Getting ECONNRESET following example code.

[CyberFoxHax]

So i open up the server as per the example code. I use my systems ssh client and attempt to connect.
and this is the output. I used

C:\Program Files\nodejs\node.exe .\app.js
Listening on port 6444
Client connected!
Client authenticated!
Client session!
Uncaught Error Error: read ECONNRESET
    at __node_internal_captureLargerStackTrace (internal/errors:484:5)
    at __node_internal_errnoException (internal/errors:614:12)
    at onStreamRead (internal/stream_base_commons:217:20)
    at callbackTrampoline (internal/async_hooks:130:17)
    --- TickObject ---
    at init (internal/inspector_async_hook:25:19)
    at emitInitNative (internal/async_hooks:202:43)
    at emitInitScript (internal/async_hooks:505:3)
    at nextTick (internal/process/task_queues:132:5)
    at onDestroy (internal/streams/destroy:103:15)
    at Socket._destroy (net:803:5)
    at _destroy (internal/streams/destroy:109:10)
    at destroy (internal/streams/destroy:71:5)
    at onStreamRead (internal/stream_base_commons:217:12)
    at callbackTrampoline (internal/async_hooks:130:17)
    --- TCPWRAP ---
    at init (internal/inspector_async_hook:25:19)
    at emitInitNative (internal/async_hooks:202:43)
No debugger available, can not send 'variables'
Process exited with code 1

this is the entire code. only different is the change from require to import, add and port number, and typescript. Yes plain require+JavaScript produces to same behavior.
The exception happens on the server at line 60 "const session = accept();"

import { timingSafeEqual } from 'crypto';
import { readFileSync } from 'fs';
import { inspect } from 'util';
import { Server, Client, utils, ParsedKey } from 'ssh2';

const allowedUser = Buffer.from('foo');
const allowedPassword = Buffer.from('bar');
const allowedPubKey = <ParsedKey>utils.parseKey(readFileSync("F:/User/Yuqi/.ssh/id_rsa.pub")); 

function checkValue(input:Buffer, allowed:Buffer) {
  const autoReject = (input.length !== allowed.length);
  if (autoReject) {
    // Prevent leaking length information by always making a comparison with the
    // same input when lengths don't match what we expect ...
    allowed = input;
  }
  const isMatch = timingSafeEqual(input, allowed);
  return (!autoReject && isMatch);
}

new Server({
  hostKeys: [
    readFileSync('Ubuntu/ssh_host_ecdsa_key'),
    readFileSync('Ubuntu/ssh_host_ed25519_key'),
    readFileSync('Ubuntu/ssh_host_rsa_key')
  ]
}, (client) => {
  console.log('Client connected!');

  client.on('authentication', (ctx) => {
    let allowed = true;
    if (!checkValue(Buffer.from(ctx.username), allowedUser))
      allowed = false;

    switch (ctx.method) {
      case 'password':
        if (!checkValue(Buffer.from(ctx.password), allowedPassword))
          return ctx.reject();
        break;
      case 'publickey':
        if (ctx.key.algo !== allowedPubKey.type
            || !checkValue(ctx.key.data, allowedPubKey.getPublicSSH())
            || (ctx.signature && allowedPubKey.verify(ctx.blob, ctx.signature, ctx.hashAlgo) !== true)) {
          return ctx.reject();
        }
        break;
      default:
        return ctx.reject();
    }

    if (allowed)
      ctx.accept();
    else
      ctx.reject();
  }).on('ready', () => {
    console.log('Client authenticated!');

    client.on('session', (accept, reject) => {
      console.log('Client session!');
      const session = accept();
      session.once('exec', (accept, reject, info) => {
        console.log('Client wants to execute: ' + inspect(info.command));
        const stream = accept();
        stream.stderr.write('Oh no, the dreaded errors!\n');
        stream.write('Just kidding about the errors!\n');
        stream.exit(0);
        stream.end();
      });
    });
  }).on('close', () => {
    console.log('Client disconnected');
  });
}).listen(6444, '127.0.0.1', function() {
  console.log('Listening on port ' + this.address().port);
});

My system configuration if you care
Windows 10 x64
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2 (from gitforwindows)
Server and client is same machine.

[mscdex]

Is the SSH client disconnecting for some reason, causing this error? Try adding -vvvv to the OpenSSH client command line to get debug output out of it that might shed some light on things.

[CyberFoxHax]

Thanks for taking your time

C:\>ssh foo@127.0.0.1 -p 6444
PTY allocation request failed on channel 0
shell request failed on channel 0

C:\>ssh -vvvv foo@127.0.0.1 -p 6444
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data C:\\Users\\yuqi_/.ssh/config
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug2: ssh_connect_direct
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 6444.
debug1: Connection established.
debug1: identity file C:\\Users\\yuqi_/.ssh/id_rsa type 0
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_rsa-cert.pub error:2
debug1: identity file C:\\Users\\yuqi_/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_dsa error:2
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_dsa.pub error:2
debug1: identity file C:\\Users\\yuqi_/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_dsa-cert.pub error:2
debug1: identity file C:\\Users\\yuqi_/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_ecdsa.pub error:2
debug1: identity file C:\\Users\\yuqi_/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_ecdsa-cert.pub error:2
debug1: identity file C:\\Users\\yuqi_/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_ed25519.pub error:2
debug1: identity file C:\\Users\\yuqi_/.ssh/id_ed25519 type -1
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_ed25519-cert.pub error:2
debug1: identity file C:\\Users\\yuqi_/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_xmss.pub error:2
debug1: identity file C:\\Users\\yuqi_/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/yuqi_/.ssh/id_xmss-cert.pub error:2
debug1: identity file C:\\Users\\yuqi_/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version ssh2js1.14.0
debug1: no match: ssh2js1.14.0
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 127.0.0.1:6444 as 'foo'
debug3: put_host_port: [127.0.0.1]:6444
debug3: hostkeys_foreach: reading file "C:\\Users\\yuqi_/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\yuqi_/.ssh/known_hosts:363
debug3: load_hostkeys: loaded 1 keys from [127.0.0.1]:6444
debug3: Failed to open file:C:/Users/yuqi_/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
debug2: host key algorithms: ecdsa-sha2-nistp256,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
debug2: ciphers stoc: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:MU1L/MlxTDkHHyjb10Wd3iBk/TWKm1/MyEyENfJMXgI
debug3: put_host_port: [127.0.0.1]:6444
debug3: put_host_port: [127.0.0.1]:6444
debug3: hostkeys_foreach: reading file "C:\\Users\\yuqi_/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\yuqi_/.ssh/known_hosts:363
debug3: load_hostkeys: loaded 1 keys from [127.0.0.1]:6444
debug3: Failed to open file:C:/Users/yuqi_/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: Host '[127.0.0.1]:6444' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\yuqi_/.ssh/known_hosts:363
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug3: unable to connect to pipe \\\\.\\pipe\\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\yuqi_/.ssh/id_rsa RSA SHA256:s8oYlEG4Z9FIaXur9tioUw9CgM3s2fRFcf2tfmpdeM
debug1: Will attempt key: C:\\Users\\yuqi_/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\yuqi_/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\yuqi_/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\yuqi_/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue:
debug3: start over, passed a different list publickey,keyboard-interactive,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\yuqi_/.ssh/id_rsa RSA SHA256:s8oYlEG4G9DIaXur9tioUw9CgM3s2fRFcf2tfmpdeM
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: C:\\Users\\yuqi_/.ssh/id_rsa RSA SHA256:s8oYlEG4ZDIaXur9tioUw9CgM3s2fRFcf2tfmpdeM
debug3: sign_and_send_pubkey: RSA SHA256:s8oYlEG4Z49DIaXur9tw9CgM3s2fRFcf2tfmpdeM
debug3: sign_and_send_pubkey: signing using rsa-sha2-256
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to 127.0.0.1 ([127.0.0.1]:6444).
debug2: fd 5 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug3: This windows OS supports conpty
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug3: Successfully set console output code page from:65001 to 65001
debug3: Successfully set console input code page from:437 to 65001
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 2097152 rmax 32768
debug3: receive packet: type 100
debug2: channel_input_status_confirm: type 100 id 0
PTY allocation request failed on channel 0
debug3: Successfully set console output code page from 65001 to 65001
debug3: Successfully set console input code page from 65001 to 437
debug3: receive packet: type 100
debug2: channel_input_status_confirm: type 100 id 0
shell request failed on channel 0
debug3: Successfully set console output code page from 65001 to 65001
debug3: Successfully set console input code page from 65001 to 437

[mscdex]

The client is attempting to start an interactive shell session, but your code is only set up to handle commands ('exec'). You will need to handle the pty and shell session events.

[CyberFoxHax]

Ok i see. That could maybe have been commented on the Server section. But i digress.

I'm not sure i actually need an interactive session though.

I wish to create a jump server that holds the master ssh key. It would involve authenticating KeyA, opening a session to some node (based on the subdomain), and then connecting to that node with a KeyB. (the super secret key on the server). And then somehow connecting the 2 sessions. (and also not loosing support for ssh tunnels or sftp)

Researched for 2 days. I'm starting to doubt whether this is even possible...

sorry for asking questions like this when it's not really part of the issue at hand.

[mscdex]

Ok i see. That could maybe have been commented on the Server section. But i digress.

The readme is already full of examples, I can't realistically showcase every single feature.

I wish to create a jump server that holds the master ssh key. It would involve authenticating KeyA, opening a session to some node (based on the subdomain), and then connecting to that node with a KeyB. (the super secret key on the server). And then somehow connecting the 2 sessions. (and also not loosing support for ssh tunnels or sftp)

There is no support for automatic proxying of requests to an upstream server. You would need to explicitly add handlers for all types of client requests and then execute those requests using a new client and proxy them together in whichever way makes sense (e.g. calling the appropriate functions, piping streams together, etc.).

[CyberFoxHax]

thank you for your advice.

[CyberFoxHax]

just a note:

putting this:

session.on("shell", (accept, reject) => {
    console.log("On shell");
    var shell = accept();
});

right after:
const session = accept();

It doesn't do anything. But then server will no longer crash when i connect my usual ssh client.

[mscdex]

The OpenSSH client is probably exiting since by default I believe it requires a pty to be allocated, so you'd need to accept pty requests as well.