RomSShell hangs waiting for NEWKEYS

[briandfoy]

This ticket was imported from rt.cpan.org 100295

• Requestor: dragle@velocity.org
• Date: Wed Apr 27 04:03:18 2016
• Original subject: RomSShell hangs waiting for NEWKEYS
• Original link: rt.cpan.org 100295

  ---

In regards to Net::SSH::Perl 1.38:

It appears as though connections to RomSShell 4.31 hang due to a deadlock condition wherein each side is waiting for the other to send a NEWKEYS message. I considered just reversing the sequence in the code for all connections but wasn't sure if that would work for all other servers. So instead I created a COMPAT entry as below to deal with the issue.

Unfortunately once I get past this I still cannot actually execute commands on that server because of "Channel open failure: 1: reason 4: Support is limited to one channel". But that's a different beast (and my immediate needs only needed the connection so it worked for me).

Cheers,

Dan Ragle

Here are the changes for the NEWKEYS swap:

--- SSHORIG/Perl/Constants.pm   2013-08-09 16:54:24.000000000 -0400
+++ SSH/Perl/Constants.pm       2014-11-07 10:17:15.042384582 -0500
@@ -48,6 +48,7 @@
     'SSH_COMPAT_BUG_X11FWD' => 0x08,
     'SSH_COMPAT_OLD_SESSIONID' => 0x10,
     'SSH_COMPAT_BUG_PKAUTH' => 0x20,
+    'SSH_COMPAT_REVERSE_NEWKEYS' => 0x40,
     'SSH_COMPAT_BUG_RSASIGMD5' => 0x2000,

     'SSH2_MSG_DISCONNECT' => 1,

--- SSHORIG/Perl/Kex.pm 2013-08-09 16:54:24.000000000 -0400
+++ SSH/Perl/Kex.pm     2014-11-12 10:43:47.527764080 -0500
@@ -14,7 +14,8 @@
     :kex
     :proposal
     :protocol
-    SSH_COMPAT_BUG_HMAC );
+    SSH_COMPAT_BUG_HMAC
+    SSH_COMPAT_REVERSE_NEWKEYS );

use Carp qw( croak );
use Digest::SHA1 qw( sha1 );
@@ -99,12 +100,22 @@
     bless $kex, $kex->{class_name};
     $kex->exchange;

-    $ssh->debug("Waiting for NEWKEYS message.");
-    $packet = Net::SSH::Perl::Packet->read_expect($ssh, SSH2_MSG_NEWKEYS);
-
-    $ssh->debug("Send NEWKEYS.");
-    $packet = $ssh->packet_start(SSH2_MSG_NEWKEYS);
-    $packet->send;
+    my @execorder = (1,2);
+    if ($ssh->{datafellows} & SSH_COMPAT_REVERSE_NEWKEYS) {
+        @execorder = (2,1);
+        $ssh->debug("Reversing NEWKEYS flow (compat trigger).");
+    }
+    foreach my $execlevel (@execorder) {
+        if ($execlevel == 1) {
+            $ssh->debug("Waiting for NEWKEYS message.");
+            $packet = Net::SSH::Perl::Packet->read_expect($ssh, SSH2_MSG_NEWKEYS);
+        }
+        elsif ($execlevel == 2) {
+            $ssh->debug("Send NEWKEYS.");
+            $packet = $ssh->packet_start(SSH2_MSG_NEWKEYS);
+            $packet->send;
+        }
+    }

     $ssh->debug("Enabling encryption/MAC/compression.");
     $ssh->{kex} = $kex;

--- SSHORIG/Perl.pm     2014-11-07 10:14:50.000000000 -0500
+++ SSH/Perl.pm 2014-11-07 10:22:21.771369934 -0500
@@ -76,6 +76,7 @@
   [  '^3\.0 SecureCRT'      => SSH_COMPAT_OLD_SESSIONID,   ],
   [  '^1\.7 SecureFX'       => SSH_COMPAT_OLD_SESSIONID,   ],
   [  '^2\.'                 => SSH_COMPAT_BUG_HMAC,        ],
+  [  '^RomSShell_4\.31'     => SSH_COMPAT_REVERSE_NEWKEYS  ],
);

sub _compat_init {

[briandfoy]

from schwigon@cpan.org

---

Hi Dan,

is this topic still a problem?

If so, can you please rebase your changes on the latest version v2.01 in https://github.com/renormalist/Net-SSH-Perl, test it and and update this ticket here?

In case the problem vanished, eg. because it's an old RomSShell issue, it's also fine for me if you close the ticket.

Thanks.

Steffen

[briandfoy]

from dragle@velocity.org

---

Steffon, I'm afraid we went a different direction with that project and are not actively using Net::SSH::Perl.

I was able to retrieve some of my old testing code from this original post and play with it a bit this morning, but I'm not able to fully test it out at this time. I got so far as to try the 2.01 code against a RomSShell 4.31 device. I had to force in 3des-cbc, diffie-hellman-group1-sha1 and ssh-dss as supported cipher, client key exchange and host key algorithms, but then got:

Using diffie-hellman-group1-sha1 for key exchange Host key algorithm: ssh-dss Algorithms, c->s: 3des-cbc hmac-sha1 none Algorithms, s->c: 3des-cbc hmac-sha1 none Generating new Diffie-Hellman Group 1 keys Entering Diffie-Hellman Group 1 key exchange. Sent DH public key, waiting for reply. Received host key, type 'ssh-dss'. Host '1.2.3.4' is known and matches the host key. Computing shared secret key. Verifying server signature. Key verification failed for server host key at /usr/local/lib64/perl5/Net/SSH/Perl/SSH2.pm line 118

As I said, I'm afraid I don't have time to dig into it further. Looking at the code I see the Wait/Send of NEWKEYS has been reversed, so I would think it would work if I could get past the key exchange.

Cheers,

Dan Ragle