Bug#228828: ssh: ssh-keyscan sometimes exits when it finds an ftp server

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#228828: ssh: ssh-keyscan sometimes exits when it finds an ftp server
From: Matt Swift <swift@alum.mit.edu>
Date: Wed, 21 Jan 2004 00:13:19 -0500
Message-id: <[🔎] m2ekttanps.fsf@beth.swift.xxx>
Reply-to: Matt Swift <swift@alum.mit.edu>, 228828@bugs.debian.org
Package: ssh
Version: 1:3.6.1p2-11
Severity:normal

If you are scanning a list of IP addresses with ssh-keyscan and
encounter an FTP server, ssh-keyscan quits and does not scan the
remainder of the list.  I think it should just continue on to the next
host instead.

Some people do apparently put an ftp server on port 22, perhaps to get
around a firewall that blocks the usual ftp port.

The problem does not occur every time an FTP server is encountered.  I
show some tests below with port 22 on three hosts on a LAN.  Localhost
is running Debian sshd and is the machine on which I'm running the
tests below, Mercury is running sshd on Cygwin, and Vav is running a
Microsoft FTP server.  I could repeat similar tests with wu-ftpd on
Debian and sshd on the other two hosts if it would help.

Strobing those three hosts in a list, the problem occurs in one of the
four orders in which the FTP server (vav) is not last.  The results
below are repeatable.  I don't understand why ssh-keyscan is bails out
on some sequences but not others.

Below, first I demonstrate what is listening on port 22 on each host.
Then I show what ssh-keyscan does with each host individually.
Then I show the results of ssh-keyscan with a list of the three hosts,
in the four permutations where Vav is not last.  The first such
permutation below exhibits the error: the order is "localhost vav
mercury" and we get results for localhost, an error message for vav,
and no result for mercury, which is incorrect.  The other three
permutations give correct results.



    [beth] swift> telnet localhost 22
    Trying 127.0.0.1...
    Connected to localhost (127.0.0.1).
    Escape character is '^]'.
    SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-11
    ^]
    telnet> quit
    Connection closed.
    [beth] swift> telnet mercury 22
    Trying 192.168.0.99...
    Connected to mercury.swift.xxx (192.168.0.99).
    Escape character is '^]'.
    SSH-2.0-OpenSSH_3.7.1p2
    ^]
    telnet> quit
    Connection closed.
    [beth] swift> telnet vav 22
    Trying 192.168.0.98...
    Connected to vav.swift.xxx (192.168.0.98).
    Escape character is '^]'.
    220 Microsoft FTP Service
    ^]
    telnet> quit
    Connection closed.
    [beth] swift> 

    [beth] swift> ssh-keyscan -t rsa localhost
    # localhost SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-11
    localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtvqoxgVmnLHcNhdM1dFpoAaVJGSBB00JHHeqNHGV2Xw+agLaZwETZOyrRWNYjTL8R/PrW9qqxSji+xyvlJrpei9TsVqnQwLykqnOwandO7kasPzU/vwb4X+4sN/lzitMawZY2qLUDTazNgotxu6tbb70i+EZcwQit2uQnwdtSj0=
    [beth] swift> ssh-keyscan -t rsa mercury
    # mercury SSH-2.0-OpenSSH_3.7.1p2
    mercury ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAsSdq/HfuzYL7WmHN30gGgMe4uTcZMQjK3Rn9zQZlwE9pmgDqZIUQKHFJLfh1KS0oWCmYGA4L0LO7iF3x8yTHqbppcTlP2XAXdIfNYkwGeMlpnUsdANMlahh5spGXR1n8qlTnnftXR7EOLAHNMFTFSU6I9jlOSRV8oDdQVjODIEM=
    [beth] swift> 

    [beth] swift> ssh-keyscan -t rsa vav
    [beth] swift> ssh-keyscan -vvv -t rsa vav
    debug1: vav doesn't support ssh2
    [beth] swift> 

    [beth] swift> ssh-keyscan -t rsa localhost vav mercury
    # localhost SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-11
    localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtvqoxgVmnLHcNhdM1dFpoAaVJGSBB00JHHeqNHGV2Xw+agLaZwETZOyrRWNYjTL8R/PrW9qqxSji+xyvlJrpei9TsVqnQwLykqnOwandO7kasPzU/vwb4X+4sN/lzitMawZY2qLUDTazNgotxu6tbb70i+EZcwQit2uQnwdtSj0=
    # vav 220 Microsoft FTP Service
    3530 3020 2753 5348 
    Disconnecting: Bad packet length 892350496.

    [beth] swift> ssh-keyscan -t rsa mercury vav localhost
    # localhost SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-11
    localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtvqoxgVmnLHcNhdM1dFpoAaVJGSBB00JHHeqNHGV2Xw+agLaZwETZOyrRWNYjTL8R/PrW9qqxSji+xyvlJrpei9TsVqnQwLykqnOwandO7kasPzU/vwb4X+4sN/lzitMawZY2qLUDTazNgotxu6tbb70i+EZcwQit2uQnwdtSj0=
    # mercury SSH-2.0-OpenSSH_3.7.1p2
    mercury ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAsSdq/HfuzYL7WmHN30gGgMe4uTcZMQjK3Rn9zQZlwE9pmgDqZIUQKHFJLfh1KS0oWCmYGA4L0LO7iF3x8yTHqbppcTlP2XAXdIfNYkwGeMlpnUsdANMlahh5spGXR1n8qlTnnftXR7EOLAHNMFTFSU6I9jlOSRV8oDdQVjODIEM=

    [beth] swift> ssh-keyscan -t rsa vav localhost mercury
    # localhost SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-11
    localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtvqoxgVmnLHcNhdM1dFpoAaVJGSBB00JHHeqNHGV2Xw+agLaZwETZOyrRWNYjTL8R/PrW9qqxSji+xyvlJrpei9TsVqnQwLykqnOwandO7kasPzU/vwb4X+4sN/lzitMawZY2qLUDTazNgotxu6tbb70i+EZcwQit2uQnwdtSj0=
    # mercury SSH-2.0-OpenSSH_3.7.1p2
    mercury ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAsSdq/HfuzYL7WmHN30gGgMe4uTcZMQjK3Rn9zQZlwE9pmgDqZIUQKHFJLfh1KS0oWCmYGA4L0LO7iF3x8yTHqbppcTlP2XAXdIfNYkwGeMlpnUsdANMlahh5spGXR1n8qlTnnftXR7EOLAHNMFTFSU6I9jlOSRV8oDdQVjODIEM=

    [beth] swift> ssh-keyscan -t rsa vav mercury localhost
    # localhost SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-11
    localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtvqoxgVmnLHcNhdM1dFpoAaVJGSBB00JHHeqNHGV2Xw+agLaZwETZOyrRWNYjTL8R/PrW9qqxSji+xyvlJrpei9TsVqnQwLykqnOwandO7kasPzU/vwb4X+4sN/lzitMawZY2qLUDTazNgotxu6tbb70i+EZcwQit2uQnwdtSj0=
    # mercury SSH-2.0-OpenSSH_3.7.1p2
    mercury ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAsSdq/HfuzYL7WmHN30gGgMe4uTcZMQjK3Rn9zQZlwE9pmgDqZIUQKHFJLfh1KS0oWCmYGA4L0LO7iF3x8yTHqbppcTlP2XAXdIfNYkwGeMlpnUsdANMlahh5spGXR1n8qlTnnftXR7EOLAHNMFTFSU6I9jlOSRV8oDdQVjODIEM=


-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux beth 2.4.23 #1 Thu Jan 1 17:42:58 EST 2004 i686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8

Versions of packages ssh depends on:
ii  adduser                     3.51         Add and remove users and groups
ii  debconf                     1.4.7        Debian configuration management sy
ii  dpkg                        1.10.18      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-10 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-15      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-15      Runtime support for the PAM librar
ii  libpam0g                    0.76-15      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7c-5     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.2.1-3    compression library - runtime

-- debconf information:
  ssh/insecure_rshd: 
* ssh/user_environment_tell: 
* ssh/forward_warning: 
  ssh/encrypted_host_key_but_no_keygen: 
* ssh/run_sshd: true
  ssh/privsep_ask: true
* ssh/insecure_telnetd: 
  ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/SUID_client: true
* ssh/privsep_tell: 
  ssh/ssh2_keys_merged: 
* ssh/protocol2_only: false
Reply to:
Prev by Date: Bug#73611: im not doing it
Next by Date: Bug#228838: Please lower the priority of the ssh/privsep_tell debconf note
Previous by thread: Bug#73611: im not doing it
Next by thread: Bug#228838: Please lower the priority of the ssh/privsep_tell debconf note
Index(es):
- Date
- Thread