[jira] [Commented] (SSHD-968) SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is replied with SSH_MSG_UNSUPPORTED
[
https://issues.apache.org/jira/browse/SSHD-968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17043003#comment-17043003
]
Lyor Goldstein commented on SSHD-968:
-
I am afraid I don't have good news - I have examined the code in the hopes that
we can somehow expose the sequence number of the sent message. While it is
technically possible it poses many challenges especially to the encode/decode
loops - which are at the very heart of the packets management mechanism. I am
not sure the benefit is worth the risk at this time...
> SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is replied
> with SSH_MSG_UNSUPPORTED
> --
>
> Key: SSHD-968
> URL: https://issues.apache.org/jira/browse/SSHD-968
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 2.3.0
> Environment: Windows 10
>Reporter: Patrik Ek
>Assignee: Lyor Goldstein
>Priority: Major
>
> In case SSH_MSG_GLOBAL_REQUEST is not supported by the remote SSH server, the
> keep-alive heartbeat times out. The reason for this is SSH_MSG_UNIMPLEMENTED
> is only logged in
> {color:#172b4d}org.apache.sshd.common.session.helpers{color}.AbstractSession
> The method identifying the SSH_MSG_UNIMPLEMENTED is called
> AbstractSession.doHandleMessage()
> The consequense is that no reply is received and the heartbeat times out
> instead of calling AbstractSession.requestFailure(). Which in turn leads to
> the session terminates.
> According to RFC 4253 sect. 11.4
> ({color:#004000}https://tools.ietf.org/html/rfc4253#section-11.4{color}) the
> SSH_MSG_UNIMPLEMENTED is meant to be ignored, but this makes little sense for
> a heartbeat, as even SSH_MSG_UNIMPLEMENTED is good enough to count as a reply
> for this. This is for example the case in OpenSSH, where
> SSH_MSG_UNIMPLEMENTED replies for heartbeat, does not lead to a termination
> of the SSH session.
> There is a workaround released in 2.1.1, to use
> ReservedSessionMessagesHandler for handling replies, but this does not allow
> access to the method AbstractSession.requestFailure() (without using
> reflection so to say). Further, the heartbeat is ongoing in the background,
> so there is no good solution to this problem from outside of the framework.
> https://issues.apache.org/jira/browse/SSHD-887?jql=project%20%3D%20SSHD%20AND%20fixVersion%20%3D%202.1.1
> Would this be possible to fix? The reason I write it here is because the bug
> seems to existing up to some version of libssh, even for the SSHv2 protocol,
> so just writing a bug report on the particular server will not solve the
> problems for already existing implementations using libssh.
> The following config is used,
> SshClient client =
> SshClient.setUpDefaultClient(){color:#cc7832};{color}{color:#808080}
> {color} {color:#172b4d}PropertyResolverUtils.updateProperty(client,
> ClientFactoryManager.HEARTBEAT_INTERVAL, 15000);
>
> PropertyResolverUtils.updateProperty(client,ClientFactoryManager.HEARTBEAT_REPLY_WAIT,
> 3);
>
> PropertyResolverUtils.updateProperty(client,ClientFactoryManager.HEARTBEAT_REQUEST,
> "keepal...@openssh.com");{color}
> {color:#cc7832}{color:#172b4d}BR{color}
> {color:#172b4d}Patrik{color}
> {color}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-968) SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is replied with SSH_MSG_UNSUPPORTED
[
https://issues.apache.org/jira/browse/SSHD-968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17043001#comment-17043001
]
Lyor Goldstein commented on SSHD-968:
-
{quote}
This is true, but the server is netopeer-server, used by a lot of people,
replying with "sorry this is a server issue", is not an option for us. Further,
the bug is not in netopeer itself, but in libssh, which is one of the most
common ssh libraries for linux (openssh works just fine though). I must assume
this is fixed in the latest release, but I suppose there are thousands of
servers out there not yet upgraded.
{quote}
I understand and empathize - but our R&D resources are extremely scarce - so we
have to invest them where the vast majority of users are, I am not sure how
many "used by a lot of people" is in this case since this is the 1st time we
encountered this request. Perhaps in a specific niche netopeer-server is very
popular, but in the server world OpenSSH is most widely used, and we interact
with it smoothly.
{quote}
One of your comments is lost now, but knowing what message returning
SSH_MSG_UNIMPLEMENTED can be done using the message ID. The
SSH_MSG_UNIMPLEMENTED will return the message ID for the message it sent
SSH_MSG_UNIMPLEMENTED for.
{quote}
Seems an avenue for a fix, but it's not as simple as that since the sent
message ID of the {{SSH_MSG_GLOBAL_REQUEST}} is not exposed for the heartbeat
code. Furthermore, some non-trivial tracking logic is required as well,
Bottom line - I will look into it (in the very little spare time I have) but I
doubt very much that an easy/quick solution is available. I know it's not
much, but we welcome contributions and you are welcome to write a solution if
you can afford the R&D effort. Let me warn you though that the code flow is
not trivial to follow - even for us who maintain it.
> SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is replied
> with SSH_MSG_UNSUPPORTED
> --
>
> Key: SSHD-968
> URL: https://issues.apache.org/jira/browse/SSHD-968
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 2.3.0
> Environment: Windows 10
>Reporter: Patrik Ek
>Assignee: Lyor Goldstein
>Priority: Major
>
> In case SSH_MSG_GLOBAL_REQUEST is not supported by the remote SSH server, the
> keep-alive heartbeat times out. The reason for this is SSH_MSG_UNIMPLEMENTED
> is only logged in
> {color:#172b4d}org.apache.sshd.common.session.helpers{color}.AbstractSession
> The method identifying the SSH_MSG_UNIMPLEMENTED is called
> AbstractSession.doHandleMessage()
> The consequense is that no reply is received and the heartbeat times out
> instead of calling AbstractSession.requestFailure(). Which in turn leads to
> the session terminates.
> According to RFC 4253 sect. 11.4
> ({color:#004000}https://tools.ietf.org/html/rfc4253#section-11.4{color}) the
> SSH_MSG_UNIMPLEMENTED is meant to be ignored, but this makes little sense for
> a heartbeat, as even SSH_MSG_UNIMPLEMENTED is good enough to count as a reply
> for this. This is for example the case in OpenSSH, where
> SSH_MSG_UNIMPLEMENTED replies for heartbeat, does not lead to a termination
> of the SSH session.
> There is a workaround released in 2.1.1, to use
> ReservedSessionMessagesHandler for handling replies, but this does not allow
> access to the method AbstractSession.requestFailure() (without using
> reflection so to say). Further, the heartbeat is ongoing in the background,
> so there is no good solution to this problem from outside of the framework.
> https://issues.apache.org/jira/browse/SSHD-887?jql=project%20%3D%20SSHD%20AND%20fixVersion%20%3D%202.1.1
> Would this be possible to fix? The reason I write it here is because the bug
> seems to existing up to some version of libssh, even for the SSHv2 protocol,
> so just writing a bug report on the particular server will not solve the
> problems for already existing implementations using libssh.
> The following config is used,
> SshClient client =
> SshClient.setUpDefaultClient(){color:#cc7832};{color}{color:#808080}
> {color} {color:#172b4d}PropertyResolverUtils.updateProperty(client,
> ClientFactoryManager.HEARTBEAT_INTERVAL, 15000);
>
> PropertyResolverUtils.updateProperty(client,ClientFactoryManager.HEARTBEAT_REPLY_WAIT,
> 3);
>
> PropertyResolverUtils.updateProperty(client,ClientFactoryManager.HEARTBEAT_REQUEST,
> "keepal...@openssh.com");{color}
> {color:#cc7832}{color:#172b4d}BR{color}
> {color:#172b4d}Patrik{color}
> {color}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additiona
[jira] [Comment Edited] (SSHD-968) SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is replied with SSH_MSG_UNSUPPORTED
[
https://issues.apache.org/jira/browse/SSHD-968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17042997#comment-17042997
]
Patrik Ek edited comment on SSHD-968 at 2/23/20 5:23 PM:
-
[~lgoldstein] Sorry for replying late. Saturdays and Sundays are normally my
days off, so I have not been that active. Hontestly I did not expect this fast
response. Anyway, To answer your questions,
{color:#172b4d}1.{color}
_{color:#172b4d}Seems to me that servers that respond with
{color}{{SSH_MSG_UNIMPLEMENTED}}{color:#172b4d} violate {color}[rfc4254 -
section 4|https://tools.ietf.org/html/rfc4254#section-4]{color:#172b4d} that
states that the response should be
{color}{{SSH_MSG_REQUEST_FAILURE}}{color:#172b4d}.{color}_
This is true, but the server is netopeer-server, used by a lot of people,
replying with "sorry this is a server issue", is not an option for us. Further,
the bug is not in netopeer itself, but in libssh, which is one of the most
common ssh libraries for linux (openssh works just fine though). I must assume
this is fixed in the latest release, but I suppose there are thousands of
servers out there not yet upgraded.
2.
One of your comments is lost now, but knowing what message returning
SSH_MSG_UNIMPLEMENTED can be done using the message ID. The
SSH_MSG_UNIMPLEMENTED will return the message ID for the message it sent
SSH_MSG_UNIMPLEMENTED for.
3.
_{color:#172b4d}Have you tried using the
{color}[SSH_MSG_IGNORE|https://github.com/apache/mina-sshd/blob/master/docs/client-setup.md#keeping-the-session-alive-while-no-traffic]{color:#172b4d}
mechanism instead of global requests{color}_
yes, but the problem is not only to keep the connection alive. The problem is
to know when the connection goes down. The proper way to do this is to send an
SSH_MSG_GLOBAL_REQUEST with the want-reply flag. This is also how OpenSSH does.
The differerence is that when you get the SSH_MSG_UNIMPLEMENTED flag in
OpenSSH, it will instead count this as a valid reply, as this shows the server
is alive and it is very obvious there will be no other reply.
BR
Patrik
was (Author: patrikek):
[~lgoldstein] Sorry for replying late. Saturdays and Sundays are normally my
days off, so I have not been that active. Hontestly I did not expect this fast
response. Anyway, To answer your questions,
{color:#172b4d}1.{color}
_{color:#172b4d}Seems to me that servers that respond with
{color}{{SSH_MSG_UNIMPLEMENTED}}{color:#172b4d} violate {color}[rfc4254 -
section 4|https://tools.ietf.org/html/rfc4254#section-4]{color:#172b4d} that
states that the response should be
{color}{{SSH_MSG_REQUEST_FAILURE}}{color:#172b4d}.{color}_
This is true, but the server is netopeer-server, used by a lot of people,
replying with "sorry this is a server issue", is not an option for us. Further,
the bug is not in netopeer itself, but in libssh, which is one of the most
common ssh libraries for linux (openssh works just fine though).
2.
One of your comments is lost now, but knowing what message returning
SSH_MSG_UNIMPLEMENTED can be done using the message ID. The
SSH_MSG_UNIMPLEMENTED will return the message ID for the message it sent
SSH_MSG_UNIMPLEMENTED for.
3.
_{color:#172b4d}Have you tried using the
{color}[SSH_MSG_IGNORE|https://github.com/apache/mina-sshd/blob/master/docs/client-setup.md#keeping-the-session-alive-while-no-traffic]{color:#172b4d}
mechanism instead of global requests{color}_
yes, but the problem is not only to keep the connection alive. The problem is
to know when the connection goes down. The proper way to do this is to send an
SSH_MSG_GLOBAL_REQUEST with the want-reply flag. This is also how OpenSSH does.
The differerence is that when you get the SSH_MSG_UNIMPLEMENTED flag in
OpenSSH, it will instead count this as a valid reply, as this shows the server
is alive and it is very obvious there will be no other reply.
BR
Patrik
> SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is replied
> with SSH_MSG_UNSUPPORTED
> --
>
> Key: SSHD-968
> URL: https://issues.apache.org/jira/browse/SSHD-968
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 2.3.0
> Environment: Windows 10
>Reporter: Patrik Ek
>Assignee: Lyor Goldstein
>Priority: Major
>
> In case SSH_MSG_GLOBAL_REQUEST is not supported by the remote SSH server, the
> keep-alive heartbeat times out. The reason for this is SSH_MSG_UNIMPLEMENTED
> is only logged in
> {color:#172b4d}org.apache.sshd.common.session.helpers{color}.AbstractSession
> The method identifying the SSH_MSG_UNIMPLEMENTED is called
> AbstractSession.doHandleMessage()
> The consequense is that no reply is received and the heartbeat times out
[jira] [Comment Edited] (SSHD-968) SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is replied with SSH_MSG_UNSUPPORTED
[
https://issues.apache.org/jira/browse/SSHD-968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17042997#comment-17042997
]
Patrik Ek edited comment on SSHD-968 at 2/23/20 5:21 PM:
-
[~lgoldstein] Sorry for replying late. Saturdays and Sundays are normally my
days off, so I have not been that active. Hontestly I did not expect this fast
response. Anyway, To answer your questions,
{color:#172b4d}1.{color}
_{color:#172b4d}Seems to me that servers that respond with
{color}{{SSH_MSG_UNIMPLEMENTED}}{color:#172b4d} violate {color}[rfc4254 -
section 4|https://tools.ietf.org/html/rfc4254#section-4]{color:#172b4d} that
states that the response should be
{color}{{SSH_MSG_REQUEST_FAILURE}}{color:#172b4d}.{color}_
This is true, but the server is netopeer-server, used by a lot of people,
replying with "sorry this is a server issue", is not an option for us. Further,
the bug is not in netopeer itself, but in libssh, which is one of the most
common ssh libraries for linux (openssh works just fine though).
