Re: Dropbear SSH integrity error
Hi, So it seems to be fixed in RouterOS 6.34rc8. Regards, Zbynek On Fri, Nov 13, 2015 at 12:32 PM, Zbynek Michl wrote: > Hi Matt, > > Ok, I reported it to Mikrotik, thanks for your help! :) > > Regards, > Zbynek > > On Thu, Nov 12, 2015 at 3:01 PM, Matt Johnston wrote: >> On Thu, Nov 12, 2015 at 10:28:27AM +0100, Zbynek Michl wrote: >>> Hello, >>> >>> I have a problem with SSH connection from my Ubiquiti AirOS device to >>> a Mikrotik router. >>> I use AirOS v5.5.11 (Dropbear SSH client v2013.58) and Mikrotik's >>> RouterOS version 6.33 (also older versions have the same problem). >>> >>> # ssh d...@demo.mt.lv >>> ssh: Connection to d...@demo.mt.lv:22 exited: Integrity error (bad >>> packet size -22146333) >> >> It looks like ROSSH doesn't support "kex first follows". >> Commenting out USE_KEX_FIRST_FOLLOWS in sysoptions.h will >> fix that. Could you report it to Mikrotik? Github used >> libssh which had the same issue, fixed in libssh 0.7 >> >> Cheers, >> Matt
Re: Dropbear SSH integrity error
Hi Matt, Ok, I reported it to Mikrotik, thanks for your help! :) Regards, Zbynek On Thu, Nov 12, 2015 at 3:01 PM, Matt Johnston wrote: > On Thu, Nov 12, 2015 at 10:28:27AM +0100, Zbynek Michl wrote: >> Hello, >> >> I have a problem with SSH connection from my Ubiquiti AirOS device to >> a Mikrotik router. >> I use AirOS v5.5.11 (Dropbear SSH client v2013.58) and Mikrotik's >> RouterOS version 6.33 (also older versions have the same problem). >> >> # ssh d...@demo.mt.lv >> ssh: Connection to d...@demo.mt.lv:22 exited: Integrity error (bad >> packet size -22146333) > > It looks like ROSSH doesn't support "kex first follows". > Commenting out USE_KEX_FIRST_FOLLOWS in sysoptions.h will > fix that. Could you report it to Mikrotik? Github used > libssh which had the same issue, fixed in libssh 0.7 > > Cheers, > Matt
Re: Dropbear SSH integrity error
On Thu, Nov 12, 2015 at 10:28:27AM +0100, Zbynek Michl wrote: > Hello, > > I have a problem with SSH connection from my Ubiquiti AirOS device to > a Mikrotik router. > I use AirOS v5.5.11 (Dropbear SSH client v2013.58) and Mikrotik's > RouterOS version 6.33 (also older versions have the same problem). > > # ssh d...@demo.mt.lv > ssh: Connection to d...@demo.mt.lv:22 exited: Integrity error (bad > packet size -22146333) It looks like ROSSH doesn't support "kex first follows". Commenting out USE_KEX_FIRST_FOLLOWS in sysoptions.h will fix that. Could you report it to Mikrotik? Github used libssh which had the same issue, fixed in libssh 0.7 Cheers, Matt
Re: Dropbear SSH integrity error
Hi Laurent, RouterOS SSH server identifies as follows: $ telnet d...@demo.mt.lv 22 SSH-2.0-ROSSSH A connection in the opposite direction (from RouterOS to AirOS) is OK. Regards, Zbynek On Thu, Nov 12, 2015 at 11:17 AM, Laurent Bercot wrote: > On 12/11/2015 10:28, Zbynek Michl wrote: >> >> # ssh d...@demo.mt.lv >> ssh: Connection to d...@demo.mt.lv:22 exited: Integrity error (bad >> packet size -22146333) > > > Hi Zbynek, > > I had the same problem earlier this year with GitHub: git over ssh > worked with an OpenSSH client, but not with a dropbear client. > I reported it to GitHub; I didn't get any answer, but two weeks or > so later, they fixed the problem. > > I suspect this has to do with some sshd server that is not compatible > with a dropbear client - I'm inclined to think that the server makes > assumptions about unspecified protocol details and those assumptions > are false with dbclient. Or the other way around. > > Do you know what sshd server RouterOS uses? I can't tell from > d...@demo.mt.lv because they don't provide a shell :) > > -- > Laurent >
Re: Dropbear SSH integrity error
On 12/11/2015 10:28, Zbynek Michl wrote: # ssh d...@demo.mt.lv ssh: Connection to d...@demo.mt.lv:22 exited: Integrity error (bad packet size -22146333) Hi Zbynek, I had the same problem earlier this year with GitHub: git over ssh worked with an OpenSSH client, but not with a dropbear client. I reported it to GitHub; I didn't get any answer, but two weeks or so later, they fixed the problem. I suspect this has to do with some sshd server that is not compatible with a dropbear client - I'm inclined to think that the server makes assumptions about unspecified protocol details and those assumptions are false with dbclient. Or the other way around. Do you know what sshd server RouterOS uses? I can't tell from d...@demo.mt.lv because they don't provide a shell :) -- Laurent
