s.ClientUserAuthService:101 -
> ClientUserAuthService(ClientSessionImpl[null@/10.10.20.25:22]) client
> methods: [publickey, keyboard-interactive, password]
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:1569 -
> sendIdentification(ClientSessionImpl[null@/10.10.20.25:22]):
> SSH-2.0-SSHD-CORE-2.0.0
> 2019-09-12 20:42:30.560Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:1716 -
> sendKexInit(ClientSessionImpl[null@/10.10.20.25:22]) Send SSH_MSG_KEXINIT
> 2019-09-12 20:42:30.560Z [collector-55326-2] DEBUG
> o.a.s.c.s.ClientUserAuthService:150 -
> auth(ClientSessionImpl[admin@/10.10.20.25:22])[ssh-connection] send
> SSH_MSG_USERAUTH_REQUEST for 'none'
> 2019-09-12 20:42:30.564Z [collector-55326-2] DEBUG
> o.a.s.c.session.ClientSessionImpl:1110 -
> writePacket(ClientSessionImpl[admin@/10.10.20.25:22])[SSH_MSG_USERAUTH_REQUEST]
> Start flagging packets as pending until key exchange is done
> 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG
> o.a.s.c.session.ClientSessionImpl:1653 -
> doReadIdentification(ClientSessionImpl[admin@/10.10.20.25:22])
> line='SSH-2.0-Cisco-1.25'
> 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG
> o.a.s.c.session.ClientSessionImpl:375 -
> readIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) Server version
> string: SSH-2.0-Cisco-1.25
> 2019-09-12 20:42:50.565Z [collector-55326-2] WARN
> c.forwardnetworks.client.web.a.b.e:181 - SSH auth failed:
> DefaultAuthFuture[ssh-connection]: Failed to get operation result within
> specified timeout: 2
> org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
> Failed to get operation result within specified timeout: 2
> {code}
>
> ssh on linux has no problem connecting -
> {code:java}
> root@eve-ng:/opt/fwd/logs# ssh - admin@10.10.20.25
> OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug2: resolving "10.10.20.25" port 22
> debug2: ssh_connect_direct: needpriv 0
> debug1: Connecting to 10.10.20.25 [10.10.20.25] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ecdsa-cert type -1
> debug1:
[jira] [Commented] (SSHD-941) mina ssh client times out connecting with IOS 15.2
[
https://issues.apache.org/jira/browse/SSHD-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935293#comment-16935293
]
Goldstein Lyor commented on SSHD-941:
-
Thx - will look into it, but specifically for {{SSH_BUG_HOSTKEYS}} MINA SSHD
knows how to handle the {{hostkeys}} messages (see {{OpenSshHostKeysHandler}})
- unless your code disabled it or some other message is sent. In this context,
what does {{SSH_BUG_DHGEX_LARGE}} control ?
> mina ssh client times out connecting with IOS 15.2
> --
>
> Key: SSHD-941
> URL: https://issues.apache.org/jira/browse/SSHD-941
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.0.0
>Reporter: Yuefeng
>Priority: Major
>
> Other device is Cisco IOS 15.2 -
> IOS-15#show version
> Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version
> 15.2(CML_NIGHTLY_20180510)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD,
> synced to V152_6_0_81_E
>
> apache.sshd always times out connecting to this device -
>
> {code:java}
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:68 - Client session created:
> Nio2Session[local=/10.10.20.1:41950, remote=/10.10.20.25:22]
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.s.ClientUserAuthService:101 -
> ClientUserAuthService(ClientSessionImpl[null@/10.10.20.25:22]) client
> methods: [publickey, keyboard-interactive, password]
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:1569 -
> sendIdentification(ClientSessionImpl[null@/10.10.20.25:22]):
> SSH-2.0-SSHD-CORE-2.0.0
> 2019-09-12 20:42:30.560Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:1716 -
> sendKexInit(ClientSessionImpl[null@/10.10.20.25:22]) Send SSH_MSG_KEXINIT
> 2019-09-12 20:42:30.560Z [collector-55326-2] DEBUG
> o.a.s.c.s.ClientUserAuthService:150 -
> auth(ClientSessionImpl[admin@/10.10.20.25:22])[ssh-connection] send
> SSH_MSG_USERAUTH_REQUEST for 'none'
> 2019-09-12 20:42:30.564Z [collector-55326-2] DEBUG
> o.a.s.c.session.ClientSessionImpl:1110 -
> writePacket(ClientSessionImpl[admin@/10.10.20.25:22])[SSH_MSG_USERAUTH_REQUEST]
> Start flagging packets as pending until key exchange is done
> 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG
> o.a.s.c.session.ClientSessionImpl:1653 -
> doReadIdentification(ClientSessionImpl[admin@/10.10.20.25:22])
> line='SSH-2.0-Cisco-1.25'
> 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG
> o.a.s.c.session.ClientSessionImpl:375 -
> readIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) Server version
> string: SSH-2.0-Cisco-1.25
> 2019-09-12 20:42:50.565Z [collector-55326-2] WARN
> c.forwardnetworks.client.web.a.b.e:181 - SSH auth failed:
> DefaultAuthFuture[ssh-connection]: Failed to get operation result within
> specified timeout: 2
> org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
> Failed to get operation result within specified timeout: 2
> {code}
>
> ssh on linux has no problem connecting -
> {code:java}
> root@eve-ng:/opt/fwd/logs# ssh - admin@10.10.20.25
> OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug2: resolving "10.10.20.25" port 22
> debug2: ssh_connect_direct: needpriv 0
> debug1: Connecting to 10.10.20.25 [10.10.20.25] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ecdsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
> debug1: Remote protocol version 2.0, remote software version Cisco-1.25
> debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x6000
> debug2: fd 3 setting O_NONBLOCK
> debug1: Authenticating to
