| Subject: | Net::SSH::Perl deadlocks with CoreFTP SSH server |
When connecting via Net::SSH::Perl version 1.28 to a server running
the CoreFTP server, the connection will not complete. Client
environment is Net-SSH-Perl-1.29 under perl 5.6.1 on Redhat linux
system (7.3) with a 2.4.20-20.7smp kernel.
When attempting to connect, the client times out waiting for a NEWKEYS
message to be received from the server before sending its own NEWKEYS
response as the kex completes. Apparently, CoreFTP is expecting the
client to send the NEWKEYS before it sends its own to complete the
key exchange.
I have attached a patch that I think fixes this. I tested the patch
against the CoreFTP server in question, as well as regression tested
against other Linux SSH servers (OpenBSD and Redhat), a Solaris
server, and multiple WinSSHD servers without any issues. As usual,
your mileage may vary. This is on a production box that makes around
10,000 connections per day to around 300 different servers worldwide,
so it is tested pretty thoroughly.
Please let me know if this an incorrect hack or not. I read the RFC
multiple times and as far as I can tell, this is still within the
specs.
**BE ADVISED** This patch is against version 1.28! Not the current
version.
Thanks,
Mark
| Subject: | patch |
--- Kex.pm.bak Sat Feb 5 00:33:21 2005
+++ Kex.pm Thu Mar 23 10:31:22 2006
@@ -99,6 +99,10 @@
bless $kex, $kex->{class_name};
$kex->exchange;
+ $ssh->debug("Send NEWKEYS, enable outgoing encryption/MAC/compression.");
+ $packet = $ssh->packet_start(SSH2_MSG_NEWKEYS);
+ $packet->send;
+
$ssh->debug("Waiting for NEWKEYS message.");
$packet = Net::SSH::Perl::Packet->read_expect($ssh, SSH2_MSG_NEWKEYS);
@@ -107,10 +111,6 @@
$kex->{$att}[0]->enable if $kex->{$att}[0];
}
- $ssh->debug("Send NEWKEYS, enable outgoing encryption/MAC/compression.");
- $packet = $ssh->packet_start(SSH2_MSG_NEWKEYS);
- $packet->send;
-
for my $att (qw( mac ciph comp )) {
$kex->{$att}[1]->enable if $kex->{$att}[1];
}