Bad string length, OpenSSH, F-Secure
Scott McGerik
error when I attempt to connect, using the F-SECURE SSH Version 2.0.12
client, to a OpenSSH_2.9.9p2 server.
After searching OpenSSH's website, F-Secure's website and the web with
Google, I am unable to find a solution or a cause for this error.
I am thinking this is a problem with the F-Secure SSH client because I
get this problem when connecting to two different OpenSSH servers: one
running under Cygwin and another under Mac OS X.
If it is a problem with the F-Secure SSH client, I am out of luck
because I do not control that server and I doubt I will get the tech
staff to upgrade the software.
Scott McGerik
Markus Friedl
>I am encountering a "Received packet with bad string length 537084050"
>error when I attempt to connect, using the F-SECURE SSH Version 2.0.12
>client, to a OpenSSH_2.9.9p2 server.
do you have some debugging output?
what algorithms are used?
can you turn on debugging in the server?
-m
Scott McGerik
>
> do you have some debugging output?
> what algorithms are used?
> can you turn on debugging in the server?
I can get debugging output from the F-Secure client and the OpenSSH
server.
Scott.
Here is the output from the F-Secure client:
$ ssh -d 99 cygwin
Development-time debugging not compiled in.
To enable, configure with --enable-debug and recompile.
debug: connecting to xxx.xxx.xxx.xxx...
debug: entering event loop
debug: ssh_client_wrap: creating transport protocol
debug: ssh_client_wrap: creating userauth protocol
debug: Remote version: SSH-2.0-OpenSSH_2.9.9p2
debug: Host key found from the database.
debug:
Ssh2AuthPubKeyClient/authc-pubkey.c:226/ssh_client_auth_pubkey_send_signature:
ssh_client_auth_pubkey_send_signature
debug:
Ssh2AuthPubKeyClient/authc-pubkey.c:263/ssh_client_auth_pubkey_send_signature:
ssh_client_auth_pubkey_send_signature: reading
/home/slmcgeri/.ssh2/id_rsa_1024_a
Passphrase for key "/home/scott/.ssh2/id_rsa_1024_a" with comment
"1024-bit rsa, created by scott Wed Oct 24 10:53:24 2001":
debug: client_disconnect: Connection closed.
Disconnected; connection lost (Connection closed.).
debug: uninitializing event loop
Here is the output from the OpenSSH server:
$ /usr/sbin/sshd -d
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.9.9p2
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Server will not fork when running in debugging mode.
Connection from xxx.xxx.xxx.xxx port x
debug1: Client protocol version 1.99; client software version 2.0.12
F-SECURE SSH
debug1: match: 2.0.12 F-SECURE SSH pat ^2\.0\.1[1-2]
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9.9p2
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server 3des-cbc hmac-md5 zlib
debug1: kex: server->client 3des-cbc hmac-md5 zlib
debug1: dh_gen_key: priv key bits set: 190/384
debug1: bits set: 491/1024
debug1: expecting SSH2_MSG_KEXDH_INIT
debug1: bits set: 506/1024
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user Scott service ssh-connection method
none
debug1: attempt 0 failures 0
Failed none for Scott from xxx.xxx.xxx.xxx port x ssh2
debug1: userauth-request for user Scott service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 500/513 (e=500)
debug1: trying public key file /home/Scott/.ssh/authorized_keys
debug1: matching key found: file /home/Scott/.ssh/authorized_keys, line
1
debug1: restore_uid
Postponed publickey for Scott from xxx.xxx.xxx.xxx port x ssh2
debug1: userauth-request for user Scott service ssh-connection method
publickey
debug1: attempt 2 failures 1
debug1: temporarily_use_uid: 500/513 (e=500)
debug1: trying public key file /home/Scott/.ssh/authorized_keys
debug1: matching key found: file /home/Scott/.ssh/authorized_keys, line
1
debug1: restore_uid
Received packet with bad string length 1857684957
debug1: Calling cleanup 0x416a2c(0x0)
debug1: compress outgoing: raw data 227, compressed 223, factor 0.98
debug1: compress incoming: raw data 599, compressed 381, factor 0.64
Markus Friedl
>$ /usr/sbin/sshd -d
can you try:
$ /usr/sbin/sshd -ddd
>debug1: Client protocol version 1.99; client software version 2.0.12
>F-SECURE SSH
>debug1: match: 2.0.12 F-SECURE SSH pat ^2\.0\.1[1-2]
> ...
>debug1: userauth-request for user Scott service ssh-connection method
>publickey
>debug1: attempt 2 failures 1
>debug1: temporarily_use_uid: 500/513 (e=500)
>debug1: trying public key file /home/Scott/.ssh/authorized_keys
>debug1: matching key found: file /home/Scott/.ssh/authorized_keys, line
>1
>debug1: restore_uid
>Received packet with bad string length 1857684957
it seems that 2.0.12 F-SECURE SSH sends rsa signatures
in a strange encoding. i don't have access to the client
so i cannot debug.
perhaps does the output from /usr/sbin/sshd -ddd help.
-m
Markus Friedl
Index: ssh-rsa.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-rsa.c,v
retrieving revision 1.10
diff -u -r1.10 ssh-rsa.c
--- ssh-rsa.c 17 Sep 2001 19:27:15 -0000 1.10
+++ ssh-rsa.c 7 Nov 2001 12:54:28 -0000
@@ -129,27 +129,35 @@
BN_num_bits(key->rsa->n));
return -1;
}
- buffer_init(&b);
- buffer_append(&b, signature, signaturelen);
- ktype = buffer_get_string(&b, NULL);
- if (strcmp("ssh-rsa", ktype) != 0) {
- error("ssh_rsa_verify: cannot handle type %s", ktype);
- buffer_free(&b);
+ if (datafellows & SSH_BUG_SIGBLOB) {
+ sigblob = signature;
+ len = signaturelen;
+ } else {
+ buffer_init(&b);
+ buffer_append(&b, signature, signaturelen);
+ ktype = buffer_get_string(&b, NULL);
+ if (strcmp("ssh-rsa", ktype) != 0) {
+ error("ssh_rsa_verify: cannot handle type %s", ktype);
+ buffer_free(&b);
+ xfree(ktype);
+ return -1;
+ }
xfree(ktype);
- return -1;
- }
- xfree(ktype);
- sigblob = buffer_get_string(&b, &len);
- rlen = buffer_len(&b);
- buffer_free(&b);
- if(rlen != 0) {
- xfree(sigblob);
- error("ssh_rsa_verify: remaining bytes in signature %d", rlen);
- return -1;
+ sigblob = buffer_get_string(&b, &len);
+ rlen = buffer_len(&b);
+ buffer_free(&b);
+ if(rlen != 0) {
+ xfree(sigblob);
+ error("ssh_rsa_verify: remaining bytes in signature %d", rlen);
+ return -1;
+ }
}
nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
- xfree(sigblob);
+ if (!(datafellows & SSH_BUG_SIGBLOB)) {
+ memset(sigblob, 's', len);
+ xfree(sigblob);
+ }
error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
return -1;
}
@@ -162,8 +170,11 @@
ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
memset(digest, 'd', dlen);
xfree(digest);
- memset(sigblob, 's', len);
- xfree(sigblob);
+
+ if (!(datafellows & SSH_BUG_SIGBLOB)) {
+ memset(sigblob, 's', len);
+ xfree(sigblob);
+ }
if (ret == 0) {
int ecode = ERR_get_error();
error("ssh_rsa_verify: RSA_verify failed: %s", ERR_error_string(ecode, NULL));
Markus Friedl
Scott McGerik
> perhaps does the output from /usr/sbin/sshd -ddd help.
Here is the output you requested.
$ sshd -ddd
debug1: Seeding random number generator
debug3: cipher ok: aes128-cbc
[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: 3des-cbc
[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: blowfish-cbc
[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: cast128-cbc
[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: arcfour
[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour]
debug3: ciphers ok:
[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour]
debug2: mac_init: found hmac-md5
debug3: mac ok: hmac-md5
[hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96]
debug2: mac_init: found hmac-sha1
debug3: mac ok: hmac-sha1
[hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96]
debug2: mac_init: found hmac-ripemd160
debug3: mac ok: hmac-ripemd160
[hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96]
debug2: mac_init: found hmac-sha1-96
debug3: mac ok: hmac-sha1-96
[hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96]
debug2: mac_init: found hmac-md5-96
debug3: mac ok: hmac-md5-96
[hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96]
debug3: macs ok:
[hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96]
debug1: sshd version OpenSSH_2.9.9p2
debug1: private host key: #0 type 0 RSA1
debug3: No RSA1 key file /etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: No RSA1 key file /etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Server will not fork when running in debugging mode.
Connection from xxx.xxx.xxx.xxx port x
debug1: Client protocol version 1.99; client software version 2.0.12
F-SECURE SSH
debug1: match: 2.0.12 F-SECURE SSH pat ^2\.0\.1[1-2]
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9.9p2
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit: des-cbc,3des-cbc,blowfish-cbc,arcfour
debug2: kex_parse_kexinit: des-cbc,3des-cbc,blowfish-cbc,arcfour
debug2: kex_parse_kexinit: hmac-md5,md5-8,none
debug2: kex_parse_kexinit: hmac-md5,md5-8,none
debug2: kex_parse_kexinit: zlib
debug2: kex_parse_kexinit: zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 1
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server 3des-cbc hmac-md5 zlib
debug2: mac_init: found hmac-md5
debug1: kex: server->client 3des-cbc hmac-md5 zlib
debug1: dh_gen_key: priv key bits set: 202/384
debug1: bits set: 519/1024
debug1: expecting SSH2_MSG_KEXDH_INIT
debug1: bits set: 509/1024
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user Scott service ssh-connection method
none
debug1: attempt 0 failures 0
debug2: input_userauth_request: setting up authctxt for Scott
debug2: input_userauth_request: try method none
Failed none for Scott from xxx.xxx.xxx.xxx port x ssh2
debug1: userauth-request for user Scott service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug2: userauth_pubkey: SSH_BUG_PKAUTH
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 500/513 (e=500)
debug1: trying public key file /home/Scott/.ssh/authorized_keys
debug1: matching key found: file /home/Scott/.ssh/authorized_keys, line
1
debug1: restore_uid
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Postponed publickey for Scott from xxx.xxx.xxx.xxx port x ssh2
debug1: userauth-request for user Scott service ssh-connection method
publickey
debug1: attempt 2 failures 1
debug2: input_userauth_request: try method publickey
debug2: userauth_pubkey: SSH_BUG_PKAUTH
debug1: temporarily_use_uid: 500/513 (e=500)
debug1: trying public key file /home/Scott/.ssh/authorized_keys
debug1: matching key found: file /home/Scott/.ssh/authorized_keys, line
1
debug1: restore_uid
Received packet with bad string length 1579980554
debug1: Calling cleanup 0x416a2c(0x0)
debug1: compress outgoing: raw data 227, compressed 223, factor 0.98
debug1: compress incoming: raw data 599, compressed 380, factor 0.63
Scott McGerik
> using DSA instead of RSA should help, too.
That works! I wonder what the heck is with the F-Secure client and
server. I have had to switch to DSA for almost all of my connections
to/from it.
Scott McGerik
Markus Friedl
>Markus Friedl wrote:
2.0.12 is old and they use RSA in protocol v2 before it
was standardized.
-m