Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ssh: got error "ssh: short read" on older cipher #24859

Closed
Greyh4t opened this issue Apr 14, 2018 · 5 comments
Closed

x/crypto/ssh: got error "ssh: short read" on older cipher #24859

Greyh4t opened this issue Apr 14, 2018 · 5 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unreleased

Comments

@Greyh4t
Copy link

Greyh4t commented Apr 14, 2018
edited by agnivade

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

go1.10.1 windows/amd64

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

windows/amd64 (Linux and Darwin also)

What did you do?

If possible, provide a recipe for reproducing the error.
A complete runnable program is good.
A link on play.golang.org is best.

package main

import (
	"fmt"
	"net"
	"time"

	"golang.org/x/crypto/ssh"
)

func main() {
	config := new(ssh.ClientConfig)
	config.SetDefaults()
	config.User = "user"
	config.Auth = []ssh.AuthMethod{ssh.Password("passwd")}
	config.Timeout = time.Second * 5
	config.Ciphers = append(config.Ciphers, "aes256-cbc", "aes128-cbc",
		"3des-cbc", "des-cbc")
	config.HostKeyCallback = func(hostname string, remote net.Addr,
		key ssh.PublicKey) error {
		return nil
	}
	client, err := ssh.Dial("tcp", "106.39.177.129:22", config)
	if err != nil {
		fmt.Println(err)
	} else {
		client.Close()
	}
}

What did you expect to see?

no error

What did you see instead?

When dial to 106.39.177.129, the connection can't be created.

If connect without specifying a cipher list, i got a error: "ssh: handshake failed: ssh: no common algorithm for client to server cipher; client offered: [aes128-gcm@openssh.com chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr], server offered: [aes256-cbc aes128-cbc 3des-cbc aes256-cbc des-cbc]".

If i use [aes256-cbc aes128-cbc 3des-cbc des-cbc] for handshake, i got a error: "ssh: handshake failed: ssh: short read"

If i use xshell connect to 106.39.177.129, no error.
@gopherbot gopherbot added this to the Unreleased milestone Apr 14, 2018
@Greyh4t Greyh4t changed the title x/crypto/ssh: got error "ssh: short read" on cipher x/crypto/ssh: got error "ssh: short read" on older cipher Apr 14, 2018
@FiloSottile
Copy link
Contributor

/cc @hanwen

@FiloSottile FiloSottile added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Apr 17, 2018
@hanwen
Copy link
Contributor

hanwen commented Apr 17, 2018

what software is this server running? OpenSSH_7.6p1, OpenSSL 1.0.2l 25 May 2017 also won't connect, so I think this server is somehow not following spec. Log:

debug1: Authenticating to 106.39.177.129:22 as 'hanwen'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha1
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes256-cbc MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes256-cbc MAC: hmac-sha2-256 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
ssh_dispatch_run_fatal: Connection to 106.39.177.129 port 22: invalid format

@Greyh4t
Copy link
Author

Greyh4t commented Apr 17, 2018

@hanwen It's Huawei VRP sshd (protocol 1.99)

@hanwen
Copy link
Contributor

hanwen commented Apr 17, 2018

until openssh can connect successfully to this device, I don't see what we can do here. Have you filed a bugreport with Huawei?

Note that xshell is implicated in shadowy dealings, see https://www.theregister.co.uk/2017/08/15/netsarang_software_backdoor/

@hanwen
Copy link
Contributor

hanwen commented Apr 17, 2018

duplicate issue, #23058

@hanwen hanwen closed this as completed Apr 17, 2018
@OGKevin OGKevin mentioned this issue Aug 20, 2018
Closed
@golang golang locked and limited conversation to collaborators Apr 17, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@hanwen @FiloSottile @Greyh4t @gopherbot