Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server crashes before NET_SSH2_MSG_KEXDH_REPLY #1992

Closed
esljaz opened this issue Apr 18, 2024 · 2 comments
Closed

Server crashes before NET_SSH2_MSG_KEXDH_REPLY #1992

esljaz opened this issue Apr 18, 2024 · 2 comments

Comments

@esljaz
Copy link

esljaz commented Apr 18, 2024
edited

Recently upgraded a web application, moving from phpseclib1 to phpseclib3 (running phpseclib/phpseclib 3.0.37).

Using the exact same code, I am now no longer able to successfully establish a connection to some Juniper switches, unless I explicitly call setPreferredAlgorithms.

The connection fails after NET_SSH2_MSG_KEXDH_INIT and before NET_SSH2_MSG_KEXDH_REPLY
with:

  • Client: phpseclib3\Exception\ConnectionClosedException No data received from server.
  • Server: sshd[3570]: fatal: ssh_dispatch_run_fatal: Connection to 1.2.3.4: unexpected internal error [preauth]

Using the algorithms from a successful connection to another switch via getAlgorithmsNegotiated and setting them via setPreferredAlgorithms, allows me to connect to the device, example below.

I assume this to be an issue on the server side, but would appreciate any feedback. Thank you!

$ssh->setPreferredAlgorithms([
    "kex" => ["curve25519-sha256@libssh.org"],
    "hostkey" => ["ssh-ed25519"],
    "client_to_server" => [
      "crypt" => ["aes128-ctr"],
      "mac" => ["hmac-sha2-256-etm@openssh.com"],
      "comp" => ["none"],
    ],
    "server_to_client" => [
      "crypt" => ["aes128-ctr"],
      "mac" => ["hmac-sha2-256-etm@openssh.com"],
      "comp" => ["none"],
    ],
  ]);

Log of the failed connection:

<-
00000000  53:53:48:2d:32:2e:30:2d:4f:70:65:6e:53:53:48:5f  SSH-2.0-OpenSSH_
00000010  36:2e:39:0d:0a                                   6.9..



->
00000000  53:53:48:2d:32:2e:30:2d:70:68:70:73:65:63:6c:69  SSH-2.0-phpsecli
00000010  62:5f:33:2e:30:20:28:6c:69:62:73:6f:64:69:75:6d  b_3.0 (libsodium
00000020  2c:20:6f:70:65:6e:73:73:6c:2c:20:67:6d:70:29:0d  , openssl, gmp).
00000030  0a                                               .



-> NET_SSH2_MSG_KEXINIT (since last: 0.3431, network: 0s)
00000000  55:18:71:7a:67:61:a3:72:41:97:22:05:7d:d1:be:48  U.qzga.rA.".}..H
00000010  00:00:01:a4:63:75:72:76:65:32:35:35:31:39:2d:73  ....curve25519-s
00000020  68:61:32:35:36:2c:63:75:72:76:65:32:35:35:31:39  ha256,curve25519
00000030  2d:73:68:61:32:35:36:40:6c:69:62:73:73:68:2e:6f  -sha256@libssh.o
00000040  72:67:2c:65:63:64:68:2d:73:68:61:32:2d:6e:69:73  rg,ecdh-sha2-nis
00000050  74:70:32:35:36:2c:65:63:64:68:2d:73:68:61:32:2d  tp256,ecdh-sha2-
00000060  6e:69:73:74:70:33:38:34:2c:65:63:64:68:2d:73:68  nistp384,ecdh-sh
00000070  61:32:2d:6e:69:73:74:70:35:32:31:2c:64:69:66:66  a2-nistp521,diff
00000080  69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70  ie-hellman-group
00000090  2d:65:78:63:68:61:6e:67:65:2d:73:68:61:32:35:36  -exchange-sha256
000000a0  2c:64:69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d  ,diffie-hellman-
000000b0  67:72:6f:75:70:2d:65:78:63:68:61:6e:67:65:2d:73  group-exchange-s
000000c0  68:61:31:2c:64:69:66:66:69:65:2d:68:65:6c:6c:6d  ha1,diffie-hellm
000000d0  61:6e:2d:67:72:6f:75:70:31:34:2d:73:68:61:32:35  an-group14-sha25
000000e0  36:2c:64:69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e  6,diffie-hellman
000000f0  2d:67:72:6f:75:70:31:34:2d:73:68:61:31:2c:64:69  -group14-sha1,di
00000100  66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f  ffie-hellman-gro
00000110  75:70:31:35:2d:73:68:61:35:31:32:2c:64:69:66:66  up15-sha512,diff
00000120  69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70  ie-hellman-group
00000130  31:36:2d:73:68:61:35:31:32:2c:64:69:66:66:69:65  16-sha512,diffie
00000140  2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:31:37  -hellman-group17
00000150  2d:73:68:61:35:31:32:2c:64:69:66:66:69:65:2d:68  -sha512,diffie-h
00000160  65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:31:38:2d:73  ellman-group18-s
00000170  68:61:35:31:32:2c:64:69:66:66:69:65:2d:68:65:6c  ha512,diffie-hel
00000180  6c:6d:61:6e:2d:67:72:6f:75:70:31:2d:73:68:61:31  lman-group1-sha1
00000190  2c:65:78:74:2d:69:6e:66:6f:2d:63:2c:6b:65:78:2d  ,ext-info-c,kex-
000001a0  73:74:72:69:63:74:2d:63:2d:76:30:30:40:6f:70:65  strict-c-v00@ope
000001b0  6e:73:73:68:2e:63:6f:6d:00:00:00:71:73:73:68:2d  nssh.com...qssh-
000001c0  65:64:32:35:35:31:39:2c:65:63:64:73:61:2d:73:68  ed25519,ecdsa-sh
000001d0  61:32:2d:6e:69:73:74:70:32:35:36:2c:65:63:64:73  a2-nistp256,ecds
000001e0  61:2d:73:68:61:32:2d:6e:69:73:74:70:33:38:34:2c  a-sha2-nistp384,
000001f0  65:63:64:73:61:2d:73:68:61:32:2d:6e:69:73:74:70  ecdsa-sha2-nistp
00000200  35:32:31:2c:72:73:61:2d:73:68:61:32:2d:32:35:36  521,rsa-sha2-256
00000210  2c:72:73:61:2d:73:68:61:32:2d:35:31:32:2c:73:73  ,rsa-sha2-512,ss
00000220  68:2d:72:73:61:2c:73:73:68:2d:64:73:73:00:00:01  h-rsa,ssh-dss...
00000230  01:61:65:73:32:35:36:2d:67:63:6d:40:6f:70:65:6e  .aes256-gcm@open
00000240  73:73:68:2e:63:6f:6d:2c:61:65:73:31:32:38:2d:67  ssh.com,aes128-g
00000250  63:6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:61  cm@openssh.com,a
00000260  65:73:31:32:38:2d:63:74:72:2c:61:65:73:31:39:32  es128-ctr,aes192
00000270  2d:63:74:72:2c:61:65:73:32:35:36:2d:63:74:72:2c  -ctr,aes256-ctr,
00000280  61:65:73:31:32:38:2d:63:62:63:2c:61:65:73:31:39  aes128-cbc,aes19
00000290  32:2d:63:62:63:2c:61:65:73:32:35:36:2d:63:62:63  2-cbc,aes256-cbc
000002a0  2c:33:64:65:73:2d:63:62:63:2c:74:77:6f:66:69:73  ,3des-cbc,twofis
000002b0  68:31:32:38:2d:63:74:72:2c:74:77:6f:66:69:73:68  h128-ctr,twofish
000002c0  31:39:32:2d:63:74:72:2c:74:77:6f:66:69:73:68:32  192-ctr,twofish2
000002d0  35:36:2d:63:74:72:2c:74:77:6f:66:69:73:68:31:32  56-ctr,twofish12
000002e0  38:2d:63:62:63:2c:74:77:6f:66:69:73:68:31:39:32  8-cbc,twofish192
000002f0  2d:63:62:63:2c:74:77:6f:66:69:73:68:32:35:36:2d  -cbc,twofish256-
00000300  63:62:63:2c:74:77:6f:66:69:73:68:2d:63:62:63:2c  cbc,twofish-cbc,
00000310  62:6c:6f:77:66:69:73:68:2d:63:74:72:2c:62:6c:6f  blowfish-ctr,blo
00000320  77:66:69:73:68:2d:63:62:63:2c:33:64:65:73:2d:63  wfish-cbc,3des-c
00000330  74:72:00:00:01:01:61:65:73:32:35:36:2d:67:63:6d  tr....aes256-gcm
00000340  40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:61:65:73  @openssh.com,aes
00000350  31:32:38:2d:67:63:6d:40:6f:70:65:6e:73:73:68:2e  128-gcm@openssh.
00000360  63:6f:6d:2c:61:65:73:31:32:38:2d:63:74:72:2c:61  com,aes128-ctr,a
00000370  65:73:31:39:32:2d:63:74:72:2c:61:65:73:32:35:36  es192-ctr,aes256
00000380  2d:63:74:72:2c:61:65:73:31:32:38:2d:63:62:63:2c  -ctr,aes128-cbc,
00000390  61:65:73:31:39:32:2d:63:62:63:2c:61:65:73:32:35  aes192-cbc,aes25
000003a0  36:2d:63:62:63:2c:33:64:65:73:2d:63:62:63:2c:74  6-cbc,3des-cbc,t
000003b0  77:6f:66:69:73:68:31:32:38:2d:63:74:72:2c:74:77  wofish128-ctr,tw
000003c0  6f:66:69:73:68:31:39:32:2d:63:74:72:2c:74:77:6f  ofish192-ctr,two
000003d0  66:69:73:68:32:35:36:2d:63:74:72:2c:74:77:6f:66  fish256-ctr,twof
000003e0  69:73:68:31:32:38:2d:63:62:63:2c:74:77:6f:66:69  ish128-cbc,twofi
000003f0  73:68:31:39:32:2d:63:62:63:2c:74:77:6f:66:69:73  sh192-cbc,twofis
00000400  68:32:35:36:2d:63:62:63:2c:74:77:6f:66:69:73:68  h256-cbc,twofish
00000410  2d:63:62:63:2c:62:6c:6f:77:66:69:73:68:2d:63:74  -cbc,blowfish-ct
00000420  72:2c:62:6c:6f:77:66:69:73:68:2d:63:62:63:2c:33  r,blowfish-cbc,3
00000430  64:65:73:2d:63:74:72:00:00:00:f7:68:6d:61:63:2d  des-ctr....hmac-
00000440  73:68:61:32:2d:32:35:36:2d:65:74:6d:40:6f:70:65  sha2-256-etm@ope
00000450  6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68  nssh.com,hmac-sh
00000460  61:32:2d:35:31:32:2d:65:74:6d:40:6f:70:65:6e:73  a2-512-etm@opens
00000470  73:68:2e:63:6f:6d:2c:75:6d:61:63:2d:36:34:2d:65  sh.com,umac-64-e
00000480  74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:75  tm@openssh.com,u
00000490  6d:61:63:2d:31:32:38:2d:65:74:6d:40:6f:70:65:6e  mac-128-etm@open
000004a0  73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68:61  ssh.com,hmac-sha
000004b0  31:2d:65:74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f  1-etm@openssh.co
000004c0  6d:2c:68:6d:61:63:2d:73:68:61:32:2d:32:35:36:2c  m,hmac-sha2-256,
000004d0  68:6d:61:63:2d:73:68:61:32:2d:35:31:32:2c:75:6d  hmac-sha2-512,um
000004e0  61:63:2d:36:34:40:6f:70:65:6e:73:73:68:2e:63:6f  ac-64@openssh.co
000004f0  6d:2c:75:6d:61:63:2d:31:32:38:40:6f:70:65:6e:73  m,umac-128@opens
00000500  73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68:61:31  sh.com,hmac-sha1
00000510  2d:39:36:2c:68:6d:61:63:2d:73:68:61:31:2c:68:6d  -96,hmac-sha1,hm
00000520  61:63:2d:6d:64:35:2d:39:36:2c:68:6d:61:63:2d:6d  ac-md5-96,hmac-m
00000530  64:35:00:00:00:f7:68:6d:61:63:2d:73:68:61:32:2d  d5....hmac-sha2-
00000540  32:35:36:2d:65:74:6d:40:6f:70:65:6e:73:73:68:2e  256-etm@openssh.
00000550  63:6f:6d:2c:68:6d:61:63:2d:73:68:61:32:2d:35:31  com,hmac-sha2-51
00000560  32:2d:65:74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f  2-etm@openssh.co
00000570  6d:2c:75:6d:61:63:2d:36:34:2d:65:74:6d:40:6f:70  m,umac-64-etm@op
00000580  65:6e:73:73:68:2e:63:6f:6d:2c:75:6d:61:63:2d:31  enssh.com,umac-1
00000590  32:38:2d:65:74:6d:40:6f:70:65:6e:73:73:68:2e:63  28-etm@openssh.c
000005a0  6f:6d:2c:68:6d:61:63:2d:73:68:61:31:2d:65:74:6d  om,hmac-sha1-etm
000005b0  40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:68:6d:61  @openssh.com,hma
000005c0  63:2d:73:68:61:32:2d:32:35:36:2c:68:6d:61:63:2d  c-sha2-256,hmac-
000005d0  73:68:61:32:2d:35:31:32:2c:75:6d:61:63:2d:36:34  sha2-512,umac-64
000005e0  40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:75:6d:61  @openssh.com,uma
000005f0  63:2d:31:32:38:40:6f:70:65:6e:73:73:68:2e:63:6f  c-128@openssh.co
00000600  6d:2c:68:6d:61:63:2d:73:68:61:31:2d:39:36:2c:68  m,hmac-sha1-96,h
00000610  6d:61:63:2d:73:68:61:31:2c:68:6d:61:63:2d:6d:64  mac-sha1,hmac-md
00000620  35:2d:39:36:2c:68:6d:61:63:2d:6d:64:35:00:00:00  5-96,hmac-md5...
00000630  1a:6e:6f:6e:65:2c:7a:6c:69:62:40:6f:70:65:6e:73  .none,zlib@opens
00000640  73:68:2e:63:6f:6d:2c:7a:6c:69:62:00:00:00:1a:6e  sh.com,zlib....n
00000650  6f:6e:65:2c:7a:6c:69:62:40:6f:70:65:6e:73:73:68  one,zlib@openssh
00000660  2e:63:6f:6d:2c:7a:6c:69:62:00:00:00:00:00:00:00  .com,zlib.......
00000670  00:00:00:00:00:00                                ......



<- NET_SSH2_MSG_KEXINIT (since last: 0.0277, network: 0.0241s)
00000000  13:66:68:bd:3b:86:df:9b:79:52:37:4f:31:6a:dc:2c  .fh.;...yR7O1j.,
00000010  00:00:00:d4:63:75:72:76:65:32:35:35:31:39:2d:73  ....curve25519-s
00000020  68:61:32:35:36:40:6c:69:62:73:73:68:2e:6f:72:67  ha256@libssh.org
00000030  2c:65:63:64:68:2d:73:68:61:32:2d:6e:69:73:74:70  ,ecdh-sha2-nistp
00000040  32:35:36:2c:65:63:64:68:2d:73:68:61:32:2d:6e:69  256,ecdh-sha2-ni
00000050  73:74:70:33:38:34:2c:65:63:64:68:2d:73:68:61:32  stp384,ecdh-sha2
00000060  2d:6e:69:73:74:70:35:32:31:2c:64:69:66:66:69:65  -nistp521,diffie
00000070  2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:2d:65  -hellman-group-e
00000080  78:63:68:61:6e:67:65:2d:73:68:61:32:35:36:2c:64  xchange-sha256,d
00000090  69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72  iffie-hellman-gr
000000a0  6f:75:70:2d:65:78:63:68:61:6e:67:65:2d:73:68:61  oup-exchange-sha
000000b0  31:2c:64:69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e  1,diffie-hellman
000000c0  2d:67:72:6f:75:70:31:34:2d:73:68:61:31:2c:64:69  -group14-sha1,di
000000d0  66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f  ffie-hellman-gro
000000e0  75:70:31:2d:73:68:61:31:00:00:00:2f:73:73:68:2d  up1-sha1.../ssh-
000000f0  72:73:61:2c:73:73:68:2d:64:73:73:2c:65:63:64:73  rsa,ssh-dss,ecds
00000100  61:2d:73:68:61:32:2d:6e:69:73:74:70:32:35:36:2c  a-sha2-nistp256,
00000110  73:73:68:2d:65:64:32:35:35:31:39:00:00:00:e9:63  ssh-ed25519....c
00000120  68:61:63:68:61:32:30:2d:70:6f:6c:79:31:33:30:35  hacha20-poly1305
00000130  40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:61:65:73  @openssh.com,aes
00000140  31:32:38:2d:63:74:72:2c:61:65:73:31:39:32:2d:63  128-ctr,aes192-c
00000150  74:72:2c:61:65:73:32:35:36:2d:63:74:72:2c:61:65  tr,aes256-ctr,ae
00000160  73:31:32:38:2d:67:63:6d:40:6f:70:65:6e:73:73:68  s128-gcm@openssh
00000170  2e:63:6f:6d:2c:61:65:73:32:35:36:2d:67:63:6d:40  .com,aes256-gcm@
00000180  6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:61:72:63:66  openssh.com,arcf
00000190  6f:75:72:32:35:36:2c:61:72:63:66:6f:75:72:31:32  our256,arcfour12
000001a0  38:2c:61:65:73:31:32:38:2d:63:62:63:2c:33:64:65  8,aes128-cbc,3de
000001b0  73:2d:63:62:63:2c:62:6c:6f:77:66:69:73:68:2d:63  s-cbc,blowfish-c
000001c0  62:63:2c:63:61:73:74:31:32:38:2d:63:62:63:2c:61  bc,cast128-cbc,a
000001d0  65:73:31:39:32:2d:63:62:63:2c:61:65:73:32:35:36  es192-cbc,aes256
000001e0  2d:63:62:63:2c:61:72:63:66:6f:75:72:2c:72:69:6a  -cbc,arcfour,rij
000001f0  6e:64:61:65:6c:2d:63:62:63:40:6c:79:73:61:74:6f  ndael-cbc@lysato
00000200  72:2e:6c:69:75:2e:73:65:00:00:00:e9:63:68:61:63  r.liu.se....chac
00000210  68:61:32:30:2d:70:6f:6c:79:31:33:30:35:40:6f:70  ha20-poly1305@op
00000220  65:6e:73:73:68:2e:63:6f:6d:2c:61:65:73:31:32:38  enssh.com,aes128
00000230  2d:63:74:72:2c:61:65:73:31:39:32:2d:63:74:72:2c  -ctr,aes192-ctr,
00000240  61:65:73:32:35:36:2d:63:74:72:2c:61:65:73:31:32  aes256-ctr,aes12
00000250  38:2d:67:63:6d:40:6f:70:65:6e:73:73:68:2e:63:6f  8-gcm@openssh.co
00000260  6d:2c:61:65:73:32:35:36:2d:67:63:6d:40:6f:70:65  m,aes256-gcm@ope
00000270  6e:73:73:68:2e:63:6f:6d:2c:61:72:63:66:6f:75:72  nssh.com,arcfour
00000280  32:35:36:2c:61:72:63:66:6f:75:72:31:32:38:2c:61  256,arcfour128,a
00000290  65:73:31:32:38:2d:63:62:63:2c:33:64:65:73:2d:63  es128-cbc,3des-c
000002a0  62:63:2c:62:6c:6f:77:66:69:73:68:2d:63:62:63:2c  bc,blowfish-cbc,
000002b0  63:61:73:74:31:32:38:2d:63:62:63:2c:61:65:73:31  cast128-cbc,aes1
000002c0  39:32:2d:63:62:63:2c:61:65:73:32:35:36:2d:63:62  92-cbc,aes256-cb
000002d0  63:2c:61:72:63:66:6f:75:72:2c:72:69:6a:6e:64:61  c,arcfour,rijnda
000002e0  65:6c:2d:63:62:63:40:6c:79:73:61:74:6f:72:2e:6c  el-cbc@lysator.l
000002f0  69:75:2e:73:65:00:00:01:92:75:6d:61:63:2d:36:34  iu.se....umac-64
00000300  2d:65:74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d  -etm@openssh.com
00000310  2c:75:6d:61:63:2d:31:32:38:2d:65:74:6d:40:6f:70  ,umac-128-etm@op
00000320  65:6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73  enssh.com,hmac-s
00000330  68:61:32:2d:32:35:36:2d:65:74:6d:40:6f:70:65:6e  ha2-256-etm@open
00000340  73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68:61  ssh.com,hmac-sha
00000350  32:2d:35:31:32:2d:65:74:6d:40:6f:70:65:6e:73:73  2-512-etm@openss
00000360  68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68:61:31:2d  h.com,hmac-sha1-
00000370  65:74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c  etm@openssh.com,
00000380  75:6d:61:63:2d:36:34:40:6f:70:65:6e:73:73:68:2e  umac-64@openssh.
00000390  63:6f:6d:2c:75:6d:61:63:2d:31:32:38:40:6f:70:65  com,umac-128@ope
000003a0  6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68  nssh.com,hmac-sh
000003b0  61:32:2d:32:35:36:2c:68:6d:61:63:2d:73:68:61:32  a2-256,hmac-sha2
000003c0  2d:35:31:32:2c:68:6d:61:63:2d:73:68:61:31:2c:68  -512,hmac-sha1,h
000003d0  6d:61:63:2d:6d:64:35:2d:65:74:6d:40:6f:70:65:6e  mac-md5-etm@open
000003e0  73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:72:69:70  ssh.com,hmac-rip
000003f0  65:6d:64:31:36:30:2d:65:74:6d:40:6f:70:65:6e:73  emd160-etm@opens
00000400  73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68:61:31  sh.com,hmac-sha1
00000410  2d:39:36:2d:65:74:6d:40:6f:70:65:6e:73:73:68:2e  -96-etm@openssh.
00000420  63:6f:6d:2c:68:6d:61:63:2d:6d:64:35:2d:39:36:2d  com,hmac-md5-96-
00000430  65:74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c  etm@openssh.com,
00000440  68:6d:61:63:2d:6d:64:35:2c:68:6d:61:63:2d:72:69  hmac-md5,hmac-ri
00000450  70:65:6d:64:31:36:30:2c:68:6d:61:63:2d:72:69:70  pemd160,hmac-rip
00000460  65:6d:64:31:36:30:40:6f:70:65:6e:73:73:68:2e:63  emd160@openssh.c
00000470  6f:6d:2c:68:6d:61:63:2d:73:68:61:31:2d:39:36:2c  om,hmac-sha1-96,
00000480  68:6d:61:63:2d:6d:64:35:2d:39:36:00:00:01:92:75  hmac-md5-96....u
00000490  6d:61:63:2d:36:34:2d:65:74:6d:40:6f:70:65:6e:73  mac-64-etm@opens
000004a0  73:68:2e:63:6f:6d:2c:75:6d:61:63:2d:31:32:38:2d  sh.com,umac-128-
000004b0  65:74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c  etm@openssh.com,
000004c0  68:6d:61:63:2d:73:68:61:32:2d:32:35:36:2d:65:74  hmac-sha2-256-et
000004d0  6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:68:6d  m@openssh.com,hm
000004e0  61:63:2d:73:68:61:32:2d:35:31:32:2d:65:74:6d:40  ac-sha2-512-etm@
000004f0  6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63  openssh.com,hmac
00000500  2d:73:68:61:31:2d:65:74:6d:40:6f:70:65:6e:73:73  -sha1-etm@openss
00000510  68:2e:63:6f:6d:2c:75:6d:61:63:2d:36:34:40:6f:70  h.com,umac-64@op
00000520  65:6e:73:73:68:2e:63:6f:6d:2c:75:6d:61:63:2d:31  enssh.com,umac-1
00000530  32:38:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:68  28@openssh.com,h
00000540  6d:61:63:2d:73:68:61:32:2d:32:35:36:2c:68:6d:61  mac-sha2-256,hma
00000550  63:2d:73:68:61:32:2d:35:31:32:2c:68:6d:61:63:2d  c-sha2-512,hmac-
00000560  73:68:61:31:2c:68:6d:61:63:2d:6d:64:35:2d:65:74  sha1,hmac-md5-et
00000570  6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:68:6d  m@openssh.com,hm
00000580  61:63:2d:72:69:70:65:6d:64:31:36:30:2d:65:74:6d  ac-ripemd160-etm
00000590  40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:68:6d:61  @openssh.com,hma
000005a0  63:2d:73:68:61:31:2d:39:36:2d:65:74:6d:40:6f:70  c-sha1-96-etm@op
000005b0  65:6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:6d  enssh.com,hmac-m
000005c0  64:35:2d:39:36:2d:65:74:6d:40:6f:70:65:6e:73:73  d5-96-etm@openss
000005d0  68:2e:63:6f:6d:2c:68:6d:61:63:2d:6d:64:35:2c:68  h.com,hmac-md5,h
000005e0  6d:61:63:2d:72:69:70:65:6d:64:31:36:30:2c:68:6d  mac-ripemd160,hm
000005f0  61:63:2d:72:69:70:65:6d:64:31:36:30:40:6f:70:65  ac-ripemd160@ope
00000600  6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68  nssh.com,hmac-sh
00000610  61:31:2d:39:36:2c:68:6d:61:63:2d:6d:64:35:2d:39  a1-96,hmac-md5-9
00000620  36:00:00:00:15:6e:6f:6e:65:2c:7a:6c:69:62:40:6f  6....none,zlib@o
00000630  70:65:6e:73:73:68:2e:63:6f:6d:00:00:00:15:6e:6f  penssh.com....no
00000640  6e:65:2c:7a:6c:69:62:40:6f:70:65:6e:73:73:68:2e  ne,zlib@openssh.
00000650  63:6f:6d:00:00:00:00:00:00:00:00:00:00:00:00:00  com.............



-> NET_SSH2_MSG_KEXDH_INIT (since last: 0.0044, network: 0s)
00000000  00:00:00:20:43:81:6b:49:af:7c:cf:ce:be:26:de:d4  ... C.kI.|...&..
00000010  d3:17:07:ee:56:a6:9a:51:a3:21:81:31:9c:9d:0b:37  ....V..Q.!.1...7
00000020  68:9f:27:16                                      h.'.


   phpseclib3\Exception\ConnectionClosedException  No data received from server.
@terrafrost
Copy link
Member

First, with a server identification string of SSH-2.0-OpenSSH_6.9 implementing a workaround specifically for Juniper switches is going to hard. It might still be possible to implement a workaround (eg. what I did for https://bugzilla.mindrot.org/show_bug.cgi?id=1291 was to make it so that if one of the problem algorithms is being used when a packet isn't able to be correctly decrypted that it tries to reconnect without the problem algorithms [see the bad_algorithm_candidate method in SSH2.php) but to decide if that'd be appropriate approach I'd need more info - the SSH logs and what the specