Page MenuHomePhabricator
Feed All Stories

Yesterday

Lakkan assigned T241: ssh_channel_request_exec is failed. to 4risu.
Tue, Aug 4, 7:25 PM · Restricted Project
Lakkan added a comment to T241: ssh_channel_request_exec is failed..

Error message is shown in the picture below.

Tue, Aug 4, 7:19 PM · Restricted Project
Lakkan added a project to T241: ssh_channel_request_exec is failed.: Restricted Project.
Tue, Aug 4, 7:18 PM · Restricted Project
Lakkan updated the task description for T241: ssh_channel_request_exec is failed..
Tue, Aug 4, 7:09 PM · Restricted Project
Lakkan updated the task description for T241: ssh_channel_request_exec is failed..
Tue, Aug 4, 6:59 PM · Restricted Project
Lakkan updated the task description for T241: ssh_channel_request_exec is failed..
Tue, Aug 4, 6:47 PM · Restricted Project
Lakkan added a comment to T241: ssh_channel_request_exec is failed..
Tue, Aug 4, 6:41 PM · Restricted Project
Lakkan updated the task description for T241: ssh_channel_request_exec is failed..
Tue, Aug 4, 6:38 PM · Restricted Project
Lakkan updated the task description for T241: ssh_channel_request_exec is failed..
Tue, Aug 4, 6:36 PM · Restricted Project
Lakkan updated the task description for T241: ssh_channel_request_exec is failed..
Tue, Aug 4, 6:34 PM · Restricted Project
Lakkan updated the task description for T241: ssh_channel_request_exec is failed..
Tue, Aug 4, 6:33 PM · Restricted Project
Lakkan updated the task description for T241: ssh_channel_request_exec is failed..
Tue, Aug 4, 6:33 PM · Restricted Project
Lakkan created T241: ssh_channel_request_exec is failed..
Tue, Aug 4, 6:31 PM · Restricted Project

Thu, Jul 23

CBockelmann added a comment to T161: Implement certificate key types for hostkeys.

We are currently trying to get x2go running with a teleport (https://gravitational.com/teleport) based bastion host. Teleport issues host as well as user certificates, which currently blocks x2go usage through the bastion host.

Thu, Jul 23, 1:29 PM · Restricted Project

Thu, Jul 16

asn committed rLIBSSH7aad964cef39: tests: Add test case for T191 (authored by ansasaki).
tests: Add test case for T191
Thu, Jul 16, 1:25 PM
asn committed rLIBSSH3e23fb8a24d1: tests: Add a test case for T75 (authored by ansasaki).
tests: Add a test case for T75
Thu, Jul 16, 1:25 PM
asn closed T240: Create test case for T191 as Resolved by committing rLIBSSH7aad964cef39: tests: Add test case for T191.
Thu, Jul 16, 1:25 PM · Restricted Project
asn committed rLIBSSH90e56df74e30: Disable *-cbc ciphers by default (authored by Jakuje).
Disable *-cbc ciphers by default
Thu, Jul 16, 1:24 PM
asn closed T239: Create test case for T75 as Resolved by committing rLIBSSH3e23fb8a24d1: tests: Add a test case for T75.
Thu, Jul 16, 1:24 PM · Restricted Project
asn closed T236: Disable *-cbc ciphers by default as Resolved by committing rLIBSSH90e56df74e30: Disable *-cbc ciphers by default.
Thu, Jul 16, 1:24 PM · Restricted Project
asn committed rLIBSSHdcae43fa6bf0: misc: Do not confuse client/server in debug messages (authored by Jakuje).
misc: Do not confuse client/server in debug messages
Thu, Jul 16, 1:24 PM
asn committed rLIBSSH906cc7e7e950: pki: Avoid memory leak on invalid curve NID (authored by Jakuje).
pki: Avoid memory leak on invalid curve NID
Thu, Jul 16, 1:24 PM
asn committed rLIBSSHf85464b9002c: packet: Fix unterminated brace and better context name in debug message (authored by Jakuje).
packet: Fix unterminated brace and better context name in debug message
Thu, Jul 16, 1:24 PM

Wed, Jul 15

Jakuje closed T235: Consider libsodium as an alternative to nacl as Resolved.

No problem. I had to check how is this used in libssh myself as I never looked into this before.

Wed, Jul 15, 9:18 PM · Restricted Project
Jakuje added a project to T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value: Restricted Project.
Wed, Jul 15, 9:04 PM · Restricted Project
ansasaki triaged T240: Create test case for T191 as Normal priority.
Wed, Jul 15, 12:41 PM · Restricted Project
ansasaki created T240: Create test case for T191.
Wed, Jul 15, 11:51 AM · Restricted Project

Tue, Jul 14

ansasaki triaged T239: Create test case for T75 as Normal priority.
Tue, Jul 14, 4:47 PM · Restricted Project
matick created T238: "ssh_init" and "ssh_finalize" leaks memory.
Tue, Jul 14, 3:23 PM · Restricted Project

Sat, Jul 11

Jakuje added a comment to T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value.

We test interoperability with OpenSSH so our implementation is compatible with OpenSSH one. So either we both are wrong or the srtSSHServer_11.00 is wrong. I would recommend you either check the server side for more logs or errors and/or contact the vendor/support of the server that you have this issue. It should be trivial for them to reproduce/debug the issue as libssh and openssh are opensource and they can reliably reproduce the issue. From just this log, we can hardly guess what the blackbox server does not like on this key exchange method implementation.

Sat, Jul 11, 10:09 AM · Restricted Project

Thu, Jul 9

qgarnier added a comment to T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value.

Here the debug. It seems OpenSSH has the same issue.

Thu, Jul 9, 11:43 AM · Restricted Project

Wed, Jul 8

Jakuje added a comment to T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value.

Thanks for confirmation. Even though you can not change the server settings, there might be something useful in the logs pointing out what is the issue. It could be bug in srtSSHServer implementation or libssh implementation of the new diffie-hellman-group18-sha512 so it is worth investigating.

Wed, Jul 8, 8:01 AM · Restricted Project

Tue, Jul 7

qgarnier added a comment to T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value.

With following in ssh_config for my host, it's working:
Host 192.168.xxx.xxx

KexAlgorithms diffie-hellman-group1-sha1
Tue, Jul 7, 5:09 PM · Restricted Project
qgarnier added a comment to T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value.

Okay. So i cannot change the server (update or settings). I will try to force 'diffie-hellman-group14-sha1'. Thanks!

Tue, Jul 7, 5:05 PM · Restricted Project
Jakuje added a comment to T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value.

This is an issue of key exchange, not ciphres. The original trace is using probably diffie-hellman-group14-sha1 and the new one diffie-hellman-group18-sha512. The error invalid DH value comes from the server so I would suggest continuing some investigation there, figuring out what it does not like on the provided DH value.

Tue, Jul 7, 5:02 PM · Restricted Project
qgarnier created T237: ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 3:invalid DH value.
Tue, Jul 7, 3:43 PM · Restricted Project

Jul 2 2020

seb128 added a comment to T235: Consider libsodium as an alternative to nacl.

@Jakuje thanks for your reply and the details, the build system doesn't really make clear than nacl is not needed when building with openssl. In regard of your explanation I don't think adding libsodium as yet another alternative is really needed so feel free to close the request. I've submitted a request to Debian now also to stop pulling nacl in their build

Jul 2 2020, 12:43 PM · Restricted Project
asn added a comment to T236: Disable *-cbc ciphers by default.

I agree.

Jul 2 2020, 12:10 PM · Restricted Project

Jul 1 2020

Jakuje created T236: Disable *-cbc ciphers by default.
Jul 1 2020, 6:45 PM · Restricted Project

Jun 30 2020

Jakuje added a comment to T235: Consider libsodium as an alternative to nacl.

I do not think nacl is used for anything at this moment when libssh is built against current openssl, which already supports X25519 curve for all we need. At least in Fedora, nacl is not listed as dependency of libssh at all.

Jun 30 2020, 12:55 PM · Restricted Project

Jun 29 2020

seb128 created T235: Consider libsodium as an alternative to nacl.
Jun 29 2020, 10:25 AM · Restricted Project

Jun 25 2020

zev333 added a comment to T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).

Sorry for delay in response.
Mentioned commit fixes problem.

Jun 25 2020, 10:50 AM

Jun 24 2020

ansasaki committed rLIBSSHe0c7d78a39a2: tests: Do not parse configuration file in torture_knownhosts (authored by ansasaki).
tests: Do not parse configuration file in torture_knownhosts
Jun 24 2020, 11:42 AM
ansasaki committed rLIBSSHf10d80047c66: tests: Do not parse configuration file in torture_knownhosts (authored by ansasaki).
tests: Do not parse configuration file in torture_knownhosts
Jun 24 2020, 11:37 AM
msimyoni added a comment to T122: Running the sftp_read test for the second time fails.
Jun 24 2020, 9:48 AM · Restricted Project

Jun 23 2020

ansasaki committed rLIBSSH74e162c67fca: channel: Do not return error if the server closed the channel (authored by ansasaki).
channel: Do not return error if the server closed the channel
Jun 23 2020, 8:02 PM
ansasaki committed rLIBSSH039054ea6e62: examples: Tolerate incomplete writes in exec example (authored by ansasaki).
examples: Tolerate incomplete writes in exec example
Jun 23 2020, 8:01 PM
ansasaki committed rLIBSSH1da78553dce8: tests: Add test for CVE-2019-14889 (authored by ansasaki).
tests: Add test for CVE-2019-14889
Jun 23 2020, 8:01 PM
ansasaki committed rLIBSSH750e4f3f9d3e: channel: Do not return error if the server closed the channel (authored by ansasaki).
channel: Do not return error if the server closed the channel
Jun 23 2020, 4:19 PM
ansasaki closed T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR) as Resolved by committing rLIBSSH750e4f3f9d3e: channel: Do not return error if the server closed the channel.
Jun 23 2020, 4:19 PM

Jun 22 2020

asn committed rLIBSSHb0518552f19f: examples: Tolerate incomplete writes in exec example (authored by ansasaki).
examples: Tolerate incomplete writes in exec example
Jun 22 2020, 2:58 PM
asn committed rLIBSSH1694606e12d8: tests: Add test for CVE-2019-14889 (authored by ansasaki).
tests: Add test for CVE-2019-14889
Jun 22 2020, 2:58 PM
asn committed rLIBSSHa76badf77af9: Merge SubmittingPatches and README.CodingStyle to CONTRIBUTING.md (authored by asn).
Merge SubmittingPatches and README.CodingStyle to CONTRIBUTING.md
Jun 22 2020, 2:58 PM

Jun 19 2020

ansasaki closed T234: SCP pull wildcard returns No such file or directory as Wontfix.

We tried to keep those wildcards working when we introduced the fix for CVE-2019-14889, but we couldn't.

Jun 19 2020, 5:42 PM

Jun 18 2020

ansasaki added a comment to T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).

Could you please check if the change I proposed in https://gitlab.com/libssh/libssh-mirror/-/merge_requests/122 fixes the issue for you?

Jun 18 2020, 7:24 PM
Jakuje added a comment to T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).

Thank you for checking. It looks like I was too fast guessing the fix.

Jun 18 2020, 4:17 PM

Jun 16 2020

zev333 added a comment to T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).

I have tested the same code on master (245ad744b5ab0582fef7cf3905a717b791d7e08b commit). ssh_channel_read still return -1 sometimes.
I have enabled ssh debug and it looks like some timing problem. There is log part:

Jun 16 2020, 6:46 PM

Jun 14 2020

sansasmith9090 updated sansasmith9090.
Jun 14 2020, 4:49 PM

Jun 10 2020

Jakuje added a comment to T234: SCP pull wildcard returns No such file or directory.

Sounds like a mitigation to some of the security issues fixed in 0.9.3. See the announcement message for more details:

Jun 10 2020, 7:40 PM
tbuerli created T234: SCP pull wildcard returns No such file or directory.
Jun 10 2020, 2:58 PM

Jun 9 2020

Jakuje updated subscribers of T233: With libssh 0.9.4 the open session hangs when the maxAuthtries is reached.

Playing a bit more with that, it looks like a version 8.7.0 returns SSH_AUTH_AGAIN from ssh_userauth_none(), even though it is in blocking mode. It is certainly not correct, but better than not returning at all. But only after a timeout, which it spends in busy-loop wait.

Jun 9 2020, 4:33 PM

Jun 8 2020

Jakuje added a comment to T233: With libssh 0.9.4 the open session hangs when the maxAuthtries is reached.

I am able to reproduce this locally. The server sends SSH_MSG_DISCONNECT to the client, but in the ssh_userauth_get_response(), this message is not accepted to terminate waiting for answer from server in ssh_auth_response_termination() so it hangs forever in the poll -- I think this is a bug in poll implementation, which should stop waiting after receiving disconnect.

Jun 8 2020, 1:10 PM
asn committed rLIBSSH245ad744b5ab: buffer: Add NULL check for 'buffer' argument (authored by asn).
buffer: Add NULL check for 'buffer' argument
Jun 8 2020, 9:49 AM
asn committed rLIBSSH10b3ebbe61a7: buffer: Reformat ssh_buffer_add_data() (authored by asn).
buffer: Reformat ssh_buffer_add_data()
Jun 8 2020, 9:49 AM
asn committed rLIBSSH533d881b0f4b: sftpserver: Add missing NULL check for ssh_buffer_new() (authored by asn).
sftpserver: Add missing NULL check for ssh_buffer_new()
Jun 8 2020, 9:49 AM
asn committed rLIBSSHc5dfc2d5cec0: buffer: Add NULL check for 'buffer' argument (authored by asn).
buffer: Add NULL check for 'buffer' argument
Jun 8 2020, 9:49 AM
asn committed rLIBSSHf760781cb8fb: buffer: Reformat ssh_buffer_add_data() (authored by asn).
buffer: Reformat ssh_buffer_add_data()
Jun 8 2020, 9:49 AM
asn committed rLIBSSH2782cb0495b7: sftpserver: Add missing return check for ssh_buffer_add_data() (authored by asn).
sftpserver: Add missing return check for ssh_buffer_add_data()
Jun 8 2020, 9:49 AM
asn committed rLIBSSHe631ebb3e224: sftpserver: Add missing NULL check for ssh_buffer_new() (authored by asn).
sftpserver: Add missing NULL check for ssh_buffer_new()
Jun 8 2020, 9:48 AM
asn committed rLIBSSH8316bf1177c3: sftpserver: Add missing return check for ssh_buffer_add_data() (authored by asn).
sftpserver: Add missing return check for ssh_buffer_add_data()
Jun 8 2020, 9:48 AM
asn closed T232: [sftpserver] NULL pointer deref as Resolved by committing rLIBSSHe631ebb3e224: sftpserver: Add missing NULL check for ssh_buffer_new().
Jun 8 2020, 9:48 AM
jjnicola created T233: With libssh 0.9.4 the open session hangs when the maxAuthtries is reached.
Jun 8 2020, 8:49 AM

Jun 4 2020

raminfp added a comment to T232: [sftpserver] NULL pointer deref.

added several check to the code.

Jun 4 2020, 8:10 AM

Jun 3 2020

raminfp created T232: [sftpserver] NULL pointer deref.
Jun 3 2020, 10:32 AM

May 25 2020

Jakuje added a comment to T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).

Right. It affects only 0.9.x versions. The above commit mentions which revision introduced this issue. The commit is already backported in the stable-0.9 branch so it will be in the next 0.9.5 release

May 25 2020, 6:56 PM
rimdenok added a comment to T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).

It is fixed in the master.

May 25 2020, 2:44 PM
Jakuje committed rLIBSSH39bb93a53b77: options: Do not reference non-existing function (authored by Jakuje).
options: Do not reference non-existing function
May 25 2020, 2:00 PM
Jakuje committed rLIBSSH866e4442b529: Removed old, 10 years unused test files (authored by Jakuje).
Removed old, 10 years unused test files
May 25 2020, 2:00 PM
Jakuje closed T227: `ssh_options_parse_config()` mentions non-existent `ssh_options_set_host()` as Resolved by committing rLIBSSH39bb93a53b77: options: Do not reference non-existing function.
May 25 2020, 2:00 PM · Restricted Project
Jakuje added a comment to T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).

Could it be a duplicate of an issue described and fixed in this commit [1]? It was also discussed in mailing list recently. Does it work with current master?

May 25 2020, 12:44 PM

May 22 2020

rimdenok updated the task description for T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).
May 22 2020, 5:34 PM
rimdenok updated the task description for T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).
May 22 2020, 3:43 PM
rimdenok renamed T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR) from ssh_channel_read() incorrectly returns SSH_ERROR to ssh_channel_read() incorrectly returns -1 (SSH_ERROR).
May 22 2020, 3:43 PM
rimdenok updated the task description for T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).
May 22 2020, 3:39 PM
rimdenok created T231: ssh_channel_read() incorrectly returns -1 (SSH_ERROR).
May 22 2020, 3:38 PM

May 21 2020

Jakuje claimed T227: `ssh_options_parse_config()` mentions non-existent `ssh_options_set_host()`.
May 21 2020, 1:30 PM · Restricted Project
Jakuje closed T223: libssh crashes when ecdsa pkcs #11 private keys are imported without importing ecdsa pkcs #11 public keys as Resolved.

Merged as 4e4711d2 and friends.

May 21 2020, 11:51 AM · Restricted Project
Jakuje closed T225: Missing #include makes that compiling example fails as Resolved.

Fixed in previously mentioned commits.

May 21 2020, 11:29 AM · Restricted Project

May 20 2020

sahanaprasad07 committed rLIBSSH4e4711d2fbe7: unittests: updates torture_pki_ecdsa_uri test by adding negative test cases to… (authored by sahanaprasad07).
unittests: updates torture_pki_ecdsa_uri test by adding negative test cases to…
May 20 2020, 1:59 PM
sahanaprasad07 committed rLIBSSH7de9722d23c4: src/pki_crypto.c pki_publickey_to_blob() should not be used to export public… (authored by sahanaprasad07).
src/pki_crypto.c pki_publickey_to_blob() should not be used to export public…
May 20 2020, 1:59 PM
sahanaprasad07 committed rLIBSSH7eb6c7ee6c16: tests/torture.c: update the definition of torture_setup_tokens() to take… (authored by sahanaprasad07).
tests/torture.c: update the definition of torture_setup_tokens() to take…
May 20 2020, 1:59 PM
sahanaprasad07 committed rLIBSSHd3f7b64579a2: tests/pkcs11/setup-softhsm-tokens.sh: updates the script to handle LOADPUBLIC… (authored by sahanaprasad07).
tests/pkcs11/setup-softhsm-tokens.sh: updates the script to handle LOADPUBLIC…
May 20 2020, 1:59 PM

May 15 2020

asn committed rLIBSSH641a80be7463: cmake: add _POSIX_SOURCE (authored by davidwed).
cmake: add _POSIX_SOURCE
May 15 2020, 7:26 PM
asn closed T228: Access violation with MinGW-W64 as Resolved by committing rLIBSSHdcc0b9d7aa09: cmake: add _POSIX_SOURCE.
May 15 2020, 7:26 PM · Restricted Project
asn committed rLIBSSHdcc0b9d7aa09: cmake: add _POSIX_SOURCE (authored by davidwed).
cmake: add _POSIX_SOURCE
May 15 2020, 7:26 PM
davidwed updated the task description for T228: Access violation with MinGW-W64.
May 15 2020, 11:09 AM · Restricted Project

May 14 2020

sahanaprasad07 added a comment to T223: libssh crashes when ecdsa pkcs #11 private keys are imported without importing ecdsa pkcs #11 public keys.

Fixed in https://gitlab.com/libssh/libssh-mirror/-/merge_requests/118

May 14 2020, 8:51 PM · Restricted Project

May 11 2020

davidwed updated the task description for T228: Access violation with MinGW-W64.
May 11 2020, 8:32 AM · Restricted Project
davidwed updated the task description for T228: Access violation with MinGW-W64.
May 11 2020, 12:36 AM · Restricted Project

May 7 2020

Jakuje closed T85: missing cipher 'none' as Resolved.

FYI, this landed as e6aee24a

May 7 2020, 6:53 PM · Restricted Project