SFTP login 'size error' (works with openssh; logs included)

[DavidAnderson684]

Hi,

Thank you for your work on phpseclib over the years. I'm using the latest 1.0 branch version (1.0.7).

We've had a couple of users recently reporting failure to login. The error message they get is:

* PHP event: code E_USER_NOTICE: Invalid size (line 3157, phpseclib/phpseclib/phpseclib/Net/SSH2.php)
* PHP event: code E_USER_NOTICE: Connection closed by server (line 2095, phpseclib/phpseclib/phpseclib/Net/SSH2.php)

One of them has given me login credentials, allowing me to confirm the error, test with openssh, and get phpseclib logs.

His SFTP server software is ProFTPD Version 1.3.6 with mod_sftp (mod_sftp is mentioned in the log below; he informed me of the other information).

Here is the (anonymised) openssh debug log for a successful login (I can also do other normal operations after login):

$ sftp -v username@host.example.com    
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data $HOME/.ssh/config
debug1: $HOME/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 2: include /etc/crypto-policies/back-ends/openssh.config matched no files
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "$HOME/.ssh/master-username@host.example.com:22" does not exist
debug1: Connecting to host.example.com [111.222.333.444] port 22.
debug1: Connection established.
debug1: identity file $HOME/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file $HOME/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file $HOME/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file $HOME/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file $HOME/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file $HOME/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file $HOME/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file $HOME/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version mod_sftp
debug1: no match: mod_sftp
debug1: Authenticating to host.example.com:22 as 'username'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: kex: ecdh-sha2-nistp256 need=16 dh_need=16
debug1: kex: ecdh-sha2-nistp256 need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:EMlfI8(snip)
debug1: Host 'host.example.com' is known and matches the RSA host key.
debug1: Found key in $HOME/.ssh/known_hosts:311
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: $HOME/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 533
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: $HOME/.ssh/id_dsa
debug1: Trying private key: $HOME/.ssh/id_ecdsa
debug1: Trying private key: $HOME/.ssh/id_ed25519
debug1: Next authentication method: password
username@host.example.com's password: 
debug1: Authentication succeeded (password).
Authenticated to host.example.com ([111.222.333.444]:22).
debug1: setting up multiplex master socket
debug1: channel 0: new [$HOME/.ssh/username@host.example.com:22]
debug1: channel 1: new [client-session]
debug1: Entering interactive session.
debug1: pledge: id
debug1: Sending environment.
debug1: Sending subsystem: sftp
Connected to host.example.com.
sftp> 

And here is what is logged by NET_SSH2_LOG_COMPLEX:

00000000  53:53:48:2d:32:2e:30:2d:6d:6f:64:5f:73:66:74:70  SSH-2.0-mod_sftp
00000010  0d:0a                                            ..
->
00000000  53:53:48:2d:32:2e:30:2d:70:68:70:73:65:63:6c:69  SSH-2.0-phpsecli
00000010  62:5f:31:2e:30:20:28:6f:70:65:6e:73:73:6c:2c:20  b_1.0 (openssl, 
00000020  67:6d:70:29:0d:0a                                gmp)..
<- NET_SSH2_MSG_KEXINIT (since last: 0.6799, network: 0.0001s)
00000000  8a:7a:9f:91:40:3a:06:a1:0d:77:4d:44:c0:7b:2d:3d  .z..@:...wMD.{-=
00000010  00:00:01:03:65:63:64:68:2d:73:68:61:32:2d:6e:69  ....ecdh-sha2-ni
00000020  73:74:70:35:32:31:2c:65:63:64:68:2d:73:68:61:32  stp521,ecdh-sha2
00000030  2d:6e:69:73:74:70:33:38:34:2c:65:63:64:68:2d:73  -nistp384,ecdh-s
00000040  68:61:32:2d:6e:69:73:74:70:32:35:36:2c:64:69:66  ha2-nistp256,dif
00000050  66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75  fie-hellman-grou
00000060  70:31:38:2d:73:68:61:35:31:32:2c:64:69:66:66:69  p18-sha512,diffi
00000070  65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:31  e-hellman-group1
00000080  36:2d:73:68:61:35:31:32:2c:64:69:66:66:69:65:2d  6-sha512,diffie-
00000090  68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:31:34:2d  hellman-group14-
000000a0  73:68:61:32:35:36:2c:64:69:66:66:69:65:2d:68:65  sha256,diffie-he
000000b0  6c:6c:6d:61:6e:2d:67:72:6f:75:70:2d:65:78:63:68  llman-group-exch
000000c0  61:6e:67:65:2d:73:68:61:32:35:36:2c:64:69:66:66  ange-sha256,diff
000000d0  69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70  ie-hellman-group
000000e0  2d:65:78:63:68:61:6e:67:65:2d:73:68:61:31:2c:64  -exchange-sha1,d
000000f0  69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72  iffie-hellman-gr
00000100  6f:75:70:31:34:2d:73:68:61:31:2c:72:73:61:31:30  oup14-sha1,rsa10
00000110  32:34:2d:73:68:61:31:00:00:00:0f:73:73:68:2d:72  24-sha1....ssh-r
00000120  73:61:2c:73:73:68:2d:64:73:73:00:00:00:8f:61:65  sa,ssh-dss....ae
00000130  73:32:35:36:2d:63:74:72:2c:61:65:73:31:39:32:2d  s256-ctr,aes192-
00000140  63:74:72:2c:61:65:73:31:32:38:2d:63:74:72:2c:61  ctr,aes128-ctr,a
00000150  65:73:32:35:36:2d:63:62:63:2c:61:65:73:31:39:32  es256-cbc,aes192
00000160  2d:63:62:63:2c:61:65:73:31:32:38:2d:63:62:63:2c  -cbc,aes128-cbc,
00000170  62:6c:6f:77:66:69:73:68:2d:63:74:72:2c:62:6c:6f  blowfish-ctr,blo
00000180  77:66:69:73:68:2d:63:62:63:2c:63:61:73:74:31:32  wfish-cbc,cast12
00000190  38:2d:63:62:63:2c:61:72:63:66:6f:75:72:32:35:36  8-cbc,arcfour256
000001a0  2c:61:72:63:66:6f:75:72:31:32:38:2c:33:64:65:73  ,arcfour128,3des
000001b0  2d:63:74:72:2c:33:64:65:73:2d:63:62:63:00:00:00  -ctr,3des-cbc...
000001c0  8f:61:65:73:32:35:36:2d:63:74:72:2c:61:65:73:31  .aes256-ctr,aes1
000001d0  39:32:2d:63:74:72:2c:61:65:73:31:32:38:2d:63:74  92-ctr,aes128-ct
000001e0  72:2c:61:65:73:32:35:36:2d:63:62:63:2c:61:65:73  r,aes256-cbc,aes
