Hello all
In a recent spate of paranoia we set our server (SuSE Linux 7.0, kernel
2.2.16) to use SSH version 2 and not SSH1. With openssh 2.3.0p1-5 running
as client and server, we find that stdout output is occasionally dropped:
ssh server echo "JJJ"
usually emits JJJ, but sometimes returns nothing -- although the command
is apparently performed.
In the happy case the server logs this (yep, this is the one that worked):
WARNING: /etc/ssh/primes does not exist, using old prime
Accepted publickey for andrewm from 10.0.0.69 port 1428 ssh2
error: channel 0: internal error: we do not read, but
chan_read_failed for istate 8
In the unhappy case, the server logs this:
WARNING: /etc/ssh/primes does not exist, using old prime
Accepted publickey for andrewm from 10.0.0.69 port 1424 ssh2
So many questions ...
. Is this a known bug or a configuration error?
. Is it specific to SuSE's rpm or linux?
. Is it fixed in the latest and greatest openssh?
. What is the enigmatic (undocumented?) /etc/ssh/primes ... ?
. How much was in the FAQ ... :)
(On the same machines -R port forwarding does not work with protocol
version 2, but does with protocol version 1 ... but that could be a
different issue ... )
I did notice this in the changelog ... which seems to describe the problem
I have .. perhaps the fix did not address the problem ..?:
20000420
...
[session.c]
- remove bogus chan_read_failed. this could cause data
corruption (missing data) at end of a SSH2 session.
&:-)
Here's a debug splurge:
EXAMPLE OF FAILURE (about 1 in 16):
ssh -v gabriel "echo
HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH"
SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for gabriel
debug: Applying options for *
debug: Applying options for *
debug: Seeding random number generator
debug: ssh_connect: getuid 500 geteuid 0 anon 1
debug: Connecting to gabriel [10.0.0.1] port 22.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1
debug: no match: OpenSSH_2.3.0p1
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.3.0p1
debug: Seeding random number generator
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc
at lysator.liu.se
debug: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc
at lysator.liu.se
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit:
debug: got kexinit:
debug: first kex follow: 0
debug: reserved: 0
debug: done
debug: kex: server->client 3des-cbc hmac-sha1 none
debug: kex: client->server 3des-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug: bits set: 499/1024
debug: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: Host 'gabriel' is known and matches the DSA host key.
debug: bits set: 522/1024
debug: len 55 datafellows 0
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
debug: service_accept: ssh-userauth
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: authentications that can continue: publickey,password
debug: next auth method to try is publickey
debug: try pubkey: /home/andrewm/.ssh/id_dsa
debug: read DSA private key done
debug: sig size 20 20
debug: ssh-userauth2 successfull: method publickey
debug: channel 0: new [client-session]
debug: send channel open 0
debug: Entering interactive session.
debug: client_init id 0 arg 0
debug: Requesting X11 forwarding with authentication spoofing.
debug: Sending command: echo
HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
debug: channel 0: open confirm rwindow 0 rmax 16384
debug: client_input_channel_req: rtype exit-status reply 0
debug: channel 0: rcvd eof
debug: channel 0: output open -> drain
debug: channel 0: rcvd close
debug: channel 0: input open -> closed
debug: channel 0: close_read
debug: channel 0: obuf empty
debug: channel 0: output drain -> closed
debug: channel 0: close_write
debug: channel 0: send close
debug: channel 0: full closed2
debug: channel_free: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)
debug: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug: Exit status 0
NORMAL BEHAVIOUR
ssh -v gabriel "echo
HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH"
SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for gabriel
debug: Applying options for *
debug: Applying options for *
debug: Seeding random number generator
debug: ssh_connect: getuid 500 geteuid 0 anon 1
debug: Connecting to gabriel [10.0.0.1] port 22.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1
debug: no match: OpenSSH_2.3.0p1
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.3.0p1
debug: Seeding random number generator
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc
at lysator.liu.se
debug: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc
at lysator.liu.se
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit:
debug: got kexinit:
debug: first kex follow: 0
debug: reserved: 0
debug: done
debug: kex: server->client 3des-cbc hmac-sha1 none
debug: kex: client->server 3des-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug: bits set: 505/1024
debug: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: Host 'gabriel' is known and matches the DSA host key.
debug: bits set: 503/1024
debug: len 55 datafellows 0
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
debug: service_accept: ssh-userauth
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: authentications that can continue: publickey,password
debug: next auth method to try is publickey
debug: try pubkey: /home/andrewm/.ssh/id_dsa
debug: read DSA private key done
debug: sig size 20 20
debug: ssh-userauth2 successfull: method publickey
debug: channel 0: new [client-session]
debug: send channel open 0
debug: Entering interactive session.
debug: client_init id 0 arg 0
debug: Requesting X11 forwarding with authentication spoofing.
debug: Sending command: echo
HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
debug: channel 0: open confirm rwindow 0 rmax 16384
HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
debug: client_input_channel_req: rtype exit-status reply 0
debug: channel 0: rcvd eof
debug: channel 0: output open -> drain
debug: channel 0: rcvd close
debug: channel 0: input open -> closed
debug: channel 0: close_read
debug: channel 0: obuf empty
debug: channel 0: output drain -> closed
debug: channel 0: close_write
debug: channel 0: send close
debug: channel 0: full closed2
debug: channel_free: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)
debug: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug: Exit status 0