Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RomSShell hangs waiting for NEWKEYS #46

Open
briandfoy opened this issue Jul 10, 2023 · 2 comments
Open

RomSShell hangs waiting for NEWKEYS #46

briandfoy opened this issue Jul 10, 2023 · 2 comments
Labels
imported from rt.cpan.org Priority: high work on this first RT: checked Verified the RT import Status: has fix in RT The original RT queue has a fix

Comments

@briandfoy
Copy link
Owner

briandfoy commented Jul 10, 2023
edited

This ticket was imported from rt.cpan.org 100295

In regards to Net::SSH::Perl 1.38:

It appears as though connections to RomSShell 4.31 hang due to a deadlock condition wherein each side is waiting for the other to send a NEWKEYS message. I considered just reversing the sequence in the code for all connections but wasn't sure if that would work for all other servers. So instead I created a COMPAT entry as below to deal with the issue.

Unfortunately once I get past this I still cannot actually execute commands on that server because of "Channel open failure: 1: reason 4: Support is limited to one channel". But that's a different beast (and my immediate needs only needed the connection so it worked for me).

Cheers,

Dan Ragle

Here are the changes for the NEWKEYS swap:

--- SSHORIG/Perl/Constants.pm   2013-08-09 16:54:24.000000000 -0400
+++ SSH/Perl/Constants.pm       2014-11-07 10:17:15.042384582 -0500
@@ -48,6 +48,7 @@
     'SSH_COMPAT_BUG_X11FWD' => 0x08,
     'SSH_COMPAT_OLD_SESSIONID' => 0x10,
     'SSH_COMPAT_BUG_PKAUTH' => 0x20,
+    'SSH_COMPAT_REVERSE_NEWKEYS' => 0x40,
     'SSH_COMPAT_BUG_RSASIGMD5' => 0x2000,

     'SSH2_MSG_DISCONNECT' => 1,

--- SSHORIG/Perl/Kex.pm 2013-08-09 16:54:24.000000000 -0400
+++ SSH/Perl/Kex.pm     2014-11-12 10:43:47.527764080 -0500
@@ -14,7 +14,8 @@
     :kex
     :proposal
     :protocol
-    SSH_COMPAT_BUG_HMAC );
+    SSH_COMPAT_BUG_HMAC
+    SSH_COMPAT_REVERSE_NEWKEYS );

use Carp qw( croak );
use Digest::SHA1 qw( sha1 );
@@ -99,12 +100,22 @@
     bless $kex, $kex->{class_name};
     $kex->exchange;

-    $ssh->debug("Waiting for NEWKEYS message.");
-    $packet = Net::SSH::Perl::Packet->read_expect($ssh, SSH2_MSG_NEWKEYS);
-
-    $ssh->debug("Send NEWKEYS.");
-    $packet = $ssh->packet_start(SSH2_MSG_NEWKEYS);
-    $packet->send;
+    my @execorder = (1,2);
+    if ($ssh->{datafellows} & SSH_COMPAT_REVERSE_NEWKEYS) {
+        @execorder = (2,1);
+        $ssh->debug("Reversing NEWKEYS flow (compat trigger).");
+    }
+    foreach my $execlevel (@execorder) {
+        if ($execlevel == 1) {
+            $ssh->debug("Waiting for NEWKEYS message.");
+            $packet = Net::SSH::Perl::Packet->read_expect($ssh, SSH2_MSG_NEWKEYS);
+        }
+        elsif ($execlevel == 2) {
+            $ssh->debug("Send NEWKEYS.");
+            $packet = $ssh->packet_start(SSH2_MSG_NEWKEYS);
+            $packet->send;
+        }
+    }

     $ssh->debug("Enabling encryption/MAC/compression.");
     $ssh->{kex} = $kex;

--- SSHORIG/Perl.pm     2014-11-07 10:14:50.000000000 -0500
+++ SSH/Perl.pm 2014-11-07 10:22:21.771369934 -0500
@@ -76,6 +76,7 @@
   [  '^3\.0 SecureCRT'      => SSH_COMPAT_OLD_SESSIONID,   ],
   [  '^1\.7 SecureFX'       => SSH_COMPAT_OLD_SESSIONID,   ],
   [  '^2\.'                 => SSH_COMPAT_BUG_HMAC,        ],
+  [  '^RomSShell_4\.31'     => SSH_COMPAT_REVERSE_NEWKEYS  ],
);

sub _compat_init {
@briandfoy
Copy link
Owner Author

from schwigon@cpan.org

Hi Dan,

is this topic still a problem?

If so, can you please rebase your changes on the latest version v2.01 in
https://github.com/renormalist/Net-SSH-Perl, test it and and update this
ticket here?

In case the problem vanished, eg. because it's an old RomSShell issue, it's
also fine for me if you close the ticket.

Thanks.

Steffen

@briandfoy
Copy link
Owner Author

from dragle@velocity.org

Steffon, I'm afraid we went a different direction with that project and are not actively using Net::SSH::Perl.

I was able to retrieve some of my old testing code from this original post and play with it a bit this morning, but I'm not able to fully test it out at this time. I got so far as to try the 2.01 code against a RomSShell 4.31 device. I had to force in 3des-cbc, diffie-hellman-group1-sha1 and ssh-dss as supported cipher, client key exchange and host key algorithms, but then got:

Using diffie-hellman-group1-sha1 for key exchange
Host key algorithm: ssh-dss
Algorithms, c->s: 3des-cbc hmac-sha1 none
Algorithms, s->c: 3des-cbc hmac-sha1 none
Generating new Diffie-Hellman Group 1 keys
Entering Diffie-Hellman Group 1 key exchange.
Sent DH public key, waiting for reply.
Received host key, type 'ssh-dss'.
Host '1.2.3.4' is known and matches the host key.
Computing shared secret key.
Verifying server signature.
Key verification failed for server host key at /usr/local/lib64/perl5/Net/SSH/Perl/SSH2.pm line 118

As I said, I'm afraid I don't have time to dig into it further. Looking at the code I see the Wait/Send of NEWKEYS has been reversed, so I would think it would work if I could get past the key exchange.

Cheers,

Dan Ragle

@briandfoy briandfoy added RT: checked Verified the RT import Priority: high work on this first Status: has fix in RT The original RT queue has a fix labels Jul 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
imported from rt.cpan.org Priority: high work on this first RT: checked Verified the RT import Status: has fix in RT The original RT queue has a fix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@briandfoy