openssh bugs - Jun 2013 - [Bug 2116] New: SSH to Nortel/Avaya switch fails

https://bugzilla.mindrot.org/show_bug.cgi?id=2116

            Bug ID: 2116
           Summary: SSH to Nortel/Avaya switch fails
           Product: Portable OpenSSH
           Version: 6.2p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jsneerin at gmail.com

Starting with version 6.2p1, ssh client connections to Nortel/Avaya ERS
5600 series switches fail. Connections with 6.1p1 and earlier do not
exhibit this problem. This is observed with the following switch models
and release versions:

* Avaya Ethernet Routing switch (ERS) 5698 and 5698-PoE
* OS version 6.2.1.003 with boot firmware 6.0.0.10
* OS version 6.3.0.013 with boot firmware 6.0.0.15
* http://www.avaya.com/usa/product/ethernet-routing-switch-5000-series

These switches actually run Mocana SSH server software, so it's
possible that other embedded devices using Mocana SSH are also
affected. It is unclear which version of Mocana these switches are
running, or if the different OS/FW firmware versions have different
versions of Mocana. Mocana SSH is described at:

* https://www.mocana.com/for-device-manufacturers/nanossh/

Affected OpenSSH versions observed:

* 6.2p1, 6.2p2, 6.2-SNAP-20130604

Unaffected OpenSSH versions observed:

* 5.9p1, 6.0p1, 6.1p1

Client operating systems tested:

* Linux r3239 3.2.0-44-generic #69-Ubuntu SMP Thu May 16 18:27:54 UTC
2013 i686 i686 i386 GNU/Linux
* CYGWIN_NT-6.1-WOW64 L3313 1.7.18(0.263/5/3) 2013-04-19 10:39 i686
Cygwin

I first noticed this problem under Cygwin. However, I have verified it
on Ubuntu by compiling versions 5.9p1, 6.0p1, 6.1p1, 6.2p1, and 6.2p2,
and the daily snapshot from 20130604 from source with no special
configuration options. Running ssh 6.2p1 and later with -v shows that
the connection gets as far as expecting SSH2_MSG_KEXDH_REPLY, then the
far end closes the connection. Versions 6.1p1 and earlier work
normally. Running ssh with additional -v flags, as well as running it
when compiled with the various DEBUG macros, does not yield any
additional information that is meaningful to me.

I will attached "ssh -vvv" output from 6.1p1 and 6.2p1 in the hope
that
it will be helpful. If you do not have Nortel/Avaya or other hardware
running Mocana SSH at your disposal, I am willing to assist with
testing of alternate configurations or patches.

I've marked this as "major" because I've been unable to
identify any
workaround with the affected versions. Rolling back to 6.1p1 is the
only fix I've found.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2116

--- Comment #1 from James Sneeringer <jsneerin at gmail.com> ---
Created attachment 2293
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2293&action=edit
Output from "ssh -vvv" on version 6.1p1

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2116

--- Comment #2 from James Sneeringer <jsneerin at gmail.com> ---
Created attachment 2294
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2294&action=edit
Output from "ssh -vvv" on version 6.2p1

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2116

James Sneeringer <jsneerin at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jsneerin at gmail.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2116

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
              Group|Portable OpenSSH            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2116

--- Comment #8 from Darren Tucker <dtucker at zip.com.au> ---
Did you ever get any kind of response from the vendor?

The banner does not provide any kind of version information, so any
compat hacks we do would have to be an all-or-nothing thing:

debug1: Remote protocol version 2.0, remote software version Mocana SSH

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2116

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #9 from Darren Tucker <dtucker at zip.com.au> ---
There's nothing we can do short of blacklisting every device reporting
that version string and I'm not willing to do that without info from
the vendor on what proportion of devices that might be.

Please reopen if that information ever becomes available.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2116

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #10 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.