Page MenuHomePhabricator
Feed All Stories

Yesterday

Jakuje added a comment to T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value.

We test interoperability with OpenSSH so our implementation is compatible with OpenSSH one. So either we both are wrong or the srtSSHServer_11.00 is wrong. I would recommend you either check the server side for more logs or errors and/or contact the vendor/support of the server that you have this issue. It should be trivial for them to reproduce/debug the issue as libssh and openssh are opensource and they can reliably reproduce the issue. From just this log, we can hardly guess what the blackbox server does not like on this key exchange method implementation.

Sat, Jul 11, 10:09 AM

Thu, Jul 9

qgarnier added a comment to T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value.

Here the debug. It seems OpenSSH has the same issue.

Thu, Jul 9, 11:43 AM

Wed, Jul 8

Jakuje added a comment to T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value.

Thanks for confirmation. Even though you can not change the server settings, there might be something useful in the logs pointing out what is the issue. It could be bug in srtSSHServer implementation or libssh implementation of the new diffie-hellman-group18-sha512 so it is worth investigating.

Wed, Jul 8, 8:01 AM

Tue, Jul 7

qgarnier added a comment to T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value.

With following in ssh_config for my host, it's working:
Host 192.168.xxx.xxx

KexAlgorithms diffie-hellman-group1-sha1
Tue, Jul 7, 5:09 PM
qgarnier added a comment to T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value.

Okay. So i cannot change the server (update or settings). I will try to force 'diffie-hellman-group14-sha1'. Thanks!

Tue, Jul 7, 5:05 PM
Jakuje added a comment to T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value.

This is an issue of key exchange, not ciphres. The original trace is using probably diffie-hellman-group14-sha1 and the new one diffie-hellman-group18-sha512. The error invalid DH value comes from the server so I would suggest continuing some investigation there, figuring out what it does not like on the provided DH value.

Tue, Jul 7, 5:02 PM
qgarnier created T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value.
Tue, Jul 7, 3:43 PM

Thu, Jul 2

seb128 added a comment to T235: Consider libsodium as an alternative to nacl.

@Jakuje thanks for your reply and the details, the build system doesn't really make clear than nacl is not needed when building with openssl. In regard of your explanation I don't think adding libsodium as yet another alternative is really needed so feel free to close the request. I've submitted a request to Debian now also to stop pulling nacl in their build

Thu, Jul 2, 12:43 PM
asn added a comment to T236: Disable *-cbc ciphers by default.

I agree.

Thu, Jul 2, 12:10 PM · Restricted Project

Wed, Jul 1

Jakuje created T236: Disable *-cbc ciphers by default.
Wed, Jul 1, 6:45 PM · Restricted Project

Tue, Jun 30

Jakuje added a comment to T235: Consider libsodium as an alternative to nacl.

I do not think nacl is used for anything at this moment when libssh is built against current openssl, which already supports X25519 curve for all we need. At least in Fedora, nacl is not listed as dependency of libssh at all.

Tue, Jun 30, 12:55 PM

Mon, Jun 29

seb128 created T235: Consider libsodium as an alternative to nacl.
Mon, Jun 29, 10:25 AM

Thu, Jun 25

zev333 added a comment to T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).

Sorry for delay in response.
Mentioned commit fixes problem.

Thu, Jun 25, 10:50 AM

Wed, Jun 24

ansasaki committed rLIBSSHe0c7d78a39a2: tests: Do not parse configuration file in torture_knownhosts (authored by ansasaki).
tests: Do not parse configuration file in torture_knownhosts
Wed, Jun 24, 11:42 AM
ansasaki committed rLIBSSHf10d80047c66: tests: Do not parse configuration file in torture_knownhosts (authored by ansasaki).
tests: Do not parse configuration file in torture_knownhosts
Wed, Jun 24, 11:37 AM
msimyoni added a comment to T122: Running the sftp_read test for the second time fails.
Wed, Jun 24, 9:48 AM · Restricted Project

