dbclient can't connect to embedded dropbear server
paxinos opened this issue · 4 comments
paxinos commented
tring to connect to a device that is running dropbear ssh. From linux, bnoth openssh and dbclient are unable to connect. However, Termius is able to connect from Max, Linux, and iOS. And Putty can connect from Window.
We do not have access to the server implementation.
We have already tried the various ideas we've found by googling, such as
-o KexAlgorithms=ecdh-sha2-nistp521
Here is the log using dbclient on linux:
(base) pax@ithaki:~$ dbclient admin@172.16.86.115
dbclient: Connection to admin@172.16.86.115:22 exited: Remote closed the connection
(base) pax@ithaki:~$
And here is ssh on linux:
(base) pax@ithaki:~$ ssh -vvv admin@172.16.86.115
OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 172.16.86.115 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/pax/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/pax/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 172.16.86.115 [172.16.86.115] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/pax/.ssh/id_rsa type 0
debug1: identity file /home/pax/.ssh/id_rsa-cert type -1
debug1: identity file /home/pax/.ssh/id_ecdsa type -1
debug1: identity file /home/pax/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/pax/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/pax/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/pax/.ssh/id_ed25519 type 3
debug1: identity file /home/pax/.ssh/id_ed25519-cert type -1
debug1: identity file /home/pax/.ssh/id_ed25519_sk type -1
debug1: identity file /home/pax/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/pax/.ssh/id_xmss type -1
debug1: identity file /home/pax/.ssh/id_xmss-cert type -1
debug1: identity file /home/pax/.ssh/id_dsa type -1
debug1: identity file /home/pax/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.3
debug1: Remote protocol version 2.0, remote software version dropbear_2020.81
debug1: compat_banner: no match: dropbear_2020.81
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 172.16.86.115:22 as 'admin'
debug1: load_hostkeys: fopen /home/pax/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: no algorithms matched; accept original
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au
debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp521,rsa-sha2-256,ssh-rsa,ssh-dss
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,3des-ctr,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,3des-ctr,3des-cbc
debug2: MACs ctos: hmac-sha1-96,hmac-sha1,hmac-sha2-256
debug2: MACs stoc: hmac-sha1-96,hmac-sha1,hmac-sha2-256
debug2: compression ctos: zlib@openssh.com,none
debug2: compression stoc: zlib@openssh.com,none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 172.16.86.115 port 22
(base) pax@ithaki:~$
mkj commented
Can you get a log from the Dropbear server side? I can't see anything wrong in the client log.
paxinos commented
I’ve asked the vendor to provide details.
I’ve setup syslog for the device, and while I get messages for other
processes, I don’t see any logs for ssh. Hopefully they can provide info
on how to capture the logs.
Thanks!
…On Mon, Sep 4, 2023 at 9:30 PM Matt Johnston ***@***.***> wrote:
Can you get a log from the Dropbear server side? I can't see anything
wrong in the client log.
—
Reply to this email directly, view it on GitHub
<#251 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGX4E3LJCGQMN5WINHAWDDXYZ6D3ANCNFSM6AAAAAA4KZP4X4>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
paxinos commented
Greetings. Thanks again for your prompt response. Ended up doing a firmware update on the device and now both dbclient and command line ssh on linux are working fine.
Of course we've now gone to the next layer in the onion. We are having problems with ssh from node-red.
node-red-contrib-ssh-v3 : connects but no output
node-red-contrib-interactive-ssh : connects and works, but periodically drops connection
And they both use the same ssh2 npm module... so we are digging through the differences now... Can't wait to see what the next layer of the onion will provide.
mkj commented
Closing this, let me know if there's anything that needs fixing on the Dropbear side