-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JSch fails connection to older SSH servers - wrong MAC segment size in SSH packets #265
Comments
Hi @tomaskir, I'm afraid I'm not understanding your analysis.
I'm also not immediately seeing RFC-4253 state anywhere that the MAC "segment" length is capped at 20 bytes (since the length of the MAC digest is a function of the algorithm negotiated): can you point out the relevant part of this RFC that you believe indicates this? Are you somehow seeing JSch produce SSH packets > 35000 bytes in length somehow due to the Also, what kind of devices are you encountering this issue with? Also, can you enabling logging in JSch and provide a copy of the logs when this failure occurs? Thanks, |
Yes, but this is for the entire packet. This is based on RMPS (Remote Maximum Packet Size) that I mentioned in the original post. This can be negotiated to any value (up to the mentioned maximums, which must be supported) during SSH session establishment. HOWEVER, on top of RMPS, the length "header", paddings and then the MAC are added separately. In other words, if RMPS is negotiated for example at 1000 bytes, the packet should be:
However since JSch uses now a static This is why I mentioned in the original post that the
The As mentioned, RFC6668 extends this to
We encountered this on quite a few devices. Notables examples (off top of my head) are:
I can check our internal notes for others if you are interested. It will take me a bit to dig that info up tho. Like mentioned in the original post, after implementing our fix, all of these devices (broken in current
I don't have a broken environment available anymore, since all our deploys are now fixed with our internal fix. If interested I can setup a broken version again to provide logs. |
That's not what I'm reading RFC-4253 section 6.1 as stating:
I'm not seeing any language in RFC 4253 section 6.4 that states what your implying. All this section does is mention what the key and digest lengths are for several MAC algorithms. Even so, I'm not understanding how
Yes, if you can provide some logs from actual broken devices that would be helpful. Also, it might be helpful if you can provide output of Thanks, |
Here are the logs: Before our internal patch:
This is a Dell PowerConnect 5448. Like I mentioned, same occurs on the 55xx line, as well as many other old switches we have in our lab. Notice that the connection is closed (from the device side) imediatelly after sending the first post-session-establishment packet (with the username) to the device. On the server side (the device), we only see After our internal patch:
The ONLY difference between the 2 above runs are our adjustment to Here is an OpenSSH client connect:
|
Hi @tomaskir, I happen to have access to a Dell PowerConnect 55xx, so give me some time to try and reproduce this locally. Thanks, |
Hi @tomaskir, Ok, I think I finally understand the issue is that these problematic devices send an extremely small maximum packet size in their
I.e., in This causes a failure in Channel.java#L243:
I need to think more on what the best way to handle this is. Thanks, |
…the MAC to allow connections that advertise small maximum packet sizes.
Hi @norrisjeremy, apologies for the late reply. Our devs went over the PR, it is very similar to how we fixed this internally (but better due to not being thread-based). We built and tested this version, and can confirm it fixes the issue on our end as well. Thank you very much for your work on this! |
Hi @tomaskir, Great, thanks for the confirmation! Thanks, |
Greetings,
JSch fails to connect to older SSH servers, such as on embedded devices or network switches. We have put a lot of time into investigating this, and we believe this is an issue in JSch that needs to be solved in the library. This is actually an issue that has been introduced in original JSch 0.1.54 and therefore carried into this fork. Let me describe the problem:
A bit of history
According to the "original" SSH-2.0 RFC (RFC4253) an SSH packet looks like this:
In this, RMPS refers to Remote Maximum Packet Size, and is agreed to during SSH session negotiation / establishment. For the purposes of this ticket, it is not relevant. What is relevant and problematic is the MAC size.
In later SSH RFCs, the packet format was changed, RFC6668 specifies that MAC size CAN (but does NOT have to) be increased from
20
to32
when usingHMAC-SHA2-256
or to64
when usingHMAC-SHA2-512
.A breaking change in JSch 0.1.54
In JSch 0.1.52, SSH connections to "affected" devices worked without any issues. After upgrade to JSch 0.1.54, we noticed that quite a few of devices we connected to stopped working. The SSH session would simply die during authentication.
Reverting to 0.1.52 fixed the issue, so we confirmed the change was between these 2 versions. Migrating from original JSch to this fork's release of JSch (both 0.1.72 and latest 0.2.6) the issue persists - since it was taken in from the original JSch.
Why the issue occurs
The issue is rooted in incorrectly calculated
buffer_margin
inSession.java:130
. Here is how the buffer is currently calculated:Notice the
maximum mac length
part of the buffer. In 0.1.52, this value was set at20
. However, in 0.1.54 this was changed to64
- to support stronger MAC cyphers.Root cause of the issue
Older SSH servers simply will not accept such long packets. They expect for the MAC segment to be
20
bytes. As soon as this was increased, connections to devices running these old SSH servers simply fails.How this behaves is that you invoke
new JSch().getSession(...)
, which invokesnew Session(...)
, and during session establishment you just getConnection failed: Connection is closed by SSH Server
.When monitoring logs on the SSH server, you see the incoming connection, then the server closes it due to packet parsing errors.
How this needs to get fixed
JSch needs to use proper buffer sizes depending on used MAC. So by default MAC segment size in
buffer_margin
should be20
, and only be increased to32
or64
when usingHMAC-SHA2-256
orHMAC-SHA2-512
respectively.Our internal fix and testing
For us specifically, we use each JSch session on a separate thread, so we just created a
ThreadLocal
inSession.java
and use that forbuffer_margin
calculation depending on used MAC.We validated that this fixes the issue, and after implementing this fix, we are able to connect to devices which were failing before the fix using
0.2.6
Solution in JSch
We understand that this is not acceptable as a generic solution - since other users of JSch may run many sessions on a single thread. We could implement a fix and submit a PR - the question is how would this be best implemented? We could change the constructors or introduce setters / builders for relevant things across the relevant classes, but that requires a large change to the underlying JSch classes.
If a good design for dynamically calculating
buffer_margin
based on used MAC is found, we are happy to implement and submit a PR.The text was updated successfully, but these errors were encountered: