#1 Compatibility with FreSSH
trilead-SSH2 build213
jre 1.6.0-07
I am building a client which needs to interact with a significant installed base which uses FreSSH server. (They return "FreSSH.0.8" as their server identification in the SSH identification message.)
Our client cannot connect to this FreSSH server. During the set-up, it intends to create a PTY and a shell in order to execute several commands. But it fails at this time.
We have no problems connecting to other systems using this trilead-based client.
And other SSH clients we have tried - JSch API, mindbright API, linux SSH, putty - can all connect just fine to this FreSSH server.
In other words, Trilead+FreSSH seems to be the only broken scenario.
When trilead logging is enabled, the problem is clear.
TransportManager: Receive thread: error in receiveLoop: Unexpected SSH_MSG_CHANNEL_SUCCESS message for non-existent channel 0
This refers to the CHANNEL_SUCCESS message which is in response to the CHANNEL_REQUEST for a PTY. (requestPTY() method.)
ChannelManager.msgChannelSuccess() assumes the 0 is the client's channel number, and looks for a channel with a matching localID. This fails, and that error is logged. The channel's localID is 100.
I'm pretty sure that the 0 is the server's channel number for the channel. Investigation shows that the FreSSH server echos back in the CHANNEL_SUCCESS whatever was sent in the CHANNEL_REQUEST message. This happens for both the PTY request and the shell request.
It seems that the JSch client does not encounter this issue as it does not issue those, or any, CHANNEL_REQUEST messages. I could not make any observations about other clients.
I can post source code if necessary. But note that after calling new Connection(host, port), it then calls connection.getRemainingAuthMethods(loginid), which fails.
Here's a log of the failure.
2009-09-29 16:23:41,223 DEBUG TransportConnection: Sent SSH_MSG_KEXINIT 428 bytes payload
2009-09-29 16:23:41,223 DEBUG TransportConnection: Received SSH_MSG_KEXINIT 265 bytes payload
2009-09-29 16:23:41,223 DEBUG KexManager: kex_algo=diffie-hellman-group1-sha1
2009-09-29 16:23:41,223 DEBUG KexManager: server_host_key_algo=ssh-rsa
2009-09-29 16:23:41,223 DEBUG KexManager: enc_algo_client_to_server=aes128-cbc
2009-09-29 16:23:41,223 DEBUG KexManager: enc_algo_server_to_client=aes128-cbc
2009-09-29 16:23:41,223 DEBUG KexManager: mac_algo_client_to_server=hmac-sha1
2009-09-29 16:23:41,223 DEBUG KexManager: mac_algo_server_to_client=hmac-sha1
2009-09-29 16:23:41,223 DEBUG KexManager: comp_algo_client_to_server=none
2009-09-29 16:23:41,223 DEBUG KexManager: comp_algo_server_to_client=none
2009-09-29 16:23:41,254 DEBUG TransportConnection: Sent SSH_MSG_KEXDH_INIT 133 bytes payload
2009-09-29 16:23:41,395 DEBUG TransportConnection: Received SSH_MSG_KEXDH_REPLY/SSH_MSG_KEX_DH_GEX_GROUP 433 bytes payload
2009-09-29 16:23:41,426 DEBUG DhExchange: Client: 'SSH-2.0-TrileadSSH2Java_213'
2009-09-29 16:23:41,426 DEBUG DhExchange: Server: 'SSH-2.0-FreSSH.0.8'
2009-09-29 16:23:41,426 DEBUG RSASHA1Verify: Decoding ssh-rsa signature string (length: 128)
2009-09-29 16:23:41,426 DEBUG KexManager: Verifying ssh-rsa signature
2009-09-29 16:23:41,426 DEBUG TransportConnection: Sent SSH_MSG_NEWKEYS 1 bytes payload
2009-09-29 16:23:41,426 DEBUG TransportConnection: Received SSH_MSG_NEWKEYS 1 bytes payload
009-09-29 16:23:41,442 DEBUG TransportConnection: Sent SSH_MSG_SERVICE_REQUEST 17 bytes payload
2009-09-29 16:23:41,442 DEBUG TransportConnection: Sent SSH_MSG_USERAUTH_REQUEST 36 bytes payload
2009-09-29 16:23:41,442 DEBUG TransportConnection: Received SSH_MSG_SERVICE_ACCEPT 17 bytes payload
2009-09-29 16:23:41,582 DEBUG TransportConnection: Received SSH_MSG_USERAUTH_FAILURE 14 bytes payload
2009-09-29 16:23:41,582 DEBUG SSHShellConnection: 10.20.88.133:22 auth methods: password,
2009-09-29 16:23:41,598 DEBUG TransportConnection: Sent SSH_MSG_USERAUTH_REQUEST 45 bytes payload
2009-09-29 16:23:41,598 DEBUG TransportConnection: Received SSH_MSG_USERAUTH_SUCCESS 1 bytes payload
2009-09-29 16:23:41,598 DEBUG SSHShellConnection: 10.20.88.133:22 authenticated
2009-09-29 16:23:41,598 DEBUG ChannelManager: Sending SSH_MSG_CHANNEL_OPEN (Channel 100)
2009-09-29 16:23:41,598 DEBUG TransportConnection: Sent SSH_MSG_CHANNEL_OPEN 24 bytes payload
2009-09-29 16:23:41,598 DEBUG TransportConnection: Received SSH_MSG_CHANNEL_OPEN_CONFIRMATION 17 bytes payload
2009-09-29 16:23:41,598 DEBUG ChannelManager: Got SSH_MSG_CHANNEL_OPEN_CONFIRMATION (channel 100 / remote: 0)
2009-09-29 16:23:41,598 DEBUG TransportConnection: Sent SSH_MSG_CHANNEL_REQUEST 46 bytes payload
2009-09-29 16:23:41,598 DEBUG TransportConnection: Received SSH_MSG_CHANNEL_WINDOW_ADJUST 9 bytes payload
2009-09-29 16:23:41,598 DEBUG ChannelManager: Got SSH_MSG_CHANNEL_WINDOW_ADJUST (channel 100, 32768)
2009-09-29 16:23:41,786 DEBUG TransportConnection: Received SSH_MSG_CHANNEL_SUCCESS 5 bytes payload
2009-09-29 16:23:41,786 DEBUG TransportManager: Receive thread: error in receiveLoop: Unexpected SSH_MSG_CHANNEL_SUCCESS message for non-existent channel 0
2009-09-29 16:23:41,786 DEBUG TransportManager: Receive thread: back from receiveLoop
2009-09-29 16:23:41,786 DEBUG ChannelManager: HandleMessage: got shutdown
Thanks for the report.
According to the author of FreSSH it does not support version 2 protocol, which is the only one supported by orion/trilead-ssh2.
I managed to compile and run 0.8.1 version, but can't seem to get even OpenSSH connect to it with version 2 protocol (it might be that I broke something there, since it required rather heavy patching to even compile and enable what exists of v2 protocol support). You claim to have OpenSSH successfully connected; could you please state which version of OpenSSH have you used and attach output of ssh -v when connecting to that server?
I'm wondering if you could find source code to the FreSSH server you're connecting to?
Also, please attach the reproducer code.
>>> You claim to have OpenSSH successfully connected;
I don't think I ever tried OpenSSH to FreSSH.
I'm fairly certain from what I have seen that V2 was nogotiated on the connection. Did you see the log messages I posted below? Of course, if FreSSH negotiates version 2 when it doesn't support version 2, that would explain any number of problems. But then it leaves me to wonder why other client impls work okay with FreSSH. Surely the would also negotiate version 2?
>>> You claim to have OpenSSH successfully connected;
> I don't think I ever tried OpenSSH to FreSSH.
Sorry for my misunderstanding then.
> I'm fairly certain from what I have seen that V2 was nogotiated on the
> connection. Did you see the log messages I posted below?
Yes I did. FreSSH in fact can be configured to announce support of 1.99 (2 with fallback to 1) or 2.0; oddly in your case it seems to be 2.0. Therefore I configured my FreSSH instance for 2.0 support, but did not manage to connect to it with OpenSSH. I'll try running FreSSH on NetBSD 1.6 which seems to be its native platform and where it would probably be possible aviod any mistakes I could have done when compiling FreSSH on my Linux machine.
> FreSSH negotiates version 2 when it doesn't support version 2, that would
> explain any number of problems. But then it leaves me to wonder why other
> client impls work okay with FreSSH. Surely the would also negotiate version
> 2?
I'm wondering as well. Judging from the log you've posted, FreSSH server could have done the correct thing (replied with remote channel number); but I'm not really sure unless I'm able to reproduce the behavior. I'll try to look more into the issue over the weekend, thanks a lot for your feedback!