manojampalam
commented
8 years ago If you are using the latest build, try checking for sshd.log in both system32 and in sshd.exe's folder.
Closed keithzg closed 7 years ago
manojampalam
commented
8 years ago If you are using the latest build, try checking for sshd.log in both system32 and in sshd.exe's folder.
darkblaze69
commented
8 years ago seems to be a bug in JuiceSSH realization. Other clients work good.
log while connecting via JuiceSSH: 2160 21:55:45 161 Accepted password for admin from 192.168.1.xx port 38197 ssh2 2160 21:55:45 176 fatal: ssh_dispatch_run_fatal: Connection to 192.168.1.xx: incomplete message
PaulMaddox
commented
8 years ago Hi @darkblaze69,
JuiceSSH developer here. I'd be interested in looking into this further if you are able to help?
I've had a brief investigation and I think the SSH library we are using (JSch) is ignoring best practices specified in RFC4253. Specifically, when it encounters an unknown SSH message type, rather than sending SSH_MSG_UNIMPLEMENTED and continuing, it's throwing an exception and bailing out.
Are you able to help test if I can come up with a fix?
darkblaze69
commented
8 years ago @PaulMaddox, I'm not a developer, but would test it from the user side
PaulMaddox
commented
8 years ago Hi @darkblaze69 and @keithzg, can you please try connecting with the following beta version of JuiceSSH:
https://juicessh.com/juicessh-2.1.2-beta1.apk
Could you then generate a debug log, by long pressing the app version number in the JuiceSSH settings menu. This will generate a detailed log, similar to the one @keithzg posted previously.
Thanks
keithzg
commented
8 years ago Hi @PaulMaddox, unfortunately that beta apk doesn't seem to have fixed things for me:
JuiceSSH Version: 2.1.2 (115)
Device Manufacturer: google
Device Model: Pixel C
Device Board: dragon
Device Bootloader: Google_Smaug.7132.285.0
Android Version: N N (sdk:23)
CPU ABI: armeabi-v7a
CPU ABI2: armeabi
...
3/22/16 20:55 (info): INFO: Next authentication method: password
3/22/16 20:55 (info): INFO: Authentication succeeded (password).
3/22/16 20:55 (debug): Connecting SSH Shell
3/22/16 20:55 (info): WARN: Ignoring unknown SSH message type 86
3/22/16 20:55 (info): INFO: Caught an exception, leaving main loop due to Connection reset
3/22/16 20:55 (info): INFO: Disconnecting from mercury port 22
3/22/16 20:55 (debug): Transport chain 2000 is now unattachedThat being said, it now always drops due to "Connection reset" rather than disconnecting directly because of the unknown message type, so presumably it's handling things better in a general sense regardless of that not actually fixing this problem?
@manojampalam: only after upgrading to the March 19th release did I notice https://github.com/PowerShell/Win32-OpenSSH/commit/f43f33da8bb93a5c0804e6e2a71fe2f80aed4bc8 and realize I was looking in the "wrong" place before for the log file, oops. Looking at it now, I see the following for the failed JuiceSSH connections:
4684 21:51:28 171 Accepted password for Autobuilds from 10.1.186.204 port 38179 ssh2
4684 21:51:28 186 fatal: ssh_dispatch_run_fatal: Connection to 10.1.186.204: incomplete messageI tried setting LogLevel VERBOSE in sshd_config, but I don't get anything useful further:
5980 21:55:10 308 Connection from 10.1.186.204 port 38183 on 10.1.187.213 port 22
5980 21:55:10 667 Failed none for Autobuilds from 10.1.186.204 port 38183 ssh2
5980 21:55:10 683 Failed keyboard-interactive for Autobuilds from 10.1.186.204 port 38183 ssh2
5980 21:55:10 683 Accepted password for Autobuilds from 10.1.186.204 port 38183 ssh2
5980 21:55:10 699 fatal: ssh_dispatch_run_fatal: Connection to 10.1.186.204: incomplete message
Joelgp83
commented
8 years ago Hi, just wanted to add another confirmation of this bug, though in my case it's from trying to connect juicessh a win7-64bit machine equipped with the March 19th release. As others have stated, it works fine when I connect my linux mint 17.3 box, but bails out with the same error when using juicessh on android.
ghost
commented
8 years ago I had a problem connecting with differrent client and the cause was compression. The client connecting to ssh cannot have compression enabled.