Tue, Jun 23

ansasaki committed rLIBSSH74e162c67fca: channel: Do not return error if the server closed the channel (authored by ansasaki).
channel: Do not return error if the server closed the channel
Tue, Jun 23, 8:02 PM
ansasaki committed rLIBSSH039054ea6e62: examples: Tolerate incomplete writes in exec example (authored by ansasaki).
examples: Tolerate incomplete writes in exec example
Tue, Jun 23, 8:01 PM
ansasaki committed rLIBSSH1da78553dce8: tests: Add test for CVE-2019-14889 (authored by ansasaki).
tests: Add test for CVE-2019-14889
Tue, Jun 23, 8:01 PM
ansasaki committed rLIBSSH750e4f3f9d3e: channel: Do not return error if the server closed the channel (authored by ansasaki).
channel: Do not return error if the server closed the channel
Tue, Jun 23, 4:19 PM
ansasaki closed T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR) as Resolved by committing rLIBSSH750e4f3f9d3e: channel: Do not return error if the server closed the channel.
Tue, Jun 23, 4:19 PM

Mon, Jun 22

asn committed rLIBSSHb0518552f19f: examples: Tolerate incomplete writes in exec example (authored by ansasaki).
examples: Tolerate incomplete writes in exec example
Mon, Jun 22, 2:58 PM
asn committed rLIBSSH1694606e12d8: tests: Add test for CVE-2019-14889 (authored by ansasaki).
tests: Add test for CVE-2019-14889
Mon, Jun 22, 2:58 PM
asn committed rLIBSSHa76badf77af9: Merge SubmittingPatches and README.CodingStyle to CONTRIBUTING.md (authored by asn).
Merge SubmittingPatches and README.CodingStyle to CONTRIBUTING.md
Mon, Jun 22, 2:58 PM

Fri, Jun 19

ansasaki closed T234: SCP pull wildcard returns No such file or directory as Wontfix.

We tried to keep those wildcards working when we introduced the fix for CVE-2019-14889, but we couldn't.

Fri, Jun 19, 5:42 PM

Thu, Jun 18

ansasaki added a comment to T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).

Could you please check if the change I proposed in https://gitlab.com/libssh/libssh-mirror/-/merge_requests/122 fixes the issue for you?

Thu, Jun 18, 7:24 PM
Jakuje added a comment to T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).

Thank you for checking. It looks like I was too fast guessing the fix.

Thu, Jun 18, 4:17 PM

Tue, Jun 16

zev333 added a comment to T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).

I have tested the same code on master (245ad744b5ab0582fef7cf3905a717b791d7e08b commit). ssh_channel_read still return -1 sometimes.
I have enabled ssh debug and it looks like some timing problem. There is log part:

Tue, Jun 16, 6:46 PM

Sun, Jun 14

sansasmith9090 updated sansasmith9090.
Sun, Jun 14, 4:49 PM

Jun 10 2020

Jakuje added a comment to T234: SCP pull wildcard returns No such file or directory.

Sounds like a mitigation to some of the security issues fixed in 0.9.3. See the announcement message for more details:

Jun 10 2020, 7:40 PM
tbuerli created T234: SCP pull wildcard returns No such file or directory.
Jun 10 2020, 2:58 PM

Jun 9 2020

Jakuje updated subscribers of T233: With libssh 0.9.4 the open session hangs when the maxAuthtries is reached.

Playing a bit more with that, it looks like a version 8.7.0 returns SSH_AUTH_AGAIN from ssh_userauth_none(), even though it is in blocking mode. It is certainly not correct, but better than not returning at all. But only after a timeout, which it spends in busy-loop wait.

Jun 9 2020, 4:33 PM

Jun 8 2020

Jakuje added a comment to T233: With libssh 0.9.4 the open session hangs when the maxAuthtries is reached.

I am able to reproduce this locally. The server sends SSH_MSG_DISCONNECT to the client, but in the ssh_userauth_get_response(), this message is not accepted to terminate waiting for answer from server in ssh_auth_response_termination() so it hangs forever in the poll -- I think this is a bug in poll implementation, which should stop waiting after receiving disconnect.

Jun 8 2020, 1:10 PM
asn committed rLIBSSH245ad744b5ab: buffer: Add NULL check for 'buffer' argument (authored by asn).
buffer: Add NULL check for 'buffer' argument
Jun 8 2020, 9:49 AM
asn committed rLIBSSH10b3ebbe61a7: buffer: Reformat ssh_buffer_add_data() (authored by asn).
buffer: Reformat ssh_buffer_add_data()
Jun 8 2020, 9:49 AM
asn committed rLIBSSH533d881b0f4b: sftpserver: Add missing NULL check for ssh_buffer_new() (authored by asn).
sftpserver: Add missing NULL check for ssh_buffer_new()
Jun 8 2020, 9:49 AM
asn committed rLIBSSHc5dfc2d5cec0: buffer: Add NULL check for 'buffer' argument (authored by asn).
buffer: Add NULL check for 'buffer' argument
Jun 8 2020, 9:49 AM
asn committed rLIBSSHf760781cb8fb: buffer: Reformat ssh_buffer_add_data() (authored by asn).
buffer: Reformat ssh_buffer_add_data()
Jun 8 2020, 9:49 AM
asn committed rLIBSSH2782cb0495b7: sftpserver: Add missing return check for ssh_buffer_add_data() (authored by asn).
sftpserver: Add missing return check for ssh_buffer_add_data()
Jun 8 2020, 9:49 AM
asn committed rLIBSSHe631ebb3e224: sftpserver: Add missing NULL check for ssh_buffer_new() (authored by asn).
sftpserver: Add missing NULL check for ssh_buffer_new()
Jun 8 2020, 9:48 AM
asn committed rLIBSSH8316bf1177c3: sftpserver: Add missing return check for ssh_buffer_add_data() (authored by asn).
sftpserver: Add missing return check for ssh_buffer_add_data()
Jun 8 2020, 9:48 AM
asn closed T232: [sftpserver] NULL pointer deref as Resolved by committing rLIBSSHe631ebb3e224: sftpserver: Add missing NULL check for ssh_buffer_new().
Jun 8 2020, 9:48 AM
jjnicola created T233: With libssh 0.9.4 the open session hangs when the maxAuthtries is reached.
Jun 8 2020, 8:49 AM

Jun 4 2020

raminfp added a comment to T232: [sftpserver] NULL pointer deref.

added several check to the code.

Jun 4 2020, 8:10 AM

Jun 3 2020

raminfp created T232: [sftpserver] NULL pointer deref.
Jun 3 2020, 10:32 AM

May 25 2020

Jakuje added a comment to T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).

Right. It affects only 0.9.x versions. The above commit mentions which revision introduced this issue. The commit is already backported in the stable-0.9 branch so it will be in the next 0.9.5 release

May 25 2020, 6:56 PM
rimdenok added a comment to T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).

It is fixed in the master.

May 25 2020, 2:44 PM
Jakuje committed rLIBSSH39bb93a53b77: options: Do not reference non-existing function (authored by Jakuje).
options: Do not reference non-existing function
May 25 2020, 2:00 PM
Jakuje committed rLIBSSH866e4442b529: Removed old, 10 years unused test files (authored by Jakuje).
Removed old, 10 years unused test files
May 25 2020, 2:00 PM
Jakuje closed T227: `ssh_options_parse_config()` mentions non-existent `ssh_options_set_host()` as Resolved by committing rLIBSSH39bb93a53b77: options: Do not reference non-existing function.
May 25 2020, 2:00 PM · Restricted Project
Jakuje added a comment to T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).

Could it be a duplicate of an issue described and fixed in this commit [1]? It was also discussed in mailing list recently. Does it work with current master?

May 25 2020, 12:44 PM

May 22 2020

rimdenok updated the task description for T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).
May 22 2020, 5:34 PM
rimdenok updated the task description for T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).
May 22 2020, 3:43 PM
rimdenok renamed T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR) from ssh_channel_read() incorrectly returns SSH_ERROR to ssh_channel_read() incorrectly returns -1 (SSH_ERROR).
May 22 2020, 3:43 PM
rimdenok updated the task description for T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).
May 22 2020, 3:39 PM
rimdenok created T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).
May 22 2020, 3:38 PM

May 21 2020

Jakuje claimed T227: `ssh_options_parse_config()` mentions non-existent `ssh_options_set_host()`.
May 21 2020, 1:30 PM · Restricted Project
Jakuje closed T223: libssh crashes when ecdsa pkcs #11 private keys are imported without importing ecdsa pkcs #11 public keys as Resolved.

Merged as 4e4711d2 and friends.

May 21 2020, 11:51 AM · Restricted Project
Jakuje closed T225: Missing #include makes that compiling example fails as Resolved.

Fixed in previously mentioned commits.

May 21 2020, 11:29 AM · Restricted Project

May 20 2020

sahanaprasad07 committed rLIBSSH4e4711d2fbe7: unittests: updates torture_pki_ecdsa_uri test by adding negative test cases to… (authored by sahanaprasad07).
unittests: updates torture_pki_ecdsa_uri test by adding negative test cases to…
May 20 2020, 1:59 PM
sahanaprasad07 committed rLIBSSH7de9722d23c4: src/pki_crypto.c pki_publickey_to_blob() should not be used to export public… (authored by sahanaprasad07).
src/pki_crypto.c pki_publickey_to_blob() should not be used to export public…
May 20 2020, 1:59 PM
sahanaprasad07 committed rLIBSSH7eb6c7ee6c16: tests/torture.c: update the definition of torture_setup_tokens() to take… (authored by sahanaprasad07).
tests/torture.c: update the definition of torture_setup_tokens() to take…
May 20 2020, 1:59 PM
sahanaprasad07 committed rLIBSSHd3f7b64579a2: tests/pkcs11/setup-softhsm-tokens.sh: updates the script to handle LOADPUBLIC… (authored by sahanaprasad07).
tests/pkcs11/setup-softhsm-tokens.sh: updates the script to handle LOADPUBLIC…
May 20 2020, 1:59 PM

May 15 2020

asn committed rLIBSSH641a80be7463: cmake: add _POSIX_SOURCE (authored by davidwed).
cmake: add _POSIX_SOURCE
May 15 2020, 7:26 PM
asn closed T228: Access violation with MinGW-W64 as Resolved by committing rLIBSSHdcc0b9d7aa09: cmake: add _POSIX_SOURCE.
May 15 2020, 7:26 PM · Restricted Project
asn committed rLIBSSHdcc0b9d7aa09: cmake: add _POSIX_SOURCE (authored by davidwed).
cmake: add _POSIX_SOURCE
May 15 2020, 7:26 PM
davidwed updated the task description for T228: Access violation with MinGW-W64.
May 15 2020, 11:09 AM · Restricted Project

May 14 2020

sahanaprasad07 added a comment to T223: libssh crashes when ecdsa pkcs #11 private keys are imported without importing ecdsa pkcs #11 public keys.

Fixed in https://gitlab.com/libssh/libssh-mirror/-/merge_requests/118

May 14 2020, 8:51 PM · Restricted Project

May 11 2020

davidwed updated the task description for T228: Access violation with MinGW-W64.
May 11 2020, 8:32 AM · Restricted Project
davidwed updated the task description for T228: Access violation with MinGW-W64.
May 11 2020, 12:36 AM · Restricted Project

May 7 2020

Jakuje closed T85: missing cipher 'none' as Resolved.

FYI, this landed as e6aee24a

May 7 2020, 6:53 PM · Restricted Project
davidwed renamed T228: Access violation with MinGW-W64 from Access violation with MinGW64 to Access violation with MinGW-W64.
May 7 2020, 4:52 PM · Restricted Project
davidwed renamed T228: Access violation with MinGW-W64 from Access violation with MinGW to Access violation with MinGW64.
May 7 2020, 4:49 PM · Restricted Project
asn committed rLIBSSHb1bbd20dfa8a: cmake: Add autogenerated libssh_version.h (authored by Heiko Thiery <heiko.thiery@gmail.com>).
cmake: Add autogenerated libssh_version.h
May 7 2020, 12:01 PM
asn committed rLIBSSHbee8ed82abbc: cmake: Add autogenerated libssh_version.h (authored by Heiko Thiery <heiko.thiery@gmail.com>).
cmake: Add autogenerated libssh_version.h
May 7 2020, 11:59 AM

May 6 2020

Jakuje triaged T230: OpenSSL memory sanity check as Wishlist priority.
May 6 2020, 11:51 AM · Restricted Project

May 5 2020

davidwed updated the task description for T228: Access violation with MinGW-W64.
May 5 2020, 3:02 PM · Restricted Project
davidwed created T228: Access violation with MinGW-W64.
May 5 2020, 2:57 PM · Restricted Project
asn committed rLIBSSH4149cebd64a9: fuzz: Avoid warnings from csbuild in fuzzers (authored by Jakuje).
fuzz: Avoid warnings from csbuild in fuzzers
May 5 2020, 2:40 PM
asn committed rLIBSSH425c02cb9437: fuzz: Add instructions for corpus creation and first corpus files (authored by Jakuje).
fuzz: Add instructions for corpus creation and first corpus files
May 5 2020, 2:40 PM
asn committed rLIBSSHad8dedd4a481: fuzz: Allow to increase log level from server fuzzer (authored by Jakuje).
fuzz: Allow to increase log level from server fuzzer
May 5 2020, 2:40 PM
asn committed rLIBSSHe26e98e59f93: fuzz: Do not parse configuration files (authored by Jakuje).
fuzz: Do not parse configuration files
May 5 2020, 2:40 PM
asn committed rLIBSSHae184db913ae: fuzz: Use none cipher and MAC (authored by Jakuje).
fuzz: Use none cipher and MAC
May 5 2020, 2:40 PM
asn committed rLIBSSHb88aa98550dc: Allow example client and server to process different configuration files (authored by Jakuje).
Allow example client and server to process different configuration files
May 5 2020, 2:40 PM
asn committed rLIBSSH08a70bb4745c: tests: Cover ssh_options_getopt with unit tests (authored by Jakuje).
tests: Cover ssh_options_getopt with unit tests
May 5 2020, 2:40 PM
asn committed rLIBSSH3d0ecd37fe6b: options: Avoid memory leaks during modification of argv (authored by Jakuje).
options: Avoid memory leaks during modification of argv
May 5 2020, 2:40 PM
asn committed rLIBSSH2e7ca3e8a6e1: options: Properly handle unknown options with arguments (authored by Jakuje).
options: Properly handle unknown options with arguments
May 5 2020, 2:39 PM
asn committed rLIBSSHb90131dfe696: tests: Verify functionality of none cipher and mac (authored by Jakuje).
tests: Verify functionality of none cipher and mac
May 5 2020, 2:39 PM
asn committed rLIBSSH4f976ce5c4a3: packet: Skip HMAC handling if none is selected (authored by Jakuje).
packet: Skip HMAC handling if none is selected
May 5 2020, 2:39 PM
asn committed rLIBSSH239eef6322d1: packet: Check if set_*_key functions exists before calling it (authored by Jakuje).
packet: Check if set_*_key functions exists before calling it
May 5 2020, 2:39 PM
asn committed rLIBSSHe6aee24a1e3b: Add basic support for none cipher and MACs (authored by Jakuje).
Add basic support for none cipher and MACs
May 5 2020, 2:39 PM
asn committed rLIBSSH201fd661767f: packet: Use temporary variables to avoid long lines (authored by Jakuje).
packet: Use temporary variables to avoid long lines
May 5 2020, 2:39 PM
asn committed rLIBSSH46499b1b9090: Drop none cipher and MAC as they are not implemented (authored by Jakuje).
Drop none cipher and MAC as they are not implemented
May 5 2020, 2:39 PM
asn committed rLIBSSH62a0229f16cd: fuzz: Simplify definition of fuzzing targets and build them also with gcc (authored by Jakuje).
fuzz: Simplify definition of fuzzing targets and build them also with gcc
May 5 2020, 2:39 PM
asn committed rLIBSSH5411e0821fdd: fuzz: Correctly sort members initialization to prevent GCC warnings (authored by Jakuje).
fuzz: Correctly sort members initialization to prevent GCC warnings
May 5 2020, 2:39 PM
asn committed rLIBSSH44de453b2271: tests: Enable all CASignatureAlgorithms as SHA1 certificates are now disabled… (authored by Jakuje).
tests: Enable all CASignatureAlgorithms as SHA1 certificates are now disabled…
May 5 2020, 2:39 PM
asn committed rLIBSSH7c2087589122: pki: Mark explicit fall through (authored by Jakuje).
pki: Mark explicit fall through
May 5 2020, 2:39 PM
asn committed rLIBSSH0c7a772301cb: external: Do not confuse new gcc (authored by Jakuje).
external: Do not confuse new gcc
May 5 2020, 2:39 PM
asn committed rLIBSSHc45cfce166f3: client: Properly indicate fall through (authored by Jakuje).
client: Properly indicate fall through
May 5 2020, 2:39 PM
asn committed rLIBSSH929a6b7d501b: pki: Mark explicit fall through (authored by Jakuje).
pki: Mark explicit fall through
May 5 2020, 2:39 PM