ssh v1
Здравствуйте,
Имеются некоторые проблемы с версиями openssh под линукс. Пробовались дистрибутивный
и собранный из исходников из OpenBSD. Под FreeBSD все нормально. Клиентов,
поддерживающий первую версию протокола, я нашла ровно 1 штуку, то есть только openssh.
Логи c debug следующие:
###############################################################################
ssh -1 -c 3des -vvv user@x.x.x.x
OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 212.44.92.1 [212.44.92.1] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: Remote protocol version 1.5, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Local version string SSH-1.5-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (512 bits).
debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 12
debug1: Host 'x.x.x.x' is known and matches the RSA1 host key.
debug1: Found key in /home/user/.ssh/known_hosts:12
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing password authentication.
user@x.x.x.x's password:
debug1: Requesting pty.
debug3: tty_make_modes: ospeed 38400
debug3: tty_make_modes: ispeed 38400
debug3: tty_make_modes: 1 3
debug3: tty_make_modes: 2 28
debug3: tty_make_modes: 3 127
debug3: tty_make_modes: 4 21
debug3: tty_make_modes: 5 4
debug3: tty_make_modes: 6 0
debug3: tty_make_modes: 7 0
debug3: tty_make_modes: 8 17
debug3: tty_make_modes: 9 19
.........
debug3: tty_make_modes: 90 1
debug3: tty_make_modes: 91 1
debug3: tty_make_modes: 92 0
debug3: tty_make_modes: 93 0
debug1: fd 3 setting TCP_NODELAY
debug1: Requesting shell.
debug1: Entering interactive session.
Router>enaReceived disconnect from x.x.x.x: CRC check failed
debug1: Calling cleanup 0x8051bfc(0x0)
debug1: Calling cleanup 0x8063aac(0x0)
###########################################################
/ssh -vvv user@x.x.x.x
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6c 21 dec 2001
debug2: ssh_connect: needpriv 0
debug1: Connecting to x.x.x.x [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: Remote protocol version 1.5, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Local version string SSH-1.5-OpenSSH_3.7.1p2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (512 bits).
debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 12
debug1: Host 'x.x.x.x' is known and matches the RSA1 host key.
debug1: Found key in /home/user/.ssh/known_hosts:12
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug2: cipher_init: set keylen (16 -> 32)
debug2: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing password authentication.
user@x.x.x.x's password:
debug1: Requesting pty.
debug3: tty_make_modes: ospeed 38400
debug3: tty_make_modes: ispeed 38400
debug3: tty_make_modes: 1 3
debug3: tty_make_modes: 2 28
debug3: tty_make_modes: 3 127
debug3: tty_make_modes: 4 21
debug3: tty_make_modes: 5 4
debug3: tty_make_modes: 6 0
debug3: tty_make_modes: 7 0
debug3: tty_make_modes: 8 17
debug3: tty_make_modes: 9 19
...............
debug3: tty_make_modes: 75 0
debug3: tty_make_modes: 90 1
debug3: tty_make_modes: 91 1
debug3: tty_make_modes: 92 0
debug3: tty_make_modes: 93 0
debug2: fd 3 setting TCP_NODELAY
debug1: Requesting shell.
debug1: Entering interactive session.
Router>enaReceived disconnect from x.x.x.x: CRC check failed
debug1: Calling cleanup 0x8050f7c(0x0)
debug1: Calling cleanup 0x806099c(0x0)
###########################################################
ssh -vvv user@x.x.x.x
OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to x.x.x.x [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: Remote protocol version 1.5, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Local version string SSH-1.5-OpenSSH_3.5p1 FreeBSD-20030924
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (512 bits).
debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 6
debug1: Host 'x.x.x.x' is known and matches the RSA1 host key.
debug1: Found key in /home/user/.ssh/known_hosts:6
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing password authentication.
user@x.x.x.x's password:
debug1: Requesting pty.
debug3: tty_make_modes: ospeed 38400
debug3: tty_make_modes: ispeed 38400
debug3: tty_make_modes: 1 3
debug3: tty_make_modes: 2 28
debug3: tty_make_modes: 3 127
debug3: tty_make_modes: 4 21
debug3: tty_make_modes: 5 4
.......
debug3: tty_make_modes: 90 1
debug3: tty_make_modes: 91 1
debug3: tty_make_modes: 92 0
debug3: tty_make_modes: 93 0
debug1: fd 3 setting TCP_NODELAY
debug1: Requesting shell.
debug1: Entering interactive session.
Router>ena
Password:
Router#
###########################################################
На Mandrake точно такие же симптомы. Вероятно, глубинная причина где-то в недрах
линукса. Cisco не нравится CRC, и все. Ругань следующая:
Oct 9 09:05:15 x.satgate.net 4087: .Oct 9 09:05:14.461: %SYS-3-CPUHOG: Task ran for 3332 msec (897/128), process = SSH Process, PC = 60492144.
Oct 9 09:05:15 x.satgate.net 4088: -Traceback= 6049214C 60480C30 6047F6C8 6048A48C 6035D9EC 6036D0D4 602B3014 602C0F70 614DF98C 614E00AC 603239A8 60323994
В связи с этим возникает 2 вопроса:
1. Как поправить openssh?
2. Какие есть альтернативы?
--
Elena Egorova,
SatGate LLC,
+7 0112 573073
+7 0112 573070
Reply to: