Skip Menu |

This queue is for tickets about the Net-SSH-Perl CPAN distribution.

Report information
The Basics
Id: 100295
Status: open
Priority: 0/
Queue: Net-SSH-Perl
People
Owner: schwigon [...] cpan.org
Requestors: dragle [...] velocity.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Wed Nov 12 12:29:39 2014 dragle [...] velocity.org - Ticket created
Subject: RomSShell hangs waiting for NEWKEYS
Date: Wed, 12 Nov 2014 17:29:25 +0000
To: "bug-Net-SSH-Perl [...] rt.cpan.org" <bug-Net-SSH-Perl [...] rt.cpan.org>
From: Dan Ragle <dragle [...] velocity.org>
In regards to Net::SSH::Perl 1.38: It appears as though connections to RomSShell 4.31 hang due to a deadlock condition wherein each side is waiting for the other to send a NEWKEYS message. I considered just reversing the sequence in the code for all connections but wasn't sure if that would work for all other servers. So instead I created a COMPAT entry as below to deal with the issue. Unfortunately once I get past this I still cannot actually execute commands on that server because of "Channel open failure: 1: reason 4: Support is limited to one channel". But that's a different beast (and my immediate needs only needed the connection so it worked for me). Cheers, Dan Ragle Here are the changes for the NEWKEYS swap: --- SSHORIG/Perl/Constants.pm 2013-08-09 16:54:24.000000000 -0400 +++ SSH/Perl/Constants.pm 2014-11-07 10:17:15.042384582 -0500 @@ -48,6 +48,7 @@ 'SSH_COMPAT_BUG_X11FWD' => 0x08, 'SSH_COMPAT_OLD_SESSIONID' => 0x10, 'SSH_COMPAT_BUG_PKAUTH' => 0x20, + 'SSH_COMPAT_REVERSE_NEWKEYS' => 0x40, 'SSH_COMPAT_BUG_RSASIGMD5' => 0x2000, 'SSH2_MSG_DISCONNECT' => 1, --- SSHORIG/Perl/Kex.pm 2013-08-09 16:54:24.000000000 -0400 +++ SSH/Perl/Kex.pm 2014-11-12 10:43:47.527764080 -0500 @@ -14,7 +14,8 @@ :kex :proposal :protocol - SSH_COMPAT_BUG_HMAC ); + SSH_COMPAT_BUG_HMAC + SSH_COMPAT_REVERSE_NEWKEYS ); use Carp qw( croak ); use Digest::SHA1 qw( sha1 ); @@ -99,12 +100,22 @@ bless $kex, $kex->{class_name}; $kex->exchange; - $ssh->debug("Waiting for NEWKEYS message."); - $packet = Net::SSH::Perl::Packet->read_expect($ssh, SSH2_MSG_NEWKEYS); - - $ssh->debug("Send NEWKEYS."); - $packet = $ssh->packet_start(SSH2_MSG_NEWKEYS); - $packet->send; + my @execorder = (1,2); + if ($ssh->{datafellows} & SSH_COMPAT_REVERSE_NEWKEYS) { + @execorder = (2,1); + $ssh->debug("Reversing NEWKEYS flow (compat trigger)."); + } + foreach my $execlevel (@execorder) { + if ($execlevel == 1) { + $ssh->debug("Waiting for NEWKEYS message."); + $packet = Net::SSH::Perl::Packet->read_expect($ssh, SSH2_MSG_NEWKEYS); + } + elsif ($execlevel == 2) { + $ssh->debug("Send NEWKEYS."); + $packet = $ssh->packet_start(SSH2_MSG_NEWKEYS); + $packet->send; + } + } $ssh->debug("Enabling encryption/MAC/compression."); $ssh->{kex} = $kex; --- SSHORIG/Perl.pm 2014-11-07 10:14:50.000000000 -0500 +++ SSH/Perl.pm 2014-11-07 10:22:21.771369934 -0500 @@ -76,6 +76,7 @@ [ '^3\.0 SecureCRT' => SSH_COMPAT_OLD_SESSIONID, ], [ '^1\.7 SecureFX' => SSH_COMPAT_OLD_SESSIONID, ], [ '^2\.' => SSH_COMPAT_BUG_HMAC, ], + [ '^RomSShell_4\.31' => SSH_COMPAT_REVERSE_NEWKEYS ], ); sub _compat_init {

Message body is not shown because it is too large.

  Wed Apr 27 04:03:17 2016 schwigon [...] cpan.org - Correspondence added
Hi Dan, is this topic still a problem? If so, can you please rebase your changes on the latest version v2.01 in https://github.com/renormalist/Net-SSH-Perl, test it and and update this ticket here? In case the problem vanished, eg. because it's an old RomSShell issue, it's also fine for me if you close the ticket. Thanks. Steffen On Wed Nov 12 12:29:39 2014, dragle@velocity.org wrote: Show quoted text
> In regards to Net::SSH::Perl 1.38: > > It appears as though connections to RomSShell 4.31 hang due to a > deadlock condition wherein each side is waiting for the other to send > a NEWKEYS message. I considered just reversing the sequence in the > code for all connections but wasn't sure if that would work for all > other servers. So instead I created a COMPAT entry as below to deal > with the issue. > > Unfortunately once I get past this I still cannot actually execute > commands on that server because of "Channel open failure: 1: reason 4: > Support is limited to one channel". But that's a different beast (and > my immediate needs only needed the connection so it worked for me). > > Cheers, > > Dan Ragle > > Here are the changes for the NEWKEYS swap: > > --- SSHORIG/Perl/Constants.pm 2013-08-09 16:54:24.000000000 -0400 > +++ SSH/Perl/Constants.pm 2014-11-07 10:17:15.042384582 -0500 > @@ -48,6 +48,7 @@ > 'SSH_COMPAT_BUG_X11FWD' => 0x08, > 'SSH_COMPAT_OLD_SESSIONID' => 0x10, > 'SSH_COMPAT_BUG_PKAUTH' => 0x20, > + 'SSH_COMPAT_REVERSE_NEWKEYS' => 0x40, > 'SSH_COMPAT_BUG_RSASIGMD5' => 0x2000, > > 'SSH2_MSG_DISCONNECT' => 1, > > --- SSHORIG/Perl/Kex.pm 2013-08-09 16:54:24.000000000 -0400 > +++ SSH/Perl/Kex.pm 2014-11-12 10:43:47.527764080 -0500 > @@ -14,7 +14,8 @@ > :kex > :proposal > :protocol > - SSH_COMPAT_BUG_HMAC ); > + SSH_COMPAT_BUG_HMAC > + SSH_COMPAT_REVERSE_NEWKEYS ); > > use Carp qw( croak ); > use Digest::SHA1 qw( sha1 ); > @@ -99,12 +100,22 @@ > bless $kex, $kex->{class_name}; > $kex->exchange; > > - $ssh->debug("Waiting for NEWKEYS message."); > - $packet = Net::SSH::Perl::Packet->read_expect($ssh, > SSH2_MSG_NEWKEYS); > - > - $ssh->debug("Send NEWKEYS."); > - $packet = $ssh->packet_start(SSH2_MSG_NEWKEYS); > - $packet->send; > + my @execorder = (1,2); > + if ($ssh->{datafellows} & SSH_COMPAT_REVERSE_NEWKEYS) { > + @execorder = (2,1); > + $ssh->debug("Reversing NEWKEYS flow (compat trigger)."); > + } > + foreach my $execlevel (@execorder) { > + if ($execlevel == 1) { > + $ssh->debug("Waiting for NEWKEYS message."); > + $packet = Net::SSH::Perl::Packet->read_expect($ssh, > SSH2_MSG_NEWKEYS); > + } > + elsif ($execlevel == 2) { > + $ssh->debug("Send NEWKEYS."); > + $packet = $ssh->packet_start(SSH2_MSG_NEWKEYS); > + $packet->send; > + } > + } > > $ssh->debug("Enabling encryption/MAC/compression."); > $ssh->{kex} = $kex; > > --- SSHORIG/Perl.pm 2014-11-07 10:14:50.000000000 -0500 > +++ SSH/Perl.pm 2014-11-07 10:22:21.771369934 -0500 > @@ -76,6 +76,7 @@ > [ '^3\.0 SecureCRT' => SSH_COMPAT_OLD_SESSIONID, ], > [ '^1\.7 SecureFX' => SSH_COMPAT_OLD_SESSIONID, ], > [ '^2\.' => SSH_COMPAT_BUG_HMAC, ], > + [ '^RomSShell_4\.31' => SSH_COMPAT_REVERSE_NEWKEYS ], > ); > > sub _compat_init {
-- Steffen Schwigon <ss5@renormalist.net> Dresden Perl Mongers <http://dresden-pm.org/>
  Wed Apr 27 04:03:17 2016 The RT System itself - Status changed from 'new' to 'open'
  Wed Apr 27 04:03:18 2016 schwigon [...] cpan.org - Taken
  Wed May 11 11:29:01 2016 dragle [...] velocity.org - Correspondence added
Subject: RE: [rt.cpan.org #100295] RomSShell hangs waiting for NEWKEYS
Date: Wed, 11 May 2016 15:28:44 +0000
To: "bug-Net-SSH-Perl [...] rt.cpan.org" <bug-Net-SSH-Perl [...] rt.cpan.org>
From: Dan Ragle <dragle [...] velocity.org>
Steffon, I'm afraid we went a different direction with that project and are not actively using Net::SSH::Perl. I was able to retrieve some of my old testing code from this original post and play with it a bit this morning, but I'm not able to fully test it out at this time. I got so far as to try the 2.01 code against a RomSShell 4.31 device. I had to force in 3des-cbc, diffie-hellman-group1-sha1 and ssh-dss as supported cipher, client key exchange and host key algorithms, but then got: Using diffie-hellman-group1-sha1 for key exchange Host key algorithm: ssh-dss Algorithms, c->s: 3des-cbc hmac-sha1 none Algorithms, s->c: 3des-cbc hmac-sha1 none Generating new Diffie-Hellman Group 1 keys Entering Diffie-Hellman Group 1 key exchange. Sent DH public key, waiting for reply. Received host key, type 'ssh-dss'. Host '1.2.3.4' is known and matches the host key. Computing shared secret key. Verifying server signature. Key verification failed for server host key at /usr/local/lib64/perl5/Net/SSH/Perl/SSH2.pm line 118 As I said, I'm afraid I don't have time to dig into it further. Looking at the code I see the Wait/Send of NEWKEYS has been reversed, so I would think it would work if I could get past the key exchange. Cheers, Dan Ragle Show quoted text
________________________________________ From: Steffen Schwigon via RT [bug-Net-SSH-Perl@rt.cpan.org] Sent: Wednesday, April 27, 2016 4:03 AM To: Dan Ragle Subject: [rt.cpan.org #100295] RomSShell hangs waiting for NEWKEYS <URL: https://rt.cpan.org/Ticket/Display.html?id=100295 > Hi Dan, is this topic still a problem? If so, can you please rebase your changes on the latest version v2.01 in https://github.com/renormalist/Net-SSH-Perl, test it and and update this ticket here? In case the problem vanished, eg. because it's an old RomSShell issue, it's also fine for me if you close the ticket. Thanks. Steffen On Wed Nov 12 12:29:39 2014, dragle@velocity.org wrote:
> In regards to Net::SSH::Perl 1.38: > > It appears as though connections to RomSShell 4.31 hang due to a > deadlock condition wherein each side is waiting for the other to send > a NEWKEYS message. I considered just reversing the sequence in the > code for all connections but wasn't sure if that would work for all > other servers. So instead I created a COMPAT entry as below to deal > with the issue. > > Unfortunately once I get past this I still cannot actually execute > commands on that server because of "Channel open failure: 1: reason 4: > Support is limited to one channel". But that's a different beast (and > my immediate needs only needed the connection so it worked for me). > > Cheers, > > Dan Ragle > > Here are the changes for the NEWKEYS swap: > > --- SSHORIG/Perl/Constants.pm 2013-08-09 16:54:24.000000000 -0400 > +++ SSH/Perl/Constants.pm 2014-11-07 10:17:15.042384582 -0500 > @@ -48,6 +48,7 @@ > 'SSH_COMPAT_BUG_X11FWD' => 0x08, > 'SSH_COMPAT_OLD_SESSIONID' => 0x10, > 'SSH_COMPAT_BUG_PKAUTH' => 0x20, > + 'SSH_COMPAT_REVERSE_NEWKEYS' => 0x40, > 'SSH_COMPAT_BUG_RSASIGMD5' => 0x2000, > > 'SSH2_MSG_DISCONNECT' => 1, > > --- SSHORIG/Perl/Kex.pm 2013-08-09 16:54:24.000000000 -0400 > +++ SSH/Perl/Kex.pm 2014-11-12 10:43:47.527764080 -0500 > @@ -14,7 +14,8 @@ > :kex > :proposal > :protocol > - SSH_COMPAT_BUG_HMAC ); > + SSH_COMPAT_BUG_HMAC > + SSH_COMPAT_REVERSE_NEWKEYS ); > > use Carp qw( croak ); > use Digest::SHA1 qw( sha1 ); > @@ -99,12 +100,22 @@ > bless $kex, $kex->{class_name}; > $kex->exchange; > > - $ssh->debug("Waiting for NEWKEYS message."); > - $packet = Net::SSH::Perl::Packet->read_expect($ssh, > SSH2_MSG_NEWKEYS); > - > - $ssh->debug("Send NEWKEYS."); > - $packet = $ssh->packet_start(SSH2_MSG_NEWKEYS); > - $packet->send; > + my @execorder = (1,2); > + if ($ssh->{datafellows} & SSH_COMPAT_REVERSE_NEWKEYS) { > + @execorder = (2,1); > + $ssh->debug("Reversing NEWKEYS flow (compat trigger)."); > + } > + foreach my $execlevel (@execorder) { > + if ($execlevel == 1) { > + $ssh->debug("Waiting for NEWKEYS message."); > + $packet = Net::SSH::Perl::Packet->read_expect($ssh, > SSH2_MSG_NEWKEYS); > + } > + elsif ($execlevel == 2) { > + $ssh->debug("Send NEWKEYS."); > + $packet = $ssh->packet_start(SSH2_MSG_NEWKEYS); > + $packet->send; > + } > + } > > $ssh->debug("Enabling encryption/MAC/compression."); > $ssh->{kex} = $kex; > > --- SSHORIG/Perl.pm 2014-11-07 10:14:50.000000000 -0500 > +++ SSH/Perl.pm 2014-11-07 10:22:21.771369934 -0500 > @@ -76,6 +76,7 @@ > [ '^3\.0 SecureCRT' => SSH_COMPAT_OLD_SESSIONID, ], > [ '^1\.7 SecureFX' => SSH_COMPAT_OLD_SESSIONID, ], > [ '^2\.' => SSH_COMPAT_BUG_HMAC, ], > + [ '^RomSShell_4\.31' => SSH_COMPAT_REVERSE_NEWKEYS ], > ); > > sub _compat_init {
-- Steffen Schwigon <ss5@renormalist.net> Dresden Perl Mongers <http://dresden-pm.org/>