000001f0  31:39:32:2d:63:62:63:2c:61:65:73:31:32:38:2d:63  192-cbc,aes128-c
00000200  62:63:2c:62:6c:6f:77:66:69:73:68:2d:63:74:72:2c  bc,blowfish-ctr,
00000210  62:6c:6f:77:66:69:73:68:2d:63:62:63:2c:63:61:73  blowfish-cbc,cas
00000220  74:31:32:38:2d:63:62:63:2c:61:72:63:66:6f:75:72  t128-cbc,arcfour
00000230  32:35:36:2c:61:72:63:66:6f:75:72:31:32:38:2c:33  256,arcfour128,3
00000240  64:65:73:2d:63:74:72:2c:33:64:65:73:2d:63:62:63  des-ctr,3des-cbc
00000250  00:00:00:7f:68:6d:61:63:2d:73:68:61:32:2d:32:35  ....hmac-sha2-25
00000260  36:2c:68:6d:61:63:2d:73:68:61:32:2d:35:31:32:2c  6,hmac-sha2-512,
00000270  68:6d:61:63:2d:73:68:61:31:2c:68:6d:61:63:2d:73  hmac-sha1,hmac-s
00000280  68:61:31:2d:39:36:2c:68:6d:61:63:2d:6d:64:35:2c  ha1-96,hmac-md5,
00000290  68:6d:61:63:2d:6d:64:35:2d:39:36:2c:68:6d:61:63  hmac-md5-96,hmac
000002a0  2d:72:69:70:65:6d:64:31:36:30:2c:75:6d:61:63:2d  -ripemd160,umac-
000002b0  36:34:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:75  64@openssh.com,u
000002c0  6d:61:63:2d:31:32:38:40:6f:70:65:6e:73:73:68:2e  mac-128@openssh.
000002d0  63:6f:6d:00:00:00:7f:68:6d:61:63:2d:73:68:61:32  com....hmac-sha2
000002e0  2d:32:35:36:2c:68:6d:61:63:2d:73:68:61:32:2d:35  -256,hmac-sha2-5
000002f0  31:32:2c:68:6d:61:63:2d:73:68:61:31:2c:68:6d:61  12,hmac-sha1,hma
00000300  63:2d:73:68:61:31:2d:39:36:2c:68:6d:61:63:2d:6d  c-sha1-96,hmac-m
00000310  64:35:2c:68:6d:61:63:2d:6d:64:35:2d:39:36:2c:68  d5,hmac-md5-96,h
00000320  6d:61:63:2d:72:69:70:65:6d:64:31:36:30:2c:75:6d  mac-ripemd160,um
00000330  61:63:2d:36:34:40:6f:70:65:6e:73:73:68:2e:63:6f  ac-64@openssh.co
00000340  6d:2c:75:6d:61:63:2d:31:32:38:40:6f:70:65:6e:73  m,umac-128@opens
00000350  73:68:2e:63:6f:6d:00:00:00:04:6e:6f:6e:65:00:00  sh.com....none..
00000360  00:04:6e:6f:6e:65:00:00:00:00:00:00:00:00:00:00  ..none..........
00000370  00:00:00                                         ...
-> NET_SSH2_MSG_KEXINIT (since last: 0.0009, network: 0.0001s)
00000000  a8:61:50:4e:57:25:73:79:81:4e:e3:03:3a:e2:90:3f  .aPNW%sy.N..:..?
00000010  00:00:00:7e:64:69:66:66:69:65:2d:68:65:6c:6c:6d  ...~diffie-hellm
00000020  61:6e:2d:67:72:6f:75:70:31:2d:73:68:61:31:2c:64  an-group1-sha1,d
00000030  69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72  iffie-hellman-gr
00000040  6f:75:70:31:34:2d:73:68:61:31:2c:64:69:66:66:69  oup14-sha1,diffi
00000050  65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:2d  e-hellman-group-
00000060  65:78:63:68:61:6e:67:65:2d:73:68:61:31:2c:64:69  exchange-sha1,di
00000070  66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f  ffie-hellman-gro
00000080  75:70:2d:65:78:63:68:61:6e:67:65:2d:73:68:61:32  up-exchange-sha2
00000090  35:36:00:00:00:0f:73:73:68:2d:72:73:61:2c:73:73  56....ssh-rsa,ss
000000a0  68:2d:64:73:73:00:00:00:e9:61:72:63:66:6f:75:72  h-dss....arcfour
000000b0  32:35:36:2c:61:72:63:66:6f:75:72:31:32:38:2c:61  256,arcfour128,a
000000c0  65:73:31:32:38:2d:63:74:72:2c:61:65:73:31:39:32  es128-ctr,aes192
000000d0  2d:63:74:72:2c:61:65:73:32:35:36:2d:63:74:72:2c  -ctr,aes256-ctr,
000000e0  74:77:6f:66:69:73:68:31:32:38:2d:63:74:72:2c:74  twofish128-ctr,t
000000f0  77:6f:66:69:73:68:31:39:32:2d:63:74:72:2c:74:77  wofish192-ctr,tw
00000100  6f:66:69:73:68:32:35:36:2d:63:74:72:2c:61:65:73  ofish256-ctr,aes
00000110  31:32:38:2d:63:62:63:2c:61:65:73:31:39:32:2d:63  128-cbc,aes192-c
00000120  62:63:2c:61:65:73:32:35:36:2d:63:62:63:2c:74:77  bc,aes256-cbc,tw
00000130  6f:66:69:73:68:31:32:38:2d:63:62:63:2c:74:77:6f  ofish128-cbc,two
00000140  66:69:73:68:31:39:32:2d:63:62:63:2c:74:77:6f:66  fish192-cbc,twof
00000150  69:73:68:32:35:36:2d:63:62:63:2c:74:77:6f:66:69  ish256-cbc,twofi
00000160  73:68:2d:63:62:63:2c:62:6c:6f:77:66:69:73:68:2d  sh-cbc,blowfish-
00000170  63:74:72:2c:62:6c:6f:77:66:69:73:68:2d:63:62:63  ctr,blowfish-cbc
00000180  2c:33:64:65:73:2d:63:74:72:2c:33:64:65:73:2d:63  ,3des-ctr,3des-c
00000190  62:63:00:00:00:e9:61:72:63:66:6f:75:72:32:35:36  bc....arcfour256
000001a0  2c:61:72:63:66:6f:75:72:31:32:38:2c:61:65:73:31  ,arcfour128,aes1
000001b0  32:38:2d:63:74:72:2c:61:65:73:31:39:32:2d:63:74  28-ctr,aes192-ct
000001c0  72:2c:61:65:73:32:35:36:2d:63:74:72:2c:74:77:6f  r,aes256-ctr,two
000001d0  66:69:73:68:31:32:38:2d:63:74:72:2c:74:77:6f:66  fish128-ctr,twof
000001e0  69:73:68:31:39:32:2d:63:74:72:2c:74:77:6f:66:69  ish192-ctr,twofi
000001f0  73:68:32:35:36:2d:63:74:72:2c:61:65:73:31:32:38  sh256-ctr,aes128
00000200  2d:63:62:63:2c:61:65:73:31:39:32:2d:63:62:63:2c  -cbc,aes192-cbc,
00000210  61:65:73:32:35:36:2d:63:62:63:2c:74:77:6f:66:69  aes256-cbc,twofi
00000220  73:68:31:32:38:2d:63:62:63:2c:74:77:6f:66:69:73  sh128-cbc,twofis
00000230  68:31:39:32:2d:63:62:63:2c:74:77:6f:66:69:73:68  h192-cbc,twofish
00000240  32:35:36:2d:63:62:63:2c:74:77:6f:66:69:73:68:2d  256-cbc,twofish-
00000250  63:62:63:2c:62:6c:6f:77:66:69:73:68:2d:63:74:72  cbc,blowfish-ctr
00000260  2c:62:6c:6f:77:66:69:73:68:2d:63:62:63:2c:33:64  ,blowfish-cbc,3d
00000270  65:73:2d:63:74:72:2c:33:64:65:73:2d:63:62:63:00  es-ctr,3des-cbc.
00000280  00:00:39:68:6d:61:63:2d:73:68:61:32:2d:32:35:36  ..9hmac-sha2-256
00000290  2c:68:6d:61:63:2d:73:68:61:31:2d:39:36:2c:68:6d  ,hmac-sha1-96,hm
000002a0  61:63:2d:73:68:61:31:2c:68:6d:61:63:2d:6d:64:35  ac-sha1,hmac-md5
000002b0  2d:39:36:2c:68:6d:61:63:2d:6d:64:35:00:00:00:39  -96,hmac-md5...9
000002c0  68:6d:61:63:2d:73:68:61:32:2d:32:35:36:2c:68:6d  hmac-sha2-256,hm
000002d0  61:63:2d:73:68:61:31:2d:39:36:2c:68:6d:61:63:2d  ac-sha1-96,hmac-
000002e0  73:68:61:31:2c:68:6d:61:63:2d:6d:64:35:2d:39:36  sha1,hmac-md5-96
000002f0  2c:68:6d:61:63:2d:6d:64:35:00:00:00:04:6e:6f:6e  ,hmac-md5....non
00000300  65:00:00:00:04:6e:6f:6e:65:00:00:00:00:00:00:00  e....none.......
00000310  00:00:00:00:00:00                                ......
-> NET_SSH2_MSG_KEXDH_INIT (since last: 0.0088, network: 0s)
00000000  00:00:01:01:00:ed:47:82:4b:50:3e:a2:12:34:0a:de  ......G.KP>..4..
00000010  e7:4d:b9:aa:ae:92:91:a9:c6:a2:bd:00:08:80:2b:09  .M............+.
00000020  5a:ed:d5:bd:01:28:79:80:17:7a:63:28:d1:07:37:59  Z....(y..zc(..7Y
00000030  c4:ff:5f:af:74:03:ee:3d:eb:2f:ca:b6:de:b2:b5:29  .._.t..=./.....)
00000040  5b:dc:ea:ee:40:68:64:53:ac:02:10:6f:e3:11:da:26  [...@hdS...o...&
00000050  c3:8b:4b:42:b8:56:df:59:33:e5:1a:9c:bd:dd:04:66  ..KB.V.Y3......f
00000060  99:3f:71:00:2a:55:6e:b4:83:20:9e:e1:83:08:96:cb  .?q.*Un.. ......
00000070  05:c7:ae:f8:7e:bc:f2:59:00:af:d6:4d:7a:24:82:db  ....~..Y...Mz$..
00000080  d8:87:b3:b2:93:c7:60:0a:a0:69:f5:9c:ef:4d:f8:34  ......`..i...M.4
00000090  7b:49:f4:4d:3e:a4:da:9f:d4:22:bc:8a:60:8e:21:91  {I.M>...."..`.!.
000000a0  04:b6:9a:c1:fa:91:19:27:7b:b9:21:4f:61:c5:19:28  .......'{.!Oa..(
000000b0  90:02:65:c9:af:c5:8e:34:e5:05:87:7d:fe:61:1d:46  ..e....4...}.a.F
000000c0  61:65:07:81:54:bc:6b:1e:cc:16:48:bf:4c:43:ce:67  ae..T.k...H.LC.g
000000d0  94:5a:b8:74:cc:d3:c6:d8:12:b1:cf:fe:49:47:0c:0d  .Z.t........IG..
000000e0  fc:71:2c:b4:4a:5d:55:47:04:2e:4b:b9:49:82:68:27  .q,.J]UG..K.I.h'
000000f0  b3:e9:0f:6b:9a:0d:c3:74:9b:3e:6a:1a:06:58:9f:6d  ...k...t.>j..X.m
00000100  96:29:4f:a5:af                                   .)O..
<- NET_SSH2_MSG_KEXDH_REPLY (since last: 0.5022, network: 0.5021s)
00000000  00:00:01:15:00:00:00:07:73:73:68:2d:72:73:61:00  ........ssh-rsa.
00000010  00:00:01:23:00:00:01:01:00:e4:40:79:a7:fe:47:a7  ...#......@y..G.
00000020  78:46:5b:5a:07:a2:4f:8f:20:e1:fd:3d:b9:fb:72:75  xF[Z..O. ..=..ru
00000030  22:1a:65:04:06:b0:95:8e:70:30:f8:7a:ca:c8:df:1b  ".e.....p0.z....
00000040  61:55:74:74:81:a5:96:cc:18:5f:09:06:ff:e6:e0:88  aUtt....._......
00000050  19:44:e8:85:48:04:0a:be:27:05:56:bb:54:ac:b3:72  .D..H...'.V.T..r
00000060  9a:ac:76:37:3a:f1:49:51:76:68:67:24:51:83:f1:9c  ..v7:.IQvhg$Q...
00000070  ff:e2:d1:08:4e:e5:c8:aa:70:59:0e:f4:75:b7:a5:19  ....N...pY..u...
00000080  1c:b2:24:51:f7:e9:e3:6f:eb:24:97:a1:46:2d:1a:4c  ..$Q...o.$..F-.L
00000090  25:53:92:15:68:73:c0:a4:ec:5e:e0:b1:cf:65:af:ea  %S..hs...^...e..
000000a0  85:24:5b:3e:8d:a1:c2:88:74:a2:b0:ad:81:e8:d1:79  .$[>....t......y
000000b0  b3:6d:5b:99:e5:c7:4d:03:34:58:2c:be:7f:12:bf:3d  .m[...M.4X,....=
000000c0  9c:21:82:f1:b0:f5:73:2a:05:31:b3:c6:71:b3:18:27  .!....s*.1..q..'
000000d0  f9:0f:d4:bd:1e:ee:ab:80:1b:02:1c:81:30:bc:6f:ec  ............0.o.
000000e0  38:c9:d6:97:3b:3c:9a:1c:b9:39:e8:d9:1c:3d:b8:c6  8...;....9...=..
000000f0  62:d6:09:23:6e:79:a2:3a:1e:93:4d:72:04:59:b9:eb  b..#ny.:..Mr.Y..
00000100  a3:22:21:c1:cf:39:e7:9b:ad:a3:d9:9e:94:45:26:58  ."!..9.......E&X
00000110  d4:3e:0b:e3:f0:00:af:8c:3f:00:00:01:00:58:de:46  .>......?....X.F
00000120  45:c4:0b:96:28:ee:c5:45:d5:5e:bc:96:20:c0:55:57  E...(..E.^.. .UW
00000130  3c:96:22:ed:7d:53:8b:e9:63:2c:8f:9b:c1:3a:ee:91  ..".}S..c,...:..
00000140  31:25:98:e8:7c:48:4f:ef:48:bc:37:6e:8d:75:c0:86  1%..|HO.H.7n.u..
00000150  99:49:f0:66:43:db:ec:e8:ea:23:bd:d8:1f:92:89:77  .I.fC....#.....w
00000160  7a:34:bf:f4:7d:4a:a2:9f:60:bf:3b:35:9c:d5:8f:59  z4..}J..`.;5...Y
00000170  b9:5a:0f:23:38:93:08:a7:2c:18:03:43:f6:52:49:e3  .Z.#8...,..C.RI.
00000180  82:0e:6e:9b:0b:39:8d:f4:9d:d6:d7:5f:86:9f:28:3f  ..n..9....._..(?
00000190  2d:4c:41:e0:b2:6f:ea:5a:e1:0e:0d:7f:da:d8:43:8b  -LA..o.Z......C.
000001a0  bc:50:bb:93:ae:24:1f:1d:63:b3:50:f2:a7:98:56:76  .P...$..c.P...Vv
000001b0  0a:09:9b:f7:d3:6d:97:cf:de:9c:b2:dd:6e:4a:91:8b  .....m......nJ..
000001c0  cb:be:9f:92:c0:f6:d7:f4:46:d8:84:7f:56:6e:1e:78  ........F...Vn.x
000001d0  32:e3:e4:86:3c:67:ff:aa:e7:78:b0:d1:23:87:e3:cf  2....g...x..#...
000001e0  70:ca:bb:3e:0a:af:9e:9f:95:73:09:5c:4c:dc:40:65  p..>.....s.\L.@e
000001f0  9d:70:70:cc:9c:f2:ed:3e:90:9d:09:39:60:e2:a1:36  .pp....>...9`..6
00000200  7e:e7:2b:78:09:da:50:3f:ad:14:db:d9:e9:f5:4c:16  ~.+x..P?......L.
00000210  a7:87:5b:99:79:21:b1:18:33:af:db:c9:29:00:00:01  ..[.y!..3...)...
00000220  0f:00:00:00:07:73:73:68:2d:72:73:61:00:00:01:00  .....ssh-rsa....
00000230  5d:8c:90:ce:7b:3d:ad:ff:61:6e:e4:3b:b1:cb:9b:4b  ]...{=..an.;...K
00000240  4f:94:3f:b0:47:10:1d:89:98:5b:21:41:96:00:12:76  O.?.G....[!A...v
00000250  e3:b0:cc:44:54:c2:89:8e:db:df:cd:24:88:dd:43:49  ...DT......$..CI
00000260  af:29:eb:07:f3:19:3a:b8:7b:b6:5f:2d:08:65:73:fb  .)....:.{._-.es.
00000270  d2:f5:e8:c7:32:63:3b:b7:8a:f8:ec:74:95:51:b6:68  ....2c;....t.Q.h
00000280  33:d4:0b:b6:3b:d3:9a:a3:cd:6f:21:20:b6:13:0c:13  3...;....o! ....
00000290  30:0b:3b:f4:86:4e:b8:6f:c1:42:c1:6c:fe:19:a6:c1  0.;..N.o.B.l....
000002a0  b3:1b:46:39:65:9b:c1:63:bf:bb:fb:55:3b:1f:ee:e7  ..F9e..c...U;...
000002b0  dd:92:9d:85:dc:3c:e2:e9:f5:de:c8:8d:7b:06:25:a1  ............{.%.
000002c0  86:b8:2a:bc:46:df:0a:0c:97:a7:93:d8:db:a0:27:a7  ..*.F.........'.
000002d0  b0:24:3b:e1:a2:2f:a4:f5:fe:d3:f5:04:3e:64:8e:ed  .$;../......>d..
000002e0  de:67:68:7a:6c:78:c4:05:5f:15:fd:dc:55:87:de:72  .ghzlx.._...U..r
000002f0  18:95:73:8d:3c:30:65:03:af:22:71:63:ea:40:46:0d  ..s..0e.."qc.@F.
00000300  de:1a:d8:f1:95:45:9f:23:fd:9d:cc:3f:40:f2:0e:97  .....E.#...?@...
00000310  8c:e1:2f:98:bf:87:3c:b8:19:0d:f8:c7:a6:62:67:c0  ../..........bg.
00000320  a3:ec:5c:f0:f6:ba:f5:d7:75:78:4f:12:47:7a:e0:ba  ..\.....uxO.Gz..
-> NET_SSH2_MSG_NEWKEYS (since last: 0.0008, network: 0s)
                                                 
<- NET_SSH2_MSG_NEWKEYS (since last: 0, network: 0s)
                                                 
-> NET_SSH2_MSG_SERVICE_REQUEST (since last: 0.0017, network: 0s)
00000000  00:00:00:0c:73:73:68:2d:75:73:65:72:61:75:74:68  ....ssh-userauth

[DavidAnderson684]

The server administrator has also replied with some further information, saying that the problem is that when phpseclib attempts to connect, then it only supports weak ciphers, which their server does not support. Is this something configurable within phpseclib, or does the problem lie elsewhere?

[bantu]

It's possible. I think you have to use OpenSSH debug2 (-vv) or debug3 to see which ciphers etc. are negotiated.

[bantu]

Actually, nevermind, that info should be in the phpseclib log as well.

[bantu]

Looked over the logs. Phpseclib should have matching ciphers/algos. Unless I am missing something.

[DavidAnderson684]

@bantu

Is there any more info I can get that may help? Here's what I think is the relevant section of the OpenSSH (sftp) -v -v output:

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,rsa1024-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss
debug2: ciphers ctos: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-ctr,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,3des-ctr,3des-cbc
debug2: ciphers stoc: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-ctr,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,3des-ctr,3des-cbc
debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,umac-64@openssh.com,umac-128@openssh.com
debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,umac-64@openssh.com,umac-128@openssh.com
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: kex: ecdh-sha2-nistp256 need=16 dh_need=16
debug1: kex: ecdh-sha2-nistp256 need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

[bantu]

phpseclib should be able to do e.g. diffie-hellman-group14-sha1, ssh-rsa, aes128-ctr, aes128-ctr, hmac-md5, hmac-md5, none, none.

[bantu]

Looks like this has something to do with the advertised max packet size.
See https://github.com/phpseclib/phpseclib/blob/1.0.7/phpseclib/Net/SSH2.php#L3157

[DavidAnderson684]

phpseclib should be able to do...

@bantu So, it sounds like the SFTP server admin's statement that the problem was a lack of mutually compatible ciphers is wrong, and is a distraction.

Looks like this has something to do with the advertised max packet size.
See https://github.com/phpseclib/phpseclib/blob/1.0.7/phpseclib/Net/SSH2.php#L3157

Would it help if I sent him a modified version of phpseclib that will distinguish the three conditions on that line, so that we can find out which one is the problem?

[terrafrost]

when phpseclib attempts to connect, then it only supports weak ciphers, which their server does not support

The server administrator is an idiot, serving up FUD.

phpseclib supports ECDH if you have libsodium installed. It doesn't currently support chacha20-poly1305@openssh.com but then again your server doesn't either.

The best symmetric cipher that phpseclib supports is AES and it supports it in every mode save for GCM (just as with PuTTY) and, guess what, the server supports the AES algorithms too.

phpseclib does support "weak" ciphers like arcfour256 but, then again, so does the server. In fact, there-in probably lies the problem.

Anyway, try this:

#
#-----[ OPEN ]------------------------------------------
#
Net/SSH2.php
#
#-----[ FIND ]------------------------------------------
#
        $encryption_algorithms = array(
            // from <http://tools.ietf.org/html/rfc4345#section-4>:
            'arcfour256',
            'arcfour128',
#
#-----[ REPLACE WITH ]----------------------------------
#
        $encryption_algorithms = array(
            // from <http://tools.ietf.org/html/rfc4345#section-4>:
            //'arcfour256',
            //'arcfour128',

ie. the server says it supports arcfour256 and arcfour128 but it really doesn't. What it supports is a buggy implementation of those algorithms.

[DavidAnderson684]

@terrafrost Thank you very much. Yes, disabling those lines fixes it.

So, I suppose I'll tell the end-user (of my code which uses phpseclib) to tell the server admin (of the SFTP server he's trying to access) that his implementation of those algorithms is buggy?

Would it be an advantage to phpseclib to retry with something else if it encounters this problem? Even if I exposed the encryption algorithm settings to the end-user, that would still be a terrible user experience, to have to diagnose the problem and then tweak something that technically challenging.

[DavidAnderson684]

For what it's worth - openssh works (`sftp -v -v -oCiphers='arcfour128') (arcfour256 also). Perhaps the server is only tested against openssh.

[terrafrost]

Would it be an advantage to phpseclib to retry with something else if it encounters this problem? Even if I exposed the encryption algorithm settings to the end-user, that would still be a terrible user experience, to have to diagnose the problem and then tweak something that technically challenging.

That's not how it works. The algorithm is determined through the key exchange process. If subsequent packets do not decrypt correctly the connection just stops working. You can't do a new key exchange either because subsequent key exchanges are supposed to be encrypted.

For what it's worth - openssh works (`sftp -v -v -oCiphers='arcfour128') (arcfour256 also). Perhaps the server is only tested against openssh.

Probably. But it's also worth mentioning that OpenSSH doesn't always behave consistently. phpseclib often is able to connect to OpenSSH servers using arcfour128 / arcfour256 without issue but often times it's also not worth it.

So, I suppose I'll tell the end-user (of my code which uses phpseclib) to tell the server admin (of the SFTP server he's trying to access) that his implementation of those algorithms is buggy?

Unless he did his own home grown implementation then it seems unlikely that it's his implementation.

FWIW the reason phpseclib has historically favored arcfour128 / arcfour256 is for speed purposes. But when OpenSSL or mcrypt are being used speed is less of a consideration, I will concede..

[terrafrost]

Would you be able to provide me with the IP address of the server that has this problem? I don't need a username or password - logging in with a fake username would be sufficient to allow me to reproduce the problem.

What I'm thinking I can do is make it so that if the packet doesn't decrypt correctly and that the selected cipher is arcfour128 or arcfour256 that it recreates the the cipher object. To test it out, however, I need to be able to connect to a server that demonstrates the problem and none of the servers I have access to (existing servers or new servers on fresh Linux installs) demonstrate it.

Thanks!

[DavidAnderson684]

136.243.27.43

[terrafrost]

So the issue is actually a bug in SSH servers built against sufficiently old versions of OpenSSL:

https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ssh2-aesctr-openssh.html
https://bugzilla.mindrot.org/show_bug.cgi?id=1291

The workaround I chose to implement disconnects when the "invalid size" error would be output (and when the login has yet to be completed and the algorithm is one of the affected algorithms, etc) and re-connects using a shorter key.

Here's the commit:

terrafrost@e5b4eef

I'll need to merge it into 2.0 and master at some point.

[terrafrost]

The fix has been merged. As such, I'm gonna go ahead and close this.

[DavidAnderson684]

Thank you!

[ivpfals]

Thanks for the fix, just tested it and it works as expected, no longer any "size error" messages!

[russellmeyers01]

Are there any plans to tag a new release that includes this fix soon in the 2.0 version (i.e. a 2.0.7 version)? I ran into this issue suddenly over the weekend with an external party, and the fix works.

[terrafrost]

Are there any plans to tag a new release that includes this fix soon in the 2.0 version (i.e. a 2.0.7 version)? I ran into this issue suddenly over the weekend with an external party, and the fix works.

I'll try to do it in early October. I'm traveling in Europe right now and don't want to enjoy my trip as opposed to getting too wrapped up in phpseclib stuff lol