Joelgp83
commented
8 years ago Good thought, but I already checked for that, as I encountered issues with compression when connecting from my mint box (ssh
PaulMaddox
commented
8 years ago Interesting. JuiceSSH actually enables compression by default on most modern Android devices (it's disabled on some older models due to memory constraints IIRC). It should be fairly trivial to pull this out to a switchable user preference if required.
Although compression is enabled by default in JuiceSSH, it should fall back to none if the server reports that it doesn't support compression. It looks like the server is reporting that it does support compression though (below is from the log posted previously)...
2/25/16 14:03 (info): INFO: kex: server: none,zlib@openssh.com
2/25/16 14:03 (info): INFO: kex: client: zlib@openssh.com,zlib,none
...
2/25/16 14:03 (info): INFO: kex: server->client aes128-ctr hmac-sha1 zlib@openssh.com
2/25/16 14:03 (info): INFO: kex: client->server aes128-ctr hmac-sha1 zlib@openssh.comThat said, last night I built a version of JuiceSSH with compression disabled, and successfully connected:
I'm guessing the latest hosted release binaries are not compiled against zlib, so therefore compression isn't working. Can anyone from the Win32-OpenSSH team comment on why the server is reporting that compression is supported, if it's not? If the server correctly reported, this probably wouldn't be an issue for the majority of clients.
Drusantia
commented
8 years ago Indeed disabling compression (server side) solves the connection problem: in C:\Program Files\OpenSSH-Win64\sshd_config Added the line: Compression no (commented out Compression setting was on line 102 by the way) Restarted the sshd service - win.
Note: I needed to set the backspace option to Legacy on the connection for the backspace work properly. Server is a Windows Server 2012 R2.
p1r473
commented
7 years ago I am getting a similar issue "Caught an exception, leaving main loop due to unknown SSH message type 27" Disconnecting...
I've also had message type 54, and another one too. I am running sshd on Windows 10 too, and trying to connect with JuiceSSH on Android 7.1
Putting "compression no" fixed it for me as well.
Is there any better fix?
manojampalam
commented
7 years ago Will fix it next release. Server shouldn't report zlib when it does not support it.
rkitover
commented
6 years ago Sorry to bump an old issue, but I'm getting this problem with the current Win10 sshd.
I've tried add Compression no to my sshd_config (followed by fixing permissions on it with Repair-SshdConfigPermission) but this does not fix the problem.
This is the last thing I see when JuiceSSH tries to connect:
SSH_MSG_KEXINIT sent
Disconnecting from zenbook port 22The dialog that pops up says:
Connection Failed
java.io.IOException: End of IO Stream Read
Do you want to retry?
bagajjal
commented
6 years ago @rkitover - If you are using v1.0.0.0 and above then you need to restart sshd service after making changes to sshd_config. If it didn't help, enable DEBUG3 on sshd service and ssh -vvv user@ip.
Also make sure all the executables (at server side) have read permissions to "authenticated users"
rkitover
commented
6 years ago @bagajjal thanks for responding.
Now that I did some more digging this is turning out to be even more bizarre.
I seem to have some kind of rogue sshd process running that is not showing up in tasklist, rather than the actual service.
When I do a net stop sshd I can still ssh to localhost!
Doing a tasklist | findstr sshd returns nothing!
bagajjal
commented
6 years ago If you have windows 10 and enabled developer mode then you will have these services (SshBroker, SshdBroker, SshProxy) enabled by default. You need to stop these services and just have sshd service running.
From powershell window run these command, Get-Service [Insert-star-keyword]ssh[Insert-star-keyword] -> Git makes next word after star key as italic Get-Process -Name [Insert-star-keyword]ssh[Insert-star-keyword]
rkitover
commented
6 years ago @bagajjal thank you, now I'm running the sshd that I thought I was!
My authorized_keys file started working as well.
I still can't connect with JuiceSSH though. Now that the Compression no setting has taken effect, I get the error:
Connection Failed
Algorithm negotiation failThe last few lines from juicessh are:
kex: client: hmac-md5,hmac-sha1,...
kex: client: zlib@openssh.com,zlib,none
kex: client: zlib@openssh.com,zlib,none
kex: client:
kex: client:
Disconnecting ...@PaulMaddox sorry to ping you after two years, any insight into this?
bagajjal
commented
6 years ago please share sshd.log(With DEBUG3 enabled) and ssh.log (ssh.exe -vvv user@ip)
rkitover
commented
6 years ago I cannot get ssh -vvv output because this is JuiceSSH on android, but here is the sshd.log with DEBUG3:
24004 02:29:18:226 debug1: sshd version OpenSSH_7.5, without OpenSSL
24004 02:29:18:231 debug3: failed to open file:./ssh_host_rsa_key error:2
24004 02:29:18:231 debug1: key_load_private: No such file or directory
24004 02:29:18:231 debug3: Failed to open file:./ssh_host_rsa_key error:2
24004 02:29:18:231 debug3: Failed to open file:./ssh_host_rsa_key.pub error:2
24004 02:29:18:231 debug1: key_load_public: No such file or directory
24004 02:29:18:231 error: Could not load host key: ./ssh_host_rsa_key
24004 02:29:18:231 debug3: failed to open file:./ssh_host_dsa_key error:2
24004 02:29:18:232 debug1: key_load_private: No such file or directory
24004 02:29:18:232 debug3: Failed to open file:./ssh_host_dsa_key error:2
24004 02:29:18:232 debug3: Failed to open file:./ssh_host_dsa_key.pub error:2
24004 02:29:18:232 debug1: key_load_public: No such file or directory
24004 02:29:18:232 error: Could not load host key: ./ssh_host_dsa_key
24004 02:29:18:232 debug3: open - handle:0000000000000124, io:0000022156431DC0, fd:3
24004 02:29:18:235 debug3: close - io:0000022156431DC0, type:2, fd:3, table_index:3
24004 02:29:18:235 debug1: private host key #2: ssh-ed25519 SHA256:x2LrlFHRTOAgjTfgQ5jzsmkl4LuGz27l0SmeZoVZxTs
24004 02:29:18:235 debug3: socket:272, socktype:1, io:0000022156431AB0, fd:3
24004 02:29:18:235 debug2: fd 3 setting O_NONBLOCK
24004 02:29:18:235 debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
24004 02:29:18:235 debug1: Bind to port 22 on ::.
24004 02:29:18:236 Server listening on :: port 22.
24004 02:29:18:236 debug3: socket:316, socktype:1, io:000002215645C860, fd:4
24004 02:29:18:236 debug2: fd 4 setting O_NONBLOCK
24004 02:29:18:236 debug1: Bind to port 22 on 0.0.0.0.
24004 02:29:18:236 Server listening on 0.0.0.0 port 22.
24004 02:29:18:236 debug3: Failed to open file:./sshd.pid error:13
24004 02:29:18:236 error: Couldn't create pid file "./sshd.pid": Permission denied
24004 02:34:00:653 debug3: socket:328, io:000002215645CA50, fd:5
24004 02:34:00:653 debug3: fd 5 is not O_NONBLOCK
24004 02:34:00:653 debug3: pipe - r-h:340,io:0000022156431940,fd:6 w-h:284,io:00000221564319F0,fd:7
24004 02:34:00:653 debug3: spawning C:\\WINDOWS\\System32\\openssh\\sshd.exe
24004 02:34:00:656 debug3: Register child 000000000000015C pid 1872, 0 zombies of 0
24004 02:34:00:656 debug3: close - io:000002215645CA50, type:1, fd:5, table_index:5
24004 02:34:00:656 debug1: Forked child 1872.
24004 02:34:00:656 debug3: close - io:00000221564319F0, type:2, fd:7, table_index:7
1872 02:34:00:730 debug1: sshd version OpenSSH_7.5, without OpenSSL
1872 02:34:00:732 debug3: failed to open file:./ssh_host_rsa_key error:2
1872 02:34:00:732 debug1: key_load_private: No such file or directory
1872 02:34:00:732 debug3: Failed to open file:./ssh_host_rsa_key error:2
1872 02:34:00:732 debug3: Failed to open file:./ssh_host_rsa_key.pub error:2
1872 02:34:00:732 debug1: key_load_public: No such file or directory
1872 02:34:00:732 error: Could not load host key: ./ssh_host_rsa_key
1872 02:34:00:733 debug3: failed to open file:./ssh_host_dsa_key error:2
1872 02:34:00:733 debug1: key_load_private: No such file or directory
1872 02:34:00:733 debug3: Failed to open file:./ssh_host_dsa_key error:2
1872 02:34:00:733 debug3: Failed to open file:./ssh_host_dsa_key.pub error:2
1872 02:34:00:733 debug1: key_load_public: No such file or directory
1872 02:34:00:733 error: Could not load host key: ./ssh_host_dsa_key
1872 02:34:00:733 debug3: open - handle:000000000000012C, io:000001DFB700E830, fd:3
1872 02:34:00:736 debug3: close - io:000001DFB700E830, type:2, fd:3, table_index:3
1872 02:34:00:737 debug1: private host key #2: ssh-ed25519 SHA256:x2LrlFHRTOAgjTfgQ5jzsmkl4LuGz27l0SmeZoVZxTs
1872 02:34:00:737 debug3: Failed to open file:./sshd.pid error:13
1872 02:34:00:738 error: Couldn't create pid file "./sshd.pid": Permission denied
1872 02:34:00:738 debug1: child socket: 328
1872 02:34:00:738 debug1: child startup_pipe: 284
1872 02:34:00:740 Connection from 192.168.1.180 port 40695 on 192.168.1.11 port 22
1872 02:34:00:741 debug1: Client protocol version 2.0; client software version JuiceSSH
1872 02:34:00:741 debug1: no match: JuiceSSH
1872 02:34:00:741 debug1: Local version string SSH-2.0-OpenSSH_7.5
1872 02:34:00:741 debug2: fd 3 setting O_NONBLOCK
1872 02:34:00:741 debug1: list_hostkey_types: ssh-ed25519
1872 02:34:00:744 debug3: send packet: type 20
1872 02:34:00:744 debug1: SSH2_MSG_KEXINIT sent
1872 02:34:01:017 debug3: receive packet: type 20
1872 02:34:01:017 debug1: SSH2_MSG_KEXINIT received
1872 02:34:01:017 debug2: local server KEXINIT proposal
1872 02:34:01:018 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org
1872 02:34:01:018 debug2: host key algorithms: ssh-ed25519
1872 02:34:01:018 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
1872 02:34:01:018 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
1872 02:34:01:018 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
1872 02:34:01:018 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
1872 02:34:01:018 debug2: compression ctos: none
1872 02:34:01:018 debug2: compression stoc: none
1872 02:34:01:018 debug2: languages ctos:
1872 02:34:01:018 debug2: languages stoc:
1872 02:34:01:018 debug2: first_kex_follows 0
1872 02:34:01:018 debug2: reserved 0
1872 02:34:01:018 debug2: peer client KEXINIT proposal
1872 02:34:01:018 debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
1872 02:34:01:018 debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
1872 02:34:01:018 debug2: ciphers ctos: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
1872 02:34:01:018 debug2: ciphers stoc: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
1872 02:34:01:018 debug2: MACs ctos: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
1872 02:34:01:018 debug2: MACs stoc: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
1872 02:34:01:018 debug2: compression ctos: zlib@openssh.com,zlib,none
1872 02:34:01:018 debug2: compression stoc: zlib@openssh.com,zlib,none
1872 02:34:01:018 debug2: languages ctos:
1872 02:34:01:018 debug2: languages stoc:
1872 02:34:01:018 debug2: first_kex_follows 0
1872 02:34:01:018 debug2: reserved 0
1872 02:34:01:018 debug1: kex: algorithm: (no match)
1872 02:34:01:018 Unable to negotiate with 192.168.1.180 port 40695: no matching key exchange method found. Their offer: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
1872 02:34:01:018 debug1: do_cleanup
24004 02:34:01:020 debug3: close - io:0000022156431940, type:2, fd:6, table_index:6
24004 02:34:01:029 debug3: zombie'ing child at index 0, 0 zombies of 1
24004 02:34:01:029 debug3: Unregister child at index 0, 1 zombies of 1
@rkitover - Looks like you are using openssh that comes with windows 10 optional features. This supports only ed5519. It doesn't support rsa, dsa, ecdsa. If you need full crypto support then 1) Your our GitHub release binaries https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH. 2) Wait for the next windows update.
If you are fine with ed25519 then here is the work around, You should add oKexAlgorithms, oHostKeyAlgorithms to your JUICE SSH client. It should look like this, .\ssh.exe -oKexAlgorithms=curve25519-sha256 -oHostKeyAlgorithms=ssh-ed25519 nonadmin1@localhost
Analaysis As part of KEXINIT, both ssh client and sshd server will negotiate on the crypto algorithms. If there is no common algorithm then the connection will be closed immediately.
SSHD Server proposal, 1872 02:34:01:017 debug2: local server KEXINIT proposal 1872 02:34:01:018 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org 1872 02:34:01:018 debug2: host key algorithms: ssh-ed25519
SSH.exe client proposal, 1872 02:34:01:018 debug2: peer client KEXINIT proposal 1872 02:34:01:018 debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 1872 02:34:01:018 debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
SSHD error log, 1872 02:34:01:018 debug1: kex: algorithm: (no match) 1872 02:34:01:018 Unable to negotiate with 192.168.1.180 port 40695: no matching key exchange method found. Their offer: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 1872 02:34:01:018 debug1: do_cleanup
rkitover
commented
6 years ago @bagajjal thank you so much for your help, looking forward to the next windows update!
wlarsong
commented
4 years ago I know this is an old thread, but if you are using JuiceSSH with Windows10 OpenSSH You can enable the RSA key by editing the %PROGRAMDATA%/ssh/sshd_config and uncomment the HostKey PROGRAMDATA/ssh/ssh_host_rsa_key Then make sure the permissions for this key match the ed25519 key ( Only the System and Administrators groups should have access, delete the user account that created it, only those 2) restart the OpenSSH SSH Server from the services menu. Now the RSA key should work.
Server:
Client: JuiceSSH (v2.1.2), tested on both a Nexus 6 and a Pixel C, both running the latest builds of Android 6.0.1
For both, connecting via a desktop Linux host works fine (barring my whinging in issue #122!) but connecting via JuiceSSH on Android fails. Here's an example log output from such a failure:
Note that it gives a seemingly random number for the "Unknown SSH message type" complaint at the end. I've also seen 104 and 64, for example, and sometimes it exits with an entirely different error message:
INFO: Caught an exception, leaving main loop due to recvfrom failed: ECONNRESET (Connection reset by peer)INFO: Caught an exception, leaving main loop due to End of IO Stream ReadTelling JuiceSSH to connect via another connection doesn't solve this, either, although unsurprisingly connecting to a Linux host on the same LAN and from there ssh'ing into the Windows 10 machine works fine (again my complaints in #122 notwithstanding).
Unfortunately, my sshd.log file appears to be empty, at least on the 32-bit machine--I'm not at home right now to check the 64-bit machine, but perhaps I'm just looking in the wrong place anyways?
I'm definitely more than happy to provide additional logs and run through debug/testing instructions, compile test patches, test against different versions of Windows, etc; having this working would be extremely helpful for me at work, and as such I can easily justify spending company time at it!