Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unknown Error during Handshake #1340

Closed
jawaad-juggle opened this issue Oct 31, 2023 · 2 comments
Closed

Unknown Error during Handshake #1340

jawaad-juggle opened this issue Oct 31, 2023 · 2 comments

Comments

@jawaad-juggle
Copy link

I'm currently running a basic SSH2 Server with the ssh2 library (I copied this example from the docs ), listening in to port 2222. In the on("authentication", callback) I'm only accepting the ctx.method of publickey.

They keypairs have been generated using the following command in the command line for both the server and the client:
ssh-keygen -t rsa -b 2048

In the terminal I'm trying to connect to the server using the command below:
ssh -p 2222 127.0.0.1 -i <path to private_key>

The command line returns the following debug logs:

OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/<user>/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/<user>/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2222.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/<user>/.ssh/id_rsa type 0
debug1: identity file /home/<user>/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.3
debug1: Remote protocol version 2.0, remote software version ssh2js1.14.0
debug1: compat_banner: no match: ssh2js1.14.0
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 127.0.0.1:2222 as '<user>'
debug3: put_host_port: [127.0.0.1]:2222
debug3: record_hostkey: found key type RSA in file /home/<user>/.ssh/known_hosts:5
debug3: load_hostkeys_file: loaded 1 keys from [127.0.0.1]:2222
debug1: load_hostkeys: fopen /home/<user>/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: prefer hostkeyalgs: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:219wxy1gh95HbFBXNinpmBzE5C9B3AF8JMei57L5yXE
debug3: put_host_port: [127.0.0.1]:2222
debug3: put_host_port: [127.0.0.1]:2222
debug3: record_hostkey: found key type RSA in file /home/<user>/.ssh/known_hosts:5
debug3: load_hostkeys_file: loaded 1 keys from [127.0.0.1]:2222
debug1: load_hostkeys: fopen /home/<user>/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[127.0.0.1]:2222' is known and matches the RSA host key.
debug1: Found key in /home/<user>/.ssh/known_hosts:5
ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 2222: invalid format

When enabling Debug mode in the SSH Server, I get the following logs from the Node SSH2 Server:

listening on localhost:2222
[5.457205987] Custom crypto binding not available
[5.457205987] Local ident: 'SSH-2.0-ssh2js1.14.0'
[5.457205987] Remote ident: 'SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.3'
client connected
[5.457205987] Outbound: Sending KEXINIT
[5.457205987] Inbound: Handshake in progress
[5.457205987] Handshake: (local) KEX method: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
[5.457205987] Handshake: (remote) KEX method: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
[5.457205987] Handshake: KEX algorithm: ecdh-sha2-nistp256
[5.457205987] Handshake: (local) Host key format: rsa-sha2-512,rsa-sha2-256,ssh-rsa
[5.457205987] Handshake: (remote) Host key format: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com
[5.457205987] Handshake: Host key format: rsa-sha2-512
[5.457205987] Handshake: (local) C->S cipher: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
[5.457205987] Handshake: (remote) C->S cipher: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[5.457205987] Handshake: C->S Cipher: aes128-ctr
[5.457205987] Handshake: (local) S->C cipher: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
[5.457205987] Handshake: (remote) S->C cipher: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[5.457205987] Handshake: S->C cipher: aes128-ctr
[5.457205987] Handshake: (local) C->S MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[5.457205987] Handshake: (remote) C->S MAC: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[5.457205987] Handshake: C->S MAC: hmac-sha2-256-etm@openssh.com
[5.457205987] Handshake: (local) S->C MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[5.457205987] Handshake: (remote) S->C MAC: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[5.457205987] Handshake: S->C MAC: hmac-sha2-256-etm@openssh.com
[5.457205987] Handshake: (local) C->S compression: none,zlib@openssh.com,zlib
[5.457205987] Handshake: (remote) C->S compression: none,zlib@openssh.com,zlib
[5.457205987] Handshake: C->S compression: none
[5.457205987] Handshake: (local) S->C compression: none,zlib@openssh.com,zlib
[5.457205987] Handshake: (remote) S->C compression: none,zlib@openssh.com,zlib
[5.457205987] Handshake: S->C compression: none
[5.457205987] Received DH Init
[5.457205987] Generating signature ...
[5.457205987] Outbound: Sending KEXECDH_REPLY
[5.457205987] Outbound: Sending NEWKEYS
[5.457205987] Socket ended

The issue we're facing is that the SSH client is throwing an invalid format error, without much other information. The server seems like it's sent over everything needed to complete the handshake, but the client complains about the data received back from the SSH server.

If I use the client() from the ssh2 library, we're able to authenticate and send commands without an issue, but when using anything other than the ssh2 library to connect to the SSH Server, we seem to get the above error.

I can't find anything on Google regarding this issue, not too sure where to go from here. Any help would be appreciated.

@jawaad-juggle
Copy link
Author

jawaad-juggle commented Nov 6, 2023

Turns out that ssh2 doesn't work with the Bun runtime as yet. I switched back to using NodeJS and re-ran the code and it worked exactly as expected. If anyone manages to get it working with Bun in the future please let me know.

@elmpp
Copy link

elmpp commented Apr 21, 2024

Turns out that ssh2 doesn't work with the Bun runtime as yet. I switched back to using NodeJS and re-ran the code and it worked exactly as expected. If anyone manages to get it working with Bun in the future please let me know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants