[Libssh] libssh server mode decryption errors

Brendan Gannon bgannon at cybertec.com.au
Thu Nov 15 01:03:29 CET 2007 

Hi,

I'm using the libssh 0.2 release, running the samplesshd code.

I'm connecting to the server using OpenSSH_4.5p1 (but I've also 
confirmed this is an issue using Putty on Windows).

Everything works fine when AES-128 or Blowfish are the cipher, eg using 
the following command:
$ ssh -c aes128-cbc -p 22223 admin at localhost

But when the cipher is AES-192, AES-256 or 3DES, eg
$ ssh -c aes256-cbc -p 22223 admin at localhost
the first decryption after SSH_MSG_NEWKEYS is received gets corrupted 
and the connection is closed.

Interestingly, using the samplessh app to connect to the server, it has 
no decryption problem.

Does anyone on the list have any idea where the problem lies? I've 
included the server output for AES-256 at the end of the mail.

Any help is much appreciated.

Cheers,

Brendan

Also, the small patch following is needed to get the server mode working:

--- libssh/server.c.orig        2007-11-15 10:46:47.000000000 +1100
+++ libssh/server.c     2007-11-15 10:47:11.000000000 +1100
@@ -150,6 +150,7 @@ SSH_SESSION *ssh_bind_accept(SSH_BIND *s
     session->options=ssh_options_copy(ssh_bind->options);
     session->dsa_key=dsa;
     session->rsa_key=rsa;
+    session->alive=1;
     return session;
 }

*** Server output using AES-256 ***

Dsa private key read successfuly
RSA private key read successfuly
Socket connecté : 4
find_matching("ssh-dss,ssh-rsa","ssh-dss,ssh-rsa") = "ssh-dss"
kex algos : diffie-hellman-group1-sha1
server host key algo : ssh-dss,ssh-rsa
encryption client->server : 
aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc
encryption server->client : 
aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc
mac algo client->server : hmac-sha1
mac algo server->client : hmac-sha1
compression algo client->server : none,zlib
compression algo server->client : none,zlib
languages client->server :
languages server->client :
Writing on the wire a packet having 247 bytes before,247 bytes after 
comp + 4 padding bytes = 252 bytes packet
size decrypted : 1c4
Read a 452 bytes packet
6 bytes padding, 451 bytes left in buffer
After padding, 445 bytes left in buffer
Final size 445
type 20
kex algos : 
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
server host key algo : ssh-rsa,ssh-dss
encryption client->server : aes256-cbc
encryption server->client : aes256-cbc
mac algo client->server : 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
mac algo server->client : 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
compression algo client->server : none,zlib at openssh.com,zlib
compression algo server->client : none,zlib at openssh.com,zlib
languages client->server :
languages server->client :
find_matching("aes256-cbc","aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc") 
= "aes256-cbc"
Set output algorithm aes256-cbc
find_matching("aes256-cbc","aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc") 
= "aes256-cbc"
Set input algorithm aes256-cbc
find_matching("aes256-cbc","aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc") 
= "aes256-cbc"
find_matching("aes256-cbc","aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc") 
= "aes256-cbc"
find_matching("ssh-rsa,ssh-dss","ssh-dss,ssh-rsa") = "ssh-rsa"
size decrypted : 8c
Read a 140 bytes packet
6 bytes padding, 139 bytes left in buffer
After padding, 133 bytes left in buffer
Final size 133
type 30
Importing a 1024 bits,128 bytes object ...
1024 bits, 128 bytes, 1 padding
1021 bits, 128 bytes, 0 padding
1024 bits, 128 bytes, 1 padding
1024 bits, 128 bytes, 1 padding
Writing on the wire a packet having 690 bytes before,690 bytes after 
comp + 9 padding bytes = 700 bytes packet
Writing on the wire a packet having 1 bytes before,1 bytes after comp + 
10 padding bytes = 12 bytes packet
SSH_MSG_NEWKEYS sent
size decrypted : c
Read a 12 bytes packet
10 bytes padding, 11 bytes left in buffer
After padding, 1 bytes left in buffer
Final size 1
type 21
Got SSH_MSG_NEWKEYS
1024 bits, 128 bytes, 1 padding
Decrypting 16 bytes data
size decrypted : ff08c1f
error : read_packet(): Packet len too high(267422751ld 0ff08c1f)

More information about the Libssh mailing list