stuicey
Error connecting to Debian / OpenSSH 7.4
Trying to connect to a Debian 9.13 server, SSHy just shows WebSocket connection failed: Error in connection establishment: code 1005 in the terminal window. It doesn't make a difference whether a correct or invalid username/password is given.
The browser console shows:
so it appears that something went wrong during DH exchange.
Running the server in debug mode (/usr/sbin/sshd -ddd -p 99 and connect to port 99), the server shows:
sh-4.4# /usr/sbin/sshd -ddd -p 99
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 275
debug2: parse_server_config: config /etc/ssh/sshd_config len 275
debug3: /etc/ssh/sshd_config:61 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:84 setting UsePAM yes
debug3: /etc/ssh/sshd_config:88 setting GatewayPorts yes
debug3: /etc/ssh/sshd_config:89 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:93 setting PrintMotd no
debug3: /etc/ssh/sshd_config:113 setting AcceptEnv LANG LC_*
debug3: /etc/ssh/sshd_config:116 setting Subsystem sftp /usr/lib/openssh/sftp-server
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2u 20 Dec 2019
debug1: private host key #0: ssh-rsa SHA256:AAzT984aD0JhEOUC4cYjuC22IWEhmzQT4burzFHFOv0
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:AuqxsTzwaC2OWRHyysPLhIqo24AX5Z3GI753EW3ZwHg
debug1: private host key #2: ssh-ed25519 SHA256:U70HBHIOQCKd07RtkNF1Zp3MDjKZaeotXJ8HFPafhtU
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='99'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 99 on 0.0.0.0.
Server listening on 0.0.0.0 port 99.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 99 on ::.
Server listening on :: port 99.
-----
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 275
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from x.x.x.x port 54782 on y.y.y.y port 99
debug1: Client protocol version 2.0; client software version SSHyClient
debug1: no match: SSHyClient
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
debug1: Enabling compatibility mode for protocol 2.0
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 13729
debug3: preauth child monitor started
debug3: privsep user:group 102:65534 [preauth]
debug1: permanently_set_uid: 102/65534 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,[email protected] [preauth]
debug2: compression stoc: none,[email protected] [preauth]
debug2: languages ctos: [preauth]
debug2: languages stoc: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha256,diffie-hellman-group1-sha1 [preauth]
debug2: host key algorithms: ssh-rsa [preauth]
debug2: ciphers ctos: aes128-ctr [preauth]
debug2: ciphers stoc: aes128-ctr [preauth]
debug2: MACs ctos: hmac-sha2-256,hmac-sha1 [preauth]
debug2: MACs stoc: hmac-sha2-256,hmac-sha1 [preauth]
debug2: compression ctos: none [preauth]
debug2: compression stoc: none [preauth]
debug2: languages ctos: [preauth]
debug2: languages stoc: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
debug1: kex: host key algorithm: ssh-rsa [preauth]
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth]
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth]
debug3: receive packet: type 34 [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
debug3: mm_request_send entering: type 0 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 2048 2048 8192
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth]
debug3: mm_request_receive_expect entering: type 1 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_choose_dh: remaining 0 [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
debug3: send packet: type 31 [preauth]
debug2: bits set: 1028/2048 [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
debug3: receive packet: type 32 [preauth]
debug2: bits set: 997/2048 [preauth]
debug3: mm_key_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: hostkey proof signature 0x5616450b5d00(271)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: send packet: type 33 [preauth]
debug3: send packet: type 21 [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: rekey after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug3: receive packet: type 1 [preauth]
ssh_dispatch_run_fatal: Connection from x.x.x.x port 54782: incomplete message [preauth]
debug1: do_cleanup [preauth]
debug3: PAM: sshpam_thread_cleanup entering [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 13729
debug1: audit_event: unhandled event 12
sh-4.4#
It would be good to improve the error handling in this situation (#39) to give a more meaningful error, as well as actually fixing the issue.
Looks like something might have gone wrong in KEX since the client is forcing a disconnection debug3: receive packet: type 1 [preauth]
Probably easier to debug if you can provide the client's side by adding:
console.log(data.toString()); to https://github.com/stuicey/SSHy/blob/master/js/parceler.js#L29
&&
console.log(r.toString()); to https://github.com/stuicey/SSHy/blob/master/js/parceler.js#L65
I added a few console logs of my own.
function verifyKey(host_key, sig){
var rsa = new SSHyClient.RSAKey(new SSHyClient.Message(host_key));
console.log("Made RSAKey");
if(!rsa.verify(SSHyClient.kex.H, new SSHyClient.Message(sig))){
console.log("Key verify failed");
transport.disconnect();
throw 'RSA signature verification failed, disconnecting.';
}
}
Result:
this.SHAVersion = SHA-256
combinedLibs.comb.js:345 Made RSAKey
combinedLibs.comb.js:345 Key verify failed
It seems that the transport.disconnect is raising an error, before throw 'RSA signature verification failed, disconnecting.' has a chance to run.
I can tell you off-list the hostname of the server I'm connecting to, if you want to try it for yourself. It's on the Internet.
Note: I am having the same issue with Ubuntu 20.04 connecting to a RHEL server... I tried connecting through the server manually and received an error saying that it was trying to request diffie-hellman-group1 algorithm. I enabled that globally in the /etc/ssh/ssh_config using KexAlgorithms=+diffie-hellman-group1-sha1 and was able to connect directly but not through SSHy.
I believe this is an error when trying to connect to an antiquated server that is not on the latest SSH version. I say this because I can connect to other servers fine but the one I am having trouble with is very old and has not been updated in a minute.
@candlerb is your distant server running the latest SSH version?
$ dpkg-query -l openssh-server
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-===============================-====================-====================-====================================================================
ii openssh-server 1:7.4p1-10+deb9u7 amd64 secure shell (SSH) server, for secure access from remote machines
And when logged onto that machine:
$ ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
[email protected]