2.
One of your comments is lost now, but knowing what message returning
SSH_MSG_UNIMPLEMENTED can be done using the message ID. The
SSH_MSG_UNIMPLEMENTED will return the message ID for the message it sent
SSH_MSG_UNIMPLEMENTED for.
3.
_{color:#172b4d}Have you tried using the
{color}[SSH_MSG_IGNORE|https://github.com/apache/mina-sshd/blob/master/docs/client-setup.md#keeping-the-session-alive-while-no-traffic]{color:#172b4d}
mechanism instead of global requests{color}_
yes, but the problem is not only to keep the connection alive. The problem is
to know when the connection goes down. The proper way to do this is to send an
SSH_MSG_GLOBAL_REQUEST with the want-reply flag. This is also how OpenSSH does.
The differerence is that when you get the SSH_MSG_UNIMPLEMENTED flag in
OpenSSH, it will instead count this as a valid reply, as this shows the server
is alive and it is very obvious there will be no other reply.
BR
Patrik
was (Author: patrikek):
[~lgoldstein] Sorry for replying late. Saturdays and Sundays are normally my
days off, so I have not been that active. Hontestly I did not expect this fast
response. Anyway, To answer your questions,
{color:#172b4d}1.{color}
_{color:#172b4d}Seems to me that servers that respond with
{color}{{SSH_MSG_UNIMPLEMENTED}}{color:#172b4d} violate {color}[rfc4254 -
section 4|https://tools.ietf.org/html/rfc4254#section-4]{color:#172b4d} that
states that the response should be
{color}{{SSH_MSG_REQUEST_FAILURE}}{color:#172b4d}.{color}_
This is true, but the server is netopeer-server, used by a lot of people,
replying with "sorry this is a server issue", is not an option for us. Further,
the bug is not in netopeer itself, but in libssh, which is one of the most
common ssh libraries for linux (openssh works just fine though).
2.
One of your comments is lost now, but knowing what message returning
SSH_MSG_UNIMPLEMENTED can be done using the message ID. The
SSH_MSG_UNIMPLEMENTED will return the message ID for the message it sent
SSH_MSG_UNIMPLEMENTED for.
3.
_{color:#172b4d}Have you tried using the
{color}[SSH_MSG_IGNORE|https://github.com/apache/mina-sshd/blob/master/docs/client-setup.md#keeping-the-session-alive-while-no-traffic]{color:#172b4d}
mechanism instead of global requests{color}_
yes, but the problem is not only to keep the connection alive. The problem is
to know when the connection goes down. The proper way to do this is to send an
SSH_MSG_GLOBAL_REQUEST with the want-reply flag. This is also how OpenSSH does.
The differerence is that when you get the SSH_MSG_UNIMPLEMENTED flag in
OpenSSH, it will instead count this as a valid reply, as this shows the server
is alive and it is very obvious there will be no other reply.
BR
Patrik
> SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is replied
> with SSH_MSG_UNSUPPORTED
> --
>
> Key: SSHD-968
> URL: https://issues.apache.org/jira/browse/SSHD-968
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 2.3.0
> Environment: Windows 10
>Reporter: Patrik Ek
>Assignee: Lyor Goldstein
>Priority: Major
>
> In case SSH_MSG_GLOBAL_REQUEST is not supported by the remote SSH server, the
> keep-alive heartbeat times out. The reason for this is SSH_MSG_UNIMPLEMENTED
> is only logged in
> {color:#172b4d}org.apache.sshd.common.session.helpers{color}.AbstractSession
> The method identifying the SSH_MSG_UNIMPLEMENTED is called
> AbstractSession.doHandleMessage()
> The consequense is that no reply is received and the heartbeat times out
> instead of calling AbstractSession.requestFailure(). Which in turn leads to
> the session terminates.
> According to RFC
[jira] [Commented] (SSHD-968) SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is replied with SSH_MSG_UNSUPPORTED
[
https://issues.apache.org/jira/browse/SSHD-968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17042997#comment-17042997
]
Patrik Ek commented on SSHD-968:
[~lgoldstein] Sorry for replying late. Saturdays and Sundays are normally my
days off, so I have not been that active. Hontestly I did not expect this fast
response. Anyway, To answer your questions,
{color:#172b4d}1.{color}
_{color:#172b4d}Seems to me that servers that respond with
{color}{{SSH_MSG_UNIMPLEMENTED}}{color:#172b4d} violate {color}[rfc4254 -
section 4|https://tools.ietf.org/html/rfc4254#section-4]{color:#172b4d} that
states that the response should be
{color}{{SSH_MSG_REQUEST_FAILURE}}{color:#172b4d}.{color}_
This is true, but the server is netopeer-server, used by a lot of people,
replying with "sorry this is a server issue", is not an option for us. Further,
the bug is not in netopeer itself, but in libssh, which is one of the most
common ssh libraries for linux (openssh works just fine though).
2.
One of your comments is lost now, but knowing what message returning
SSH_MSG_UNIMPLEMENTED can be done using the message ID. The
SSH_MSG_UNIMPLEMENTED will return the message ID for the message it sent
SSH_MSG_UNIMPLEMENTED for.
3.
_{color:#172b4d}Have you tried using the
{color}[SSH_MSG_IGNORE|https://github.com/apache/mina-sshd/blob/master/docs/client-setup.md#keeping-the-session-alive-while-no-traffic]{color:#172b4d}
mechanism instead of global requests{color}_
yes, but the problem is not to keep the connection alive. The problem is to
know when the connection goes down. The proper way to do this is to send an
SSH_MSG_GLOBAL_REQUEST with the want-reply flag. This is also how OpenSSH does.
The differerence is that when you get the SSH_MSG_UNIMPLEMENTED flag in
OpenSSH, it will instead count this as a valid reply, as this shows the server
is alive and it is very obvious there will be no other reply.
BR
Patrik
> SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is replied
> with SSH_MSG_UNSUPPORTED
> --
>
> Key: SSHD-968
> URL: https://issues.apache.org/jira/browse/SSHD-968
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 2.3.0
> Environment: Windows 10
>Reporter: Patrik Ek
>Assignee: Lyor Goldstein
>Priority: Major
>
> In case SSH_MSG_GLOBAL_REQUEST is not supported by the remote SSH server, the
> keep-alive heartbeat times out. The reason for this is SSH_MSG_UNIMPLEMENTED
> is only logged in
> {color:#172b4d}org.apache.sshd.common.session.helpers{color}.AbstractSession
> The method identifying the SSH_MSG_UNIMPLEMENTED is called
> AbstractSession.doHandleMessage()
> The consequense is that no reply is received and the heartbeat times out
> instead of calling AbstractSession.requestFailure(). Which in turn leads to
> the session terminates.
> According to RFC 4253 sect. 11.4
> ({color:#004000}https://tools.ietf.org/html/rfc4253#section-11.4{color}) the
> SSH_MSG_UNIMPLEMENTED is meant to be ignored, but this makes little sense for
> a heartbeat, as even SSH_MSG_UNIMPLEMENTED is good enough to count as a reply
> for this. This is for example the case in OpenSSH, where
> SSH_MSG_UNIMPLEMENTED replies for heartbeat, does not lead to a termination
> of the SSH session.
> There is a workaround released in 2.1.1, to use
> ReservedSessionMessagesHandler for handling replies, but this does not allow
> access to the method AbstractSession.requestFailure() (without using
> reflection so to say). Further, the heartbeat is ongoing in the background,
> so there is no good solution to this problem from outside of the framework.
> https://issues.apache.org/jira/browse/SSHD-887?jql=project%20%3D%20SSHD%20AND%20fixVersion%20%3D%202.1.1
> Would this be possible to fix? The reason I write it here is because the bug
> seems to existing up to some version of libssh, even for the SSHv2 protocol,
> so just writing a bug report on the particular server will not solve the
> problems for already existing implementations using libssh.
