SSH Conections being dropped.

Scott Wares swares at qwest.com
Sat Mar 24 04:10:45 EST 2001 

I have removed the old version already.  I had hoped that would take care
of the problem.  But I am still experiencing this error even though I'm
using OpenSSH_2.5.2p1 only.

Scott Wares, Unix SysAdmin
Tier II, Desktop Support
303-707-5479, swares at qwest.com


On Fri, 23 Mar 2001, Austin Gonyou wrote:

> Did you look at the faq page on the openssh.com site? Here is what you
> might be experiencing:
> ----------Begin FAQ Info-----------
> 2.3 - Why does SSH 2.3 have problems interoperating with OpenSSH 2.1.1?
> 
> SSH 2.3 and earlier versions contain a flaw in their HMAC implementation.
> Their code was not supplying the full data block output from the digest,
> and instead always provided 128 bits. For longer digests, this caused SSH
> 2.3 to not interoperate with OpenSSH.
> 
> OpenSSH 2.2.0 detects that SSH 2.3 has this flaw. Future versions of SSH
> will have this bug fixed. Or you can add the following to ssh 2.3's
> /etc/sshd_config.
> 
> Mac hmac-md5
> 
> In addition to the flawed HMAC implementation, problems in interoperation
> have been seen due to OpenSSH not yet supporting the option of rekeying.
> However SSH 2.3 tries to negotiate this feature, and you might experience
> connection freezes or see the error message "Dispatch protocol error: type
> 20". To solve this problem, either upgrade to SSH 2.4 or disable rekeying
> by adding the following to your commercial SSH 2.3's sshd_config.
> 
> RekeyIntervalSeconds 0
> 
> ----------End FAQ Info---------
> 
> 
> Hope this helps.
> -- 
> Austin Gonyou
> Systems Architect
> Coremetrics, Inc.
> Phone: 512-796-9023
> email: austin at coremetrics.com
> 
> On Fri, 23 Mar 2001, Scott Wares wrote:
> 
> > We are having problems with SSH shells disconnecting.
> >
> > We are replacing a older version of SSH (Non-Comercial Version which some
> > one installed in error, but it was working fine.) & Had been running
> > OpenSSH 2.3.0p? which had similar problems, some of the errors I was
> > seeing went away with OpenSSH 2.5.2.p1.
> >
> > compiled against openssl-0.9.6, with SUNWspro & GCC281 on Solaris 2.8 &
> > Solaris 2.6, both have the same problem.
> >
> > 133$ uname -a
> > SunOS dtadmin 5.8 Generic_108528-03 sun4u sparc SUNW,Ultra-250
> >
> > 134$ showrev -p | wc -l
> >      218
> >
> > Mar 22 09:29:24 dtadmin sshd[11783]: [ID 800047 auth.error] error: Hm,
> > dispatch protocol error: type 30 plen 132
> > Mar 22 10:30:25 dtadmin sshd[17083]: [ID 800047 auth.error] error: Hm,
> > dispatch protocol error: type 20 plen 136
> > Mar 22 10:30:25 dtadmin sshd[17083]: [ID 800047 auth.crit]
> > fatal: dispatch_protocol_error: rekeying is not supported
> >
> > 265$ ssh -v dtadmin
> > OpenSSH_2.5.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
> > debug1: Seeded RNG with 39 bytes from programs
> > debug1: Seeded RNG with 3 bytes from system calls
> > debug1: Rhosts Authentication disabled, originating port will not be
> > trusted.
> > debug1: ssh_connect: getuid 6400 geteuid 0 anon 1
> > debug1: Connecting to dtadmin [151.119.10.106] port 22.
> > debug1: Connection established.
> > debug1: identity file /home/user42/swares/.ssh/identity type 0
> > debug1: unknown identity file /home/user42/swares/.ssh/id_rsa
> > debug1: identity file /home/user42/swares/.ssh/id_rsa type -1
> > debug1: unknown identity file /home/user42/swares/.ssh/id_dsa
> > debug1: identity file /home/user42/swares/.ssh/id_dsa type -1
> > debug1: Remote protocol version 2.0, remote software version
> > OpenSSH_2.5.2p1
> > debug1: match: OpenSSH_2.5.2p1 pat ^OpenSSH
> > Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_2.5.2p1
> > debug1: send KEXINIT
> > debug1: done
> > debug1: wait KEXINIT
> > debug1: got
> > kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> > debug1: got kexinit: ssh-dss
> > debug1: got
> > kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
> > debug1: got
> > kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
> > debug1: got
> > kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> > debug1: got
> > kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> > debug1: got kexinit: none,zlib
> > debug1: got kexinit: none,zlib
> > debug1: got kexinit:
> > debug1: got kexinit:
> > debug1: first kex follow: 0
> > debug1: reserved: 0
> > debug1: done
> > debug1: kex: server->client aes128-cbc hmac-md5 none
> > debug1: kex: client->server aes128-cbc hmac-md5 none
> > debug1: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
> > debug1: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
> > debug1: Got SSH2_MSG_KEX_DH_GEX_GROUP.
> > debug1: dh_gen_key: priv key bits set: 133/256
> > debug1: bits set: 998/2049
> > debug1: Sending SSH2_MSG_KEX_DH_GEX_INIT.
> > debug1: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
> > debug1: Got SSH2_MSG_KEXDH_REPLY.
> > debug1: Host 'dtadmin' is known and matches the DSA host key.
> > debug1: Found key in /home/user42/swares/.ssh/known_hosts2:1
> > debug1: bits set: 1018/2049
> > debug1: len 55 datafellows 0
> > debug1: ssh_dss_verify: signature correct
> > debug1: Wait SSH2_MSG_NEWKEYS.
> > debug1: GOT SSH2_MSG_NEWKEYS.
> > debug1: send SSH2_MSG_NEWKEYS.
> > debug1: done: send SSH2_MSG_NEWKEYS.
> > debug1: done: KEX2.
> > debug1: send SSH2_MSG_SERVICE_REQUEST
> > debug1: service_accept: ssh-userauth
> > debug1: got SSH2_MSG_SERVICE_ACCEPT
> > debug1: authentications that can
> > continue: publickey,password,keyboard-interactive
> > debug1: next auth method to try is publickey
> > debug1: try privkey: /home/user42/swares/.ssh/id_rsa
> > debug1: try privkey: /home/user42/swares/.ssh/id_dsa
> > debug1: next auth method to try is password
> > swares at dtadmin's password:
> > debug1: ssh-userauth2 successful: method password
> > debug1: channel 0: new [client-session]
> > debug1: send channel open 0
> > debug1: Entering interactive session.
> > debug1: client_init id 0 arg 0
> > debug1: channel request 0: shell
> > debug1: channel 0: open confirm rwindow 0 rmax 16384
> >
> > Scott Wares, Unix SysAdmin
> > Tier II, Desktop Support
> > 303-707-5479, swares at qwest.com
> >
> >
> 
> 
>

More information about the openssh-unix-dev mailing list