Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Curve25519 kex panic #16

Closed
kolapapa opened this issue Aug 16, 2022 · 10 comments · Fixed by #174
Closed

Curve25519 kex panic #16

kolapapa opened this issue Aug 16, 2022 · 10 comments · Fixed by #174
Labels
bug Something isn't working

Comments

@kolapapa
Copy link

I replied below this issue, but since the issue has been closed,I am worried that no one will see it, so I opened this issue.
@Eugeny Eugeny changed the title Enable ssh-rsa was panicked Curve25519 kex panic Aug 16, 2022
@Eugeny Eugeny added the bug Something isn't working label Aug 16, 2022
@Eugeny
Copy link
Owner

Eugeny commented Aug 16, 2022

This is extremely strange since it looks like it's trying to use curve25519 KEX even though DH-group14-sha1 was negotiated. I'll release the latest code state as a new beta just in case.

@Eugeny
Copy link
Owner

Eugeny commented Aug 16, 2022

Published as v0.34.0-beta.9

@kolapapa
Copy link
Author

Published as v0.34.0-beta.9

[2022-08-16T12:36:01Z DEBUG russh::ssh_read] read_ssh_id: reading
[2022-08-16T12:36:01Z DEBUG russh::ssh_read] read 256
[2022-08-16T12:36:01Z DEBUG russh::ssh_read] Err(Utf8Error { valid_up_to: 33, error_len: Some(1) })
[2022-08-16T12:36:01Z DEBUG russh::cipher] writing, seqn = 0
[2022-08-16T12:36:01Z DEBUG russh::cipher] padding length 5
[2022-08-16T12:36:01Z DEBUG russh::cipher] packet_length 692
[2022-08-16T12:36:01Z DEBUG russh::client] writing 696 bytes
[2022-08-16T12:36:01Z DEBUG russh::ssh_read] id 256 26
[2022-08-16T12:36:01Z DEBUG russh::ssh_read] read () bytes from id.buf
[2022-08-16T12:36:01Z DEBUG russh::cipher] reading, len = [0, 0, 1, 76]
[2022-08-16T12:36:01Z DEBUG russh::cipher] reading, seqn = 0
[2022-08-16T12:36:01Z DEBUG russh::cipher] reading, clear len = 332
[2022-08-16T12:36:01Z DEBUG russh::cipher] read_exact 336
[2022-08-16T12:36:01Z DEBUG russh::ssh_read] id 256 30
[2022-08-16T12:36:01Z DEBUG russh::ssh_read] read () bytes from id.buf
[2022-08-16T12:36:01Z DEBUG russh::ssh_read] id 256 256
[2022-08-16T12:36:01Z DEBUG russh::cipher] read_exact done
[2022-08-16T12:36:01Z DEBUG russh::cipher] reading, padding_length 8
[2022-08-16T12:36:01Z DEBUG russh::client::kex] client parse 323 [20, 95, 143, 187, 181, 51, 96, 226, 98, 207, 206, 182, 230, 181, 195, 211, 40, 0, 0, 0, 80, 100, 105, 102, 102, 105, 101, 45, 104, 101, 108, 108, 109, 97, 110, 45, 103, 114, 111, 117, 112, 49, 45, 115, 104, 97, 49, 44, 100, 105, 102, 102, 105, 101, 45, 104, 101, 108, 108, 109, 97, 110, 45, 103, 114, 111, 117, 112, 49, 52, 45, 115, 104, 97, 49, 44, 107, 101, 120, 103, 117, 101, 115, 115, 50, 64, 109, 97, 116, 116, 46, 117, 99, 99, 46, 97, 115, 110, 46, 97, 117, 0, 0, 0, 15, 115, 115, 104, 45, 114, 115, 97, 44, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 61, 97, 101, 115, 49, 50, 56, 45, 99, 116, 114, 44, 51, 100, 101, 115, 45, 99, 116, 114, 44, 97, 101, 115, 50, 53, 54, 45, 99, 116, 114, 44, 97, 101, 115, 49, 50, 56, 45, 99, 98, 99, 44, 51, 100, 101, 115, 45, 99, 98, 99, 44, 97, 101, 115, 50, 53, 54, 45, 99, 98, 99, 0, 0, 0, 61, 97, 101, 115, 49, 50, 56, 45, 99, 116, 114, 44, 51, 100, 101, 115, 45, 99, 116, 114, 44, 97, 101, 115, 50, 53, 54, 45, 99, 116, 114, 44, 97, 101, 115, 49, 50, 56, 45, 99, 98, 99, 44, 51, 100, 101, 115, 45, 99, 98, 99, 44, 97, 101, 115, 50, 53, 54, 45, 99, 98, 99, 0, 0, 0, 18, 104, 109, 97, 99, 45, 115, 104, 97, 49, 44, 104, 109, 97, 99, 45, 109, 100, 53, 0, 0, 0, 18, 104, 109, 97, 99, 45, 115, 104, 97, 49, 44, 104, 109, 97, 99, 45, 109, 100, 53, 0, 0, 0, 4, 110, 111, 110, 101, 0, 0, 0, 4, 110, 111, 110, 101, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
[2022-08-16T12:36:01Z DEBUG russh::client::kex] extending []
[2022-08-16T12:36:01Z DEBUG russh::negotiation] kex 190
[2022-08-16T12:36:01Z DEBUG russh::negotiation] kex 212
[2022-08-16T12:36:01Z DEBUG russh::negotiation] kex 220
[2022-08-16T12:36:01Z DEBUG russh::negotiation] client_compression = None
[2022-08-16T12:36:01Z DEBUG russh::client::kex] algo = Names { kex: Name("diffie-hellman-group14-sha1"), key: Name("ssh-rsa"), cipher: Name("aes256-ctr"), client_mac: Name("hmac-sha1"), server_mac: Name("hmac-sha1"), server_compression: None, client_compression: None, ignore_guessed: false }
[2022-08-16T12:36:01Z DEBUG russh::client::kex] write = []
[2022-08-16T12:36:01Z DEBUG russh::client::kex] i0 = 686
[2022-08-16T12:36:01Z DEBUG russh::cipher] writing, seqn = 1
[2022-08-16T12:36:01Z DEBUG russh::cipher] padding length 6
[2022-08-16T12:36:01Z DEBUG russh::cipher] packet_length 44
[2022-08-16T12:36:01Z DEBUG russh::client::kex] moving to kexdhdone, exchange = Exchange { client_id: CryptoVec { p: 0x7fa1fe7086a0, size: 27, capacity: 32 }, server_id: CryptoVec { p: 0x7fa1fe708680, size: 24, capacity: 32 }, client_kex_init: CryptoVec { p: 0x7fa1ff813200, size: 686, capacity: 1024 }, server_kex_init: CryptoVec { p: 0x7fa1ff005320, size: 323, capacity: 512 }, client_ephemeral: CryptoVec { p: 0x7fa1ff204d40, size: 32, capacity: 32 }, server_ephemeral: CryptoVec { p: 0x1, size: 0, capacity: 0 } }
[2022-08-16T12:36:01Z DEBUG russh::client] writing to stream: 48 bytes
[2022-08-16T12:36:03Z DEBUG russh::cipher] reading, len = [0, 0, 3, 60]
[2022-08-16T12:36:03Z DEBUG russh::cipher] reading, seqn = 1
[2022-08-16T12:36:03Z DEBUG russh::cipher] reading, clear len = 828
[2022-08-16T12:36:03Z DEBUG russh::cipher] read_exact 832
[2022-08-16T12:36:03Z DEBUG russh::cipher] read_exact done
[2022-08-16T12:36:03Z DEBUG russh::cipher] reading, padding_length 8
[2022-08-16T12:36:03Z DEBUG russh::client] server_public_Key: RSA { key: OpenSSLPKey { (hidden) }, hash: SHA1 }
thread 'tokio-runtime-worker' panicked at 'source slice length (256) does not match destination slice length (32)', /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/russh-0.34.0-beta.9/src/kex/curve25519.rs:105:25
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
[2022-08-16T12:36:03Z DEBUG russh::client] drop session
Error: ClientFailed(Join(JoinError::Panic(Id(17), ...)))

@Eugeny
Copy link
Owner

Eugeny commented Aug 16, 2022

Thanks. Could you please also post a full traceback with RUST_BACKTRACE=1? And is the server you're connecting to publicly accessible so that I could test against it?

@kolapapa
Copy link
Author

kolapapa commented Aug 16, 2022
edited
Loading

Thanks. Could you please also post a full traceback with RUST_BACKTRACE=1? And is the server you're connecting to publicly accessible so that I could test against it?

This may not be convenient for public access, but the ssh server information is Dropbear server v2014.63 (https://matt.ucc.asn.au/dropbear/dropbear.html)

https://mirror.dropbear.nl/mirror/releases/dropbear-2014.63.tar.bz2

[2022-08-16T12:41:32Z DEBUG russh::ssh_read] read_ssh_id: reading
[2022-08-16T12:41:32Z DEBUG russh::ssh_read] read 256
[2022-08-16T12:41:32Z DEBUG russh::ssh_read] Err(Utf8Error { valid_up_to: 32, error_len: Some(1) })
[2022-08-16T12:41:32Z DEBUG russh::cipher] writing, seqn = 0
[2022-08-16T12:41:32Z DEBUG russh::cipher] padding length 5
[2022-08-16T12:41:32Z DEBUG russh::cipher] packet_length 692
[2022-08-16T12:41:32Z DEBUG russh::client] writing 696 bytes
[2022-08-16T12:41:32Z DEBUG russh::ssh_read] id 256 26
[2022-08-16T12:41:32Z DEBUG russh::ssh_read] read () bytes from id.buf
[2022-08-16T12:41:32Z DEBUG russh::cipher] reading, len = [0, 0, 1, 76]
[2022-08-16T12:41:32Z DEBUG russh::cipher] reading, seqn = 0
[2022-08-16T12:41:32Z DEBUG russh::cipher] reading, clear len = 332
[2022-08-16T12:41:32Z DEBUG russh::cipher] read_exact 336
[2022-08-16T12:41:32Z DEBUG russh::ssh_read] id 256 30
[2022-08-16T12:41:32Z DEBUG russh::ssh_read] read () bytes from id.buf
[2022-08-16T12:41:32Z DEBUG russh::ssh_read] id 256 256
[2022-08-16T12:41:32Z DEBUG russh::cipher] read_exact done
[2022-08-16T12:41:32Z DEBUG russh::cipher] reading, padding_length 8
[2022-08-16T12:41:32Z DEBUG russh::client::kex] client parse 323 [20, 159, 114, 64, 132, 121, 169, 34, 249, 35, 172, 232, 193, 2, 132, 0, 182, 0, 0, 0, 80, 100, 105, 102, 102, 105, 101, 45, 104, 101, 108, 108, 109, 97, 110, 45, 103, 114, 111, 117, 112, 49, 45, 115, 104, 97, 49, 44, 100, 105, 102, 102, 105, 101, 45, 104, 101, 108, 108, 109, 97, 110, 45, 103, 114, 111, 117, 112, 49, 52, 45, 115, 104, 97, 49, 44, 107, 101, 120, 103, 117, 101, 115, 115, 50, 64, 109, 97, 116, 116, 46, 117, 99, 99, 46, 97, 115, 110, 46, 97, 117, 0, 0, 0, 15, 115, 115, 104, 45, 114, 115, 97, 44, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 61, 97, 101, 115, 49, 50, 56, 45, 99, 116, 114, 44, 51, 100, 101, 115, 45, 99, 116, 114, 44, 97, 101, 115, 50, 53, 54, 45, 99, 116, 114, 44, 97, 101, 115, 49, 50, 56, 45, 99, 98, 99, 44, 51, 100, 101, 115, 45, 99, 98, 99, 44, 97, 101, 115, 50, 53, 54, 45, 99, 98, 99, 0, 0, 0, 61, 97, 101, 115, 49, 50, 56, 45, 99, 116, 114, 44, 51, 100, 101, 115, 45, 99, 116, 114, 44, 97, 101, 115, 50, 53, 54, 45, 99, 116, 114, 44, 97, 101, 115, 49, 50, 56, 45, 99, 98, 99, 44, 51, 100, 101, 115, 45, 99, 98, 99, 44, 97, 101, 115, 50, 53, 54, 45, 99, 98, 99, 0, 0, 0, 18, 104, 109, 97, 99, 45, 115, 104, 97, 49, 44, 104, 109, 97, 99, 45, 109, 100, 53, 0, 0, 0, 18, 104, 109, 97, 99, 45, 115, 104, 97, 49, 44, 104, 109, 97, 99, 45, 109, 100, 53, 0, 0, 0, 4, 110, 111, 110, 101, 0, 0, 0, 4, 110, 111, 110, 101, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
[2022-08-16T12:41:32Z DEBUG russh::client::kex] extending []
[2022-08-16T12:41:32Z DEBUG russh::negotiation] kex 190
[2022-08-16T12:41:32Z DEBUG russh::negotiation] kex 212
[2022-08-16T12:41:32Z DEBUG russh::negotiation] kex 220
[2022-08-16T12:41:32Z DEBUG russh::negotiation] client_compression = None
[2022-08-16T12:41:32Z DEBUG russh::client::kex] algo = Names { kex: Name("diffie-hellman-group14-sha1"), key: Name("ssh-rsa"), cipher: Name("aes256-ctr"), client_mac: Name("hmac-sha1"), server_mac: Name("hmac-sha1"), server_compression: None, client_compression: None, ignore_guessed: false }
[2022-08-16T12:41:32Z DEBUG russh::client::kex] write = []
[2022-08-16T12:41:32Z DEBUG russh::client::kex] i0 = 686
[2022-08-16T12:41:32Z DEBUG russh::cipher] writing, seqn = 1
[2022-08-16T12:41:32Z DEBUG russh::cipher] padding length 6
[2022-08-16T12:41:32Z DEBUG russh::cipher] packet_length 44
[2022-08-16T12:41:32Z DEBUG russh::client::kex] moving to kexdhdone, exchange = Exchange { client_id: CryptoVec { p: 0x7fb0961058c0, size: 27, capacity: 32 }, server_id: CryptoVec { p: 0x7fb0961058a0, size: 24, capacity: 32 }, client_kex_init: CryptoVec { p: 0x7fb09681ce00, size: 686, capacity: 1024 }, server_kex_init: CryptoVec { p: 0x7fb0960056b0, size: 323, capacity: 512 }, client_ephemeral: CryptoVec { p: 0x7fb0965044f0, size: 32, capacity: 32 }, server_ephemeral: CryptoVec { p: 0x1, size: 0, capacity: 0 } }
[2022-08-16T12:41:32Z DEBUG russh::client] writing to stream: 48 bytes
[2022-08-16T12:41:34Z DEBUG russh::cipher] reading, len = [0, 0, 3, 60]
[2022-08-16T12:41:34Z DEBUG russh::cipher] reading, seqn = 1
[2022-08-16T12:41:34Z DEBUG russh::cipher] reading, clear len = 828
[2022-08-16T12:41:34Z DEBUG russh::cipher] read_exact 832
[2022-08-16T12:41:34Z DEBUG russh::cipher] read_exact done
[2022-08-16T12:41:34Z DEBUG russh::cipher] reading, padding_length 7
[2022-08-16T12:41:34Z DEBUG russh::client] server_public_Key: RSA { key: OpenSSLPKey { (hidden) }, hash: SHA1 }
thread 'tokio-runtime-worker' panicked at 'source slice length (257) does not match destination slice length (32)', /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/russh-0.34.0-beta.9/src/kex/curve25519.rs:105:25
stack backtrace:
   0: rust_begin_unwind
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/std/src/panicking.rs:584:5
   1: core::panicking::panic_fmt
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/core/src/panicking.rs:142:14
   2: core::slice::<impl [T]>::copy_from_slice::len_mismatch_fail
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/core/src/slice/mod.rs:3221:13
   3: core::slice::<impl [T]>::copy_from_slice
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/core/src/slice/mod.rs:3228:13
   4: <[T] as core::slice::CloneFromSpec<T>>::spec_clone_from
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/core/src/slice/mod.rs:4129:9
   5: core::slice::<impl [T]>::clone_from_slice
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/core/src/slice/mod.rs:3151:9
   6: <russh::kex::curve25519::Curve25519Kex as russh::kex::KexAlgorithm>::compute_shared_secret
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/russh-0.34.0-beta.9/src/kex/curve25519.rs:105:9
   7: russh::client::<impl russh::session::KexDhDone>::server_key_check::{{closure}}::{{closure}}
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/russh-0.34.0-beta.9/src/client/mod.rs:1104:17
   8: std::thread::local::LocalKey<T>::try_with
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/std/src/thread/local.rs:445:16
   9: std::thread::local::LocalKey<T>::with
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/std/src/thread/local.rs:421:9
  10: russh::client::<impl russh::session::KexDhDone>::server_key_check::{{closure}}
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/russh-0.34.0-beta.9/src/client/mod.rs:1096:9
  11: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/core/src/future/mod.rs:91:19
  12: russh::client::reply::{{closure}}
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/russh-0.34.0-beta.9/src/client/mod.rs:1166:79
  13: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/core/src/future/mod.rs:91:19
  14: russh::client::Session::run::{{closure}}
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/russh-0.34.0-beta.9/src/client/mod.rs:904:90
  15: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/core/src/future/mod.rs:91:19
  16: <core::pin::Pin<P> as core::future::future::Future>::poll
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/core/src/future/future.rs:124:9
  17: tokio::runtime::task::core::CoreStage<T>::poll::{{closure}}
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/core.rs:165:17
  18: tokio::loom::std::unsafe_cell::UnsafeCell<T>::with_mut
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/loom/std/unsafe_cell.rs:14:9
  19: tokio::runtime::task::core::CoreStage<T>::poll
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/core.rs:155:13
  20: tokio::runtime::task::harness::poll_future::{{closure}}
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/harness.rs:470:19
  21: <core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/core/src/panic/unwind_safe.rs:271:9
  22: std::panicking::try::do_call
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/std/src/panicking.rs:492:40
  23: ___rust_try
  24: std::panicking::try
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/std/src/panicking.rs:456:19
  25: std::panic::catch_unwind
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/std/src/panic.rs:137:14
  26: tokio::runtime::task::harness::poll_future
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/harness.rs:458:18
  27: tokio::runtime::task::harness::Harness<T,S>::poll_inner
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/harness.rs:104:27
  28: tokio::runtime::task::harness::Harness<T,S>::poll
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/harness.rs:57:15
  29: tokio::runtime::task::raw::poll
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/raw.rs:144:5
  30: tokio::runtime::task::raw::RawTask::poll
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/raw.rs:84:18
  31: tokio::runtime::task::LocalNotified<S>::run
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/mod.rs:376:9
  32: tokio::runtime::thread_pool::worker::Context::run_task::{{closure}}
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/thread_pool/worker.rs:435:13
  33: tokio::coop::with_budget::{{closure}}
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/coop.rs:102:9
  34: std::thread::local::LocalKey<T>::try_with
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/std/src/thread/local.rs:445:16
  35: std::thread::local::LocalKey<T>::with
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/std/src/thread/local.rs:421:9
  36: tokio::coop::with_budget
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/coop.rs:95:5
  37: tokio::coop::budget
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/coop.rs:72:5
  38: tokio::runtime::thread_pool::worker::Context::run_task
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/thread_pool/worker.rs:434:9
  39: tokio::runtime::thread_pool::worker::Context::run
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/thread_pool/worker.rs:401:24
  40: tokio::runtime::thread_pool::worker::run::{{closure}}
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/thread_pool/worker.rs:386:17
  41: tokio::macros::scoped_tls::ScopedKey<T>::set
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/macros/scoped_tls.rs:61:9
  42: tokio::runtime::thread_pool::worker::run
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/thread_pool/worker.rs:383:5
  43: tokio::runtime::thread_pool::worker::Launch::launch::{{closure}}
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/thread_pool/worker.rs:362:45
  44: <tokio::runtime::blocking::task::BlockingTask<T> as core::future::future::Future>::poll
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/blocking/task.rs:42:21
  45: tokio::runtime::task::core::CoreStage<T>::poll::{{closure}}
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/core.rs:165:17
  46: tokio::loom::std::unsafe_cell::UnsafeCell<T>::with_mut
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/loom/std/unsafe_cell.rs:14:9
  47: tokio::runtime::task::core::CoreStage<T>::poll
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/core.rs:155:13
  48: tokio::runtime::task::harness::poll_future::{{closure}}
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/harness.rs:470:19
  49: <core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/core/src/panic/unwind_safe.rs:271:9
  50: std::panicking::try::do_call
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/std/src/panicking.rs:492:40
  51: ___rust_try
  52: std::panicking::try
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/std/src/panicking.rs:456:19
  53: std::panic::catch_unwind
             at /rustc/e092d0b6b43f2de967af0887873151bb1c0b18d3/library/std/src/panic.rs:137:14
  54: tokio::runtime::task::harness::poll_future
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/harness.rs:458:18
  55: tokio::runtime::task::harness::Harness<T,S>::poll_inner
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/harness.rs:104:27
  56: tokio::runtime::task::harness::Harness<T,S>::poll
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/harness.rs:57:15
  57: tokio::runtime::task::raw::poll
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/raw.rs:144:5
  58: tokio::runtime::task::raw::RawTask::poll
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/raw.rs:84:18
  59: tokio::runtime::task::UnownedTask<S>::run
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/task/mod.rs:413:9
  60: tokio::runtime::blocking::pool::Task::run
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/blocking/pool.rs:91:9
  61: tokio::runtime::blocking::pool::Inner::run
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/blocking/pool.rs:325:17
  62: tokio::runtime::blocking::pool::Spawner::spawn_thread::{{closure}}
             at /Users/mika/.cargo/registry/src/rsproxy.cn-8f6827c7555bfaf8/tokio-1.19.2/src/runtime/blocking/pool.rs:300:13
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
[2022-08-16T12:41:34Z DEBUG russh::client] drop session
Error: ClientFailed(Join(JoinError::Panic(Id(17), ...)))

@Eugeny
Copy link
Owner

Eugeny commented Aug 25, 2022

Are you using any specific dropbear configuration? I couldn't reproduce it with ./dropbear -F -E -R -B -p 2222 and current master branch

@kolapapa
Copy link
Author

Are you using any specific dropbear configuration? I couldn't reproduce it with ./dropbear -F -E -R -B -p 2222 and current master branch

no special configuration

# ps | grep drop
927 root      1244 S    /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 22 -K 300

# cat /etc/config/dropbear
config dropbear
        option PasswordAuth 'on'
        option RootPasswordAuth 'on'
        option Port         '22'

@kolapapa
Copy link
Author

kolapapa commented Sep 8, 2022
edited
Loading

I got a different problem after trying to modify it like this

(commit d441b65ce06b7611c912f6e23effeabc393696f5 (HEAD -> master, origin/master, origin/HEAD))

--- a/russh/src/negotiation.rs
+++ b/russh/src/negotiation.rs
@@ -80,7 +80,12 @@ impl Preferred {
     #[cfg(feature = "openssl")]
     pub const DEFAULT: Preferred = Preferred {
         kex: KEX_ORDER,
-        key: &[key::ED25519, key::RSA_SHA2_256, key::RSA_SHA2_512],
+        key: &[
+            key::ED25519,
+            key::RSA_SHA2_256,
+            key::RSA_SHA2_512,
+            key::SSH_RSA,
+        ],
[2022-09-08T08:38:20Z DEBUG russh::ssh_read] read_ssh_id: reading
[2022-09-08T08:38:20Z DEBUG russh::ssh_read] read 256
[2022-09-08T08:38:20Z DEBUG russh::ssh_read] Err(Utf8Error { valid_up_to: 36, error_len: Some(1) })
[2022-09-08T08:38:20Z DEBUG russh::cipher] writing, seqn = 0
[2022-09-08T08:38:20Z DEBUG russh::cipher] padding length 9
[2022-09-08T08:38:20Z DEBUG russh::cipher] packet_length 708
[2022-09-08T08:38:20Z DEBUG russh::client] writing 712 bytes
[2022-09-08T08:38:20Z DEBUG russh::ssh_read] id 256 26
[2022-09-08T08:38:20Z DEBUG russh::cipher] reading, len = [0, 0, 1, 76]
[2022-09-08T08:38:20Z DEBUG russh::cipher] reading, seqn = 0
[2022-09-08T08:38:20Z DEBUG russh::cipher] reading, clear len = 332
[2022-09-08T08:38:20Z DEBUG russh::cipher] read_exact 336
[2022-09-08T08:38:20Z DEBUG russh::ssh_read] id 256 30
[2022-09-08T08:38:20Z DEBUG russh::ssh_read] id 256 256
[2022-09-08T08:38:20Z DEBUG russh::cipher] read_exact done
[2022-09-08T08:38:20Z DEBUG russh::cipher] reading, padding_length 8
[2022-09-08T08:38:20Z DEBUG russh::client::kex] extending []
[2022-09-08T08:38:20Z DEBUG russh::negotiation] kex 197
[2022-09-08T08:38:20Z DEBUG russh::negotiation] kex 219
[2022-09-08T08:38:20Z DEBUG russh::negotiation] kex 227
[2022-09-08T08:38:20Z DEBUG russh::negotiation] client_compression = None
[2022-09-08T08:38:20Z DEBUG russh::client::kex] algo = Names { kex: Name("diffie-hellman-group14-sha1"), key: Name("ssh-rsa"), cipher: Name("aes256-ctr"), client_mac: Name("hmac-sha1"), server_mac: Name("hmac-sha1"), server_compression: None, client_compression: None, ignore_guessed: false }
[2022-09-08T08:38:20Z DEBUG russh::client::kex] write = []
[2022-09-08T08:38:20Z DEBUG russh::client::kex] i0 = 698
[2022-09-08T08:38:20Z DEBUG russh::cipher] writing, seqn = 1
[2022-09-08T08:38:20Z DEBUG russh::cipher] padding length 6
[2022-09-08T08:38:20Z DEBUG russh::cipher] packet_length 44
[2022-09-08T08:38:20Z DEBUG russh::client::kex] moving to kexdhdone, exchange = Exchange { client_id: CryptoVec { p: 0x7fb8f5b04530, size: 28, capacity: 32 }, server_id: CryptoVec { p: 0x7fb8f5b04510, size: 24, capacity: 32 }, client_kex_init: CryptoVec { p: 0x7fb8f7008200, size: 698, capacity: 1024 }, server_kex_init: CryptoVec { p: 0x7fb8f5d042c0, size: 323, capacity: 512 }, client_ephemeral: CryptoVec { p: 0x7fb8f5e04080, size: 32, capacity: 32 }, server_ephemeral: CryptoVec { p: 0x1, size: 0, capacity: 0 } }
[2022-09-08T08:38:20Z DEBUG russh::client] drop session
Error: ClientFailed(IO(Custom { kind: UnexpectedEof, error: "early eof" }))

Is there anything I can do to help with further testing?

@mariotaku
Copy link
Contributor

mariotaku commented Jan 25, 2023
edited
Loading

I also have such issue when I connect to a host like this:

$ nmap --script ssh2-enum-algos -sV -p 9922 192.168.0.32

PORT     STATE SERVICE VERSION
9922/tcp open  ssh     OpenSSH 6.1 (protocol 2.0)
| ssh2-enum-algos:
|   kex_algorithms: (7)
|       ecdh-sha2-nistp256
|       ecdh-sha2-nistp384
|       ecdh-sha2-nistp521
|       diffie-hellman-group-exchange-sha256
|       diffie-hellman-group-exchange-sha1
|       diffie-hellman-group14-sha1
|       diffie-hellman-group1-sha1
|   server_host_key_algorithms: (1)
|       ssh-rsa
|   encryption_algorithms: (13)
|       aes128-ctr
|       aes192-ctr
|       aes256-ctr
|       arcfour256
|       arcfour128
|       aes128-cbc
|       3des-cbc
|       blowfish-cbc
|       cast128-cbc
|       aes192-cbc
|       aes256-cbc
|       arcfour
|       rijndael-cbc@lysator.liu.se
|   mac_algorithms: (9)
|       hmac-md5
|       hmac-sha1
|       umac-64@openssh.com
|       hmac-sha2-256
|       hmac-sha2-512
|       hmac
  1. I added key::SSH_RSA in preferred, and the key exchange produced the same error in this issue (which can be confirmed fixed in v0.34.0-beta.9 🎉 )
  2. I then moved kex::DH_G14_SHA1 to the first place, the key exchange succeeded, but I got failed authentication.

Not sure if this is a host or client issue, and I'll be sharing more info if I could.

@mariotaku
Copy link
Contributor

I noticed write_auth_request: "rsa-sha2-256" in the log, while it was supposed to be disabled.

[2023-01-25T14:32:03Z DEBUG russh::client::encrypted] sending ssh-userauth service requset
[2023-01-25T14:32:03Z DEBUG russh::cipher] writing, seqn = 3
[2023-01-25T14:32:03Z DEBUG russh::cipher] padding length 10
[2023-01-25T14:32:03Z DEBUG russh::cipher] packet_length 28
[2023-01-25T14:32:03Z DEBUG russh::client::encrypted] write_auth_request_if_needed: is_waiting = false
[2023-01-25T14:32:03Z DEBUG russh::cipher] reading, len = [155, 168, 144, 193]
[2023-01-25T14:32:03Z DEBUG russh::cipher] reading, seqn = 3
[2023-01-25T14:32:03Z DEBUG russh::cipher] reading, clear len = 92
[2023-01-25T14:32:03Z DEBUG russh::cipher] read_exact 96
[2023-01-25T14:32:03Z DEBUG russh::cipher] read_exact done
[2023-01-25T14:32:03Z DEBUG russh::cipher] reading, padding_length 0
[2023-01-25T14:32:03Z DEBUG russh::client::encrypted] waiting service request, Some(6) 6
[2023-01-25T14:32:03Z DEBUG russh::client::encrypted] write_auth_request: "rsa-sha2-256"
[2023-01-25T14:32:03Z DEBUG russh::client::encrypted] enc: [0, 0, 1, 88, 50, 0, 0, 0, 8, 112, 114, 105, 115, 111, 110, 101, 114, 0, 0, 0, 14, 115, 115, 104, 45, 99, 111, 110, 110, 101, 99, 116, 105, 111, 110, 0, 0, 0, 9, 112, 117, 98, 108, 105, 99, 107, 101, 121, 0, 0, 0, 0, 12, 114, 115, 97, 45, 115, 104, 97, 50, 45, 50, 53, 54, 0, 0, 1, 23, 0, 0, 0, 7, 115, 115, 104, 45, 114, 115, 97, 0, 0, 0, 3, 1, 0, 1, 0, 0, 1, 1, 0, 197, 161, 173, 52, 93, 158, 226, 4, 249, 99, 209, 172, 131, 132, 136, 150, 19, 162, 245, 14, 76, 142, 53, 197, 241, 12, 84, 36, 23, 190, 223, 33, 18, 101, 8, 4, 126, 93, 108, 251, 67, 194, 19, 21, 199, 2, 209, 14, 253, 229, 105, 198, 111, 175, 113, 40, 242, 248, 106, 153, 9, 154, 53, 105, 69, 59, 110, 197, 6, 70, 30, 149, 59, 167, 2, 218, 128, 17, 104, 125, 251, 93, 251, 12, 160, 121, 13, 58, 64, 224, 172, 219, 60, 221, 105, 211, 5, 4, 86, 174, 107, 91, 200, 123, 253, 18, 119, 119, 92, 230, 60, 189, 56, 249, 5, 155, 26, 216, 158, 125, 104, 185, 234, 16, 126, 65, 89, 23, 74, 185, 79, 109, 242, 51, 149, 111, 12, 210, 123, 175, 219, 238, 29, 248, 64, 133, 242, 155, 18, 106, 62, 235, 249, 218, 22, 239, 51, 139, 200, 247, 60, 195, 91, 85, 253, 183, 178, 237, 74, 66, 246, 217, 222, 32, 139, 94, 70, 194, 39, 145, 25, 84, 6, 113, 65, 245, 150, 73, 69, 204, 109, 44, 89, 203, 252, 166, 113, 184, 64, 155, 7, 146, 8, 210, 248, 56, 244, 153, 30, 137, 66, 222, 247, 46, 57, 50, 162, 199, 131, 98, 253, 38, 204, 168, 238, 72, 195, 103, 18, 81, 115, 37, 16, 187, 222, 110, 115, 238, 27, 83, 72, 198, 134, 4, 214, 157, 65, 138, 12, 121, 61, 239, 98, 71, 195, 121]
[2023-01-25T14:32:03Z DEBUG russh::cipher] writing, seqn = 4
[2023-01-25T14:32:03Z DEBUG russh::cipher] padding length 19
[2023-01-25T14:32:03Z DEBUG russh::cipher] packet_length 364
[2023-01-25T14:32:03Z DEBUG russh::cipher] reading, len = [254, 101, 127, 34]
[2023-01-25T14:32:03Z DEBUG russh::cipher] reading, seqn = 4
[2023-01-25T14:32:03Z DEBUG russh::cipher] reading, clear len = 108
[2023-01-25T14:32:03Z DEBUG russh::cipher] read_exact 112
[2023-01-25T14:32:03Z DEBUG russh::cipher] read_exact done
[2023-01-25T14:32:03Z DEBUG russh::cipher] reading, padding_length 0
[2023-01-25T14:32:03Z DEBUG russh::client::encrypted] userauth_failure
[2023-01-25T14:32:03Z DEBUG russh::client::encrypted] remaining methods Ok("publickey,keyboard-interactive")
[2023-01-25T14:32:03Z DEBUG russh::client] drop handle
[2023-01-25T14:32:03Z DEBUG russh::client] disconnected
[2023-01-25T14:32:03Z DEBUG russh::client] drop session

After some more digging, I found this line might be the cause to failed authentication:

https://github.com/warp-tech/russh/blob/8e5043f687c3ed9354aa30734a507a9557fe569d/russh-keys/src/format/mod.rs#L136

If I change the hash algorithm to the only supported SHA1 like below, the connection can be made successfully.

#[cfg(feature = "openssl")]
fn decode_rsa(secret: &[u8]) -> Result<key::KeyPair, Error> {
    Ok(key::KeyPair::RSA {
        key: Rsa::private_key_from_der(secret)?,
        hash: key::SignatureHash::SHA1,
    })
}

I think the hash field for RSA is not really necessary here, as it can pick any algorithm to produce needed one.

@RDruon RDruon mentioned this issue Aug 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use negotiated KEX instead of preferred RDruon/russh
3 participants
@Eugeny @mariotaku @kolapapa