Re: Dropbear SSH integrity error

2015-11-12 Thread Laurent Bercot 

On 12/11/2015 10:28, Zbynek Michl wrote:

# ssh d...@demo.mt.lv
ssh: Connection to d...@demo.mt.lv:22 exited: Integrity error (bad
packet size -22146333)


 Hi Zbynek,

 I had the same problem earlier this year with GitHub: git over ssh
worked with an OpenSSH client, but not with a dropbear client.
I reported it to GitHub; I didn't get any answer, but two weeks or
so later, they fixed the problem.

 I suspect this has to do with some sshd server that is not compatible
with a dropbear client - I'm inclined to think that the server makes
assumptions about unspecified protocol details and those assumptions
are false with dbclient. Or the other way around.

 Do you know what sshd server RouterOS uses? I can't tell from
d...@demo.mt.lv because they don't provide a shell :)

--
 Laurent

Re: Dropbear SSH integrity error

2015-11-12 Thread Zbynek Michl 
Hi Laurent,

RouterOS SSH server identifies as follows:

$ telnet d...@demo.mt.lv 22
SSH-2.0-ROSSSH

A connection in the opposite direction (from RouterOS to AirOS) is OK.

Regards,
Zbynek

On Thu, Nov 12, 2015 at 11:17 AM, Laurent Bercot
 wrote:
> On 12/11/2015 10:28, Zbynek Michl wrote:
>>
>> # ssh d...@demo.mt.lv
>> ssh: Connection to d...@demo.mt.lv:22 exited: Integrity error (bad
>> packet size -22146333)
>
>
>  Hi Zbynek,
>
>  I had the same problem earlier this year with GitHub: git over ssh
> worked with an OpenSSH client, but not with a dropbear client.
> I reported it to GitHub; I didn't get any answer, but two weeks or
> so later, they fixed the problem.
>
>  I suspect this has to do with some sshd server that is not compatible
> with a dropbear client - I'm inclined to think that the server makes
> assumptions about unspecified protocol details and those assumptions
> are false with dbclient. Or the other way around.
>
>  Do you know what sshd server RouterOS uses? I can't tell from
> d...@demo.mt.lv because they don't provide a shell :)
>
> --
>  Laurent
>

Re: Dropbear SSH integrity error

2015-11-12 Thread Matt Johnston 
On Thu, Nov 12, 2015 at 10:28:27AM +0100, Zbynek Michl wrote:
> Hello,
> 
> I have a problem with SSH connection from my Ubiquiti AirOS device to
> a Mikrotik router.
> I use AirOS v5.5.11 (Dropbear SSH client v2013.58) and Mikrotik's
> RouterOS version 6.33 (also older versions have the same problem).
> 
> # ssh d...@demo.mt.lv
> ssh: Connection to d...@demo.mt.lv:22 exited: Integrity error (bad
> packet size -22146333)

It looks like ROSSH doesn't support "kex first follows".
Commenting out USE_KEX_FIRST_FOLLOWS in sysoptions.h will
fix that. Could you report it to Mikrotik? Github used 
libssh which had the same issue, fixed in libssh 0.7

Cheers,
Matt