> The following config is used,
> SshClient client =
> SshClient.setUpDefaultClient(){color:#cc7832};{color}{color:#808080}
> {color} {color:#172b4d}PropertyResolverUtils.updateProperty(client,
> ClientFactoryManager.HEARTBEAT_INTERVAL, 15000);
>
> PropertyResolverUtils.updateProperty(client,ClientFactoryManager.HEARTBEAT_REPLY_WAIT,
> 3);
>
> PropertyResolverUtils.updateProperty(client,ClientFactoryManager.HEARTBEAT_REQUEST,
> "keepal...@openssh.com");{color}
> {color:#cc7832}{color:#172b4d}BR{color}
> {color:#172b4d}Patrik{color}
> {color}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
--
[jira] [Comment Edited] (SSHD-968) SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is replied with SSH_MSG_UNSUPPORTED
[
https://issues.apache.org/jira/browse/SSHD-968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17042997#comment-17042997
]
Patrik Ek edited comment on SSHD-968 at 2/23/20 5:21 PM:
-
[~lgoldstein] Sorry for replying late. Saturdays and Sundays are normally my
days off, so I have not been that active. Hontestly I did not expect this fast
response. Anyway, To answer your questions,
{color:#172b4d}1.{color}
_{color:#172b4d}Seems to me that servers that respond with
{color}{{SSH_MSG_UNIMPLEMENTED}}{color:#172b4d} violate {color}[rfc4254 -
section 4|https://tools.ietf.org/html/rfc4254#section-4]{color:#172b4d} that
states that the response should be
{color}{{SSH_MSG_REQUEST_FAILURE}}{color:#172b4d}.{color}_
This is true, but the server is netopeer-server, used by a lot of people,
replying with "sorry this is a server issue", is not an option for us. Further,
the bug is not in netopeer itself, but in libssh, which is one of the most
common ssh libraries for linux (openssh works just fine though).
2.
One of your comments is lost now, but knowing what message returning
SSH_MSG_UNIMPLEMENTED can be done using the message ID. The
SSH_MSG_UNIMPLEMENTED will return the message ID for the message it sent
SSH_MSG_UNIMPLEMENTED for.
3.
_{color:#172b4d}Have you tried using the
{color}[SSH_MSG_IGNORE|https://github.com/apache/mina-sshd/blob/master/docs/client-setup.md#keeping-the-session-alive-while-no-traffic]{color:#172b4d}
mechanism instead of global requests{color}_
yes, but the problem is not only to keep the connection alive. The problem is
to know when the connection goes down. The proper way to do this is to send an
SSH_MSG_GLOBAL_REQUEST with the want-reply flag. This is also how OpenSSH does.
The differerence is that when you get the SSH_MSG_UNIMPLEMENTED flag in
OpenSSH, it will instead count this as a valid reply, as this shows the server
is alive and it is very obvious there will be no other reply.
BR
Patrik
was (Author: patrikek):
[~lgoldstein] Sorry for replying late. Saturdays and Sundays are normally my
days off, so I have not been that active. Hontestly I did not expect this fast
response. Anyway, To answer your questions,
{color:#172b4d}1.{color}
_{color:#172b4d}Seems to me that servers that respond with
{color}{{SSH_MSG_UNIMPLEMENTED}}{color:#172b4d} violate {color}[rfc4254 -
section 4|https://tools.ietf.org/html/rfc4254#section-4]{color:#172b4d} that
states that the response should be
{color}{{SSH_MSG_REQUEST_FAILURE}}{color:#172b4d}.{color}_
This is true, but the server is netopeer-server, used by a lot of people,
replying with "sorry this is a server issue", is not an option for us. Further,
the bug is not in netopeer itself, but in libssh, which is one of the most
common ssh libraries for linux (openssh works just fine though).
2.
One of your comments is lost now, but knowing what message returning
SSH_MSG_UNIMPLEMENTED can be done using the message ID. The
SSH_MSG_UNIMPLEMENTED will return the message ID for the message it sent
SSH_MSG_UNIMPLEMENTED for.
3.
_{color:#172b4d}Have you tried using the
{color}[SSH_MSG_IGNORE|https://github.com/apache/mina-sshd/blob/master/docs/client-setup.md#keeping-the-session-alive-while-no-traffic]{color:#172b4d}
mechanism instead of global requests{color}_
yes, but the problem is not to keep the connection alive. The problem is to
know when the connection goes down. The proper way to do this is to send an
SSH_MSG_GLOBAL_REQUEST with the want-reply flag. This is also how OpenSSH does.
The differerence is that when you get the SSH_MSG_UNIMPLEMENTED flag in
OpenSSH, it will instead count this as a valid reply, as this shows the server
is alive and it is very obvious there will be no other reply.
BR
Patrik
> SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is replied
> with SSH_MSG_UNSUPPORTED
> --
>
> Key: SSHD-968
> URL: https://issues.apache.org/jira/browse/SSHD-968
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 2.3.0
> Environment: Windows 10
>Reporter: Patrik Ek
>Assignee: Lyor Goldstein
>Priority: Major
>
> In case SSH_MSG_GLOBAL_REQUEST is not supported by the remote SSH server, the
> keep-alive heartbeat times out. The reason for this is SSH_MSG_UNIMPLEMENTED
> is only logged in
> {color:#172b4d}org.apache.sshd.common.session.helpers{color}.AbstractSession
> The method identifying the SSH_MSG_UNIMPLEMENTED is called
> AbstractSession.doHandleMessage()
> The consequense is that no reply is received and the heartbeat times out
> instead of calling AbstractSession.requestFailure(). Which in turn leads to
> the session terminates.
> According to RFC 42
[jira] [Commented] (SSHD-968) SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is replied with SSH_MSG_UNSUPPORTED
[
https://issues.apache.org/jira/browse/SSHD-968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17042993#comment-17042993
]
Lyor Goldstein commented on SSHD-968:
-
Have you tried using the
[SSH_MSG_IGNORE|https://github.com/apache/mina-sshd/blob/master/docs/client-setup.md#keeping-the-session-alive-while-no-traffic]
mechanism instead of global requests ?
> SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is replied
> with SSH_MSG_UNSUPPORTED
> --
>
> Key: SSHD-968
> URL: https://issues.apache.org/jira/browse/SSHD-968
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 2.3.0
> Environment: Windows 10
>Reporter: Patrik Ek
>Assignee: Lyor Goldstein
>Priority: Major
>
> In case SSH_MSG_GLOBAL_REQUEST is not supported by the remote SSH server, the
> keep-alive heartbeat times out. The reason for this is SSH_MSG_UNIMPLEMENTED
> is only logged in
> {color:#172b4d}org.apache.sshd.common.session.helpers{color}.AbstractSession
> The method identifying the SSH_MSG_UNIMPLEMENTED is called
> AbstractSession.doHandleMessage()
> The consequense is that no reply is received and the heartbeat times out
> instead of calling AbstractSession.requestFailure(). Which in turn leads to
> the session terminates.
> According to RFC 4253 sect. 11.4
> ({color:#004000}https://tools.ietf.org/html/rfc4253#section-11.4{color}) the
> SSH_MSG_UNIMPLEMENTED is meant to be ignored, but this makes little sense for
> a heartbeat, as even SSH_MSG_UNIMPLEMENTED is good enough to count as a reply
> for this. This is for example the case in OpenSSH, where
> SSH_MSG_UNIMPLEMENTED replies for heartbeat, does not lead to a termination
> of the SSH session.
> There is a workaround released in 2.1.1, to use
> ReservedSessionMessagesHandler for handling replies, but this does not allow
> access to the method AbstractSession.requestFailure() (without using
> reflection so to say). Further, the heartbeat is ongoing in the background,
> so there is no good solution to this problem from outside of the framework.
> https://issues.apache.org/jira/browse/SSHD-887?jql=project%20%3D%20SSHD%20AND%20fixVersion%20%3D%202.1.1
> Would this be possible to fix? The reason I write it here is because the bug
> seems to existing up to some version of libssh, even for the SSHv2 protocol,
> so just writing a bug report on the particular server will not solve the
> problems for already existing implementations using libssh.
> The following config is used,
> SshClient client =
> SshClient.setUpDefaultClient(){color:#cc7832};{color}{color:#808080}
> {color} {color:#172b4d}PropertyResolverUtils.updateProperty(client,
> ClientFactoryManager.HEARTBEAT_INTERVAL, 15000);
>
> PropertyResolverUtils.updateProperty(client,ClientFactoryManager.HEARTBEAT_REPLY_WAIT,
> 3);
>
> PropertyResolverUtils.updateProperty(client,ClientFactoryManager.HEARTBEAT_REQUEST,
> "keepal...@openssh.com");{color}
> {color:#cc7832}{color:#172b4d}BR{color}
> {color:#172b4d}Patrik{color}
> {color}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
