null character incompatibility with Cisco routers using IOS-XR 7.10.2 #637
Comments
|
Which version of AsyncSSH are you using? The latest code in this area is: self._server_sig_algs = \
set(extensions.get(b'server-sig-algs', b'').split(b','))Note how it adds This isn't related to null characters. It looks like the server you are using is sending the EXT_INFO message, but it it not including 'server-sig-algs' as one of the listed extensions. |
|
Hello Ronf, below the versions. If you would like to take a look, we can arrange a meeting I can provide the test device(s) with IOS-XR Python 3.9.12 |
|
AsyncSSH 1.18.0 is 5 years old at this point. Can you upgrade to a newer version? Version 2.9.0 or later should have a fix for this issue. |
|
I do agree, but if you go for the automatic installation this is the version that is installed by default. |
|
No matter what, you will need a code change on AsyncSSH to fix this problem. So, you'll either need to upgrade to a release which already has this fixed or you'll need to manually patch the release you have. The change should be a one-line change if this is the only issue you run into, but there's no way to work around this issue with just configuration changes. The change in connection.py would be to change: self._server_sig_algs = \
extensions.get(b'server-sig-algs').split(b',')to: self._server_sig_algs = \
extensions.get(b'server-sig-algs', b'').split(b',')Since you're on such an old version, you may run into other problems as well. There are also a number of important security fixes in more recent releases, including the "Terrapin" attack which you might have heard about. That's another strong reason to stick close to the latest release. It's somewhat suspicious that you ended up on 1.18.0, since that is the last of the 1.x AsyncSSH releases. I wonder if whatever tool is using AsyncSSH might be pinning to a major version of 1, and if you adjusted the requirements spec perhaps you could get it to install something newer. |
|
Hello Ronf. We figured out a dependency, Netdev is the applicaton in need of AsyncSSH < 2.0. `
We can conclude: 1.- Async SSH below version 2.9 and IOS-XR 7.10.2 and newer are not compatible.
Thanks for your support. |
|
Thanks for the follow-up! Do you know what specifically is making netdev incompatible with AsyncSSH 2.x? The main item is that the minimum Python version moved from 3.4 to 3.6, but it seems like the latest netdev already has a minimum Python version of 3.6 now. There are some other incompatible changes (detailed in the Change Log), but the updates required (if any) should be quite minimal. |
null character causes the client to be unable to connect to the router.
python output:
/asyncssh/connection.py", line 1518, in _process_ext_info
extensions.get(b'server-sig-algs').split(b',')
AttributeError: 'NoneType' object has no attribute 'split'.
Router debug:
RP/0/RSP0/CPU0:Feb 20 22:37:01.136 UTC: SSHD_[67226]: BEGIN USER AUTHENTICATION
RP/0/RSP0/CPU0:Feb 20 22:37:01.136 UTC: SSHD_[67226]: (sshd_authenticate:3786) setting alarm to 30 secs
RP/0/RSP0/CPU0:Feb 20 22:37:01.137 UTC: SSHD_[67226]: Request service name - ssh-userauth
RP/0/RSP0/CPU0:Feb 20 22:37:01.137 UTC: SSHD_[67226]: Sending Servie Accept msg
RP/0/RSP0/CPU0:Feb 20 22:37:01.138 UTC: SSHD_[67226]: Waiting for Userauth req
RP/0/RSP0/CPU0:Feb 20 22:37:01.331 UTC: SSHD_[67226]: Client closes socket connection 10.26.196.134
RP/0/RSP0/CPU0:Feb 20 22:37:01.331 UTC: SSHD_[67226]: %SECURITY-SSHD-6-INFO_GENERAL : Client closes socket connection
RP/0/RSP0/CPU0:Feb 20 22:37:01.331 UTC: SSHD_[67226]: In ssh error setting code 16
RP/0/RSP0/CPU0:Feb 20 22:37:01.331 UTC: SSHD_[67226]: update_sshd_exit_reason: exit reason updated 16
RP/0/RSP0/CPU0:Feb 20 22:37:01.331 UTC: SSHD_[67226]: %SECURITY-SSHD-3-ERR_GENERAL : Failed to receive User authentication request
RP/0/RSP0/CPU0:Feb 20 22:37:01.331 UTC: SSHD_[67226]: In ssh error setting code 25
RP/0/RSP0/CPU0:Feb 20 22:37:01.331 UTC: SSHD_[67226]: update_sshd_exit_reason: exit reason updated 25
The text was updated successfully, but these errors were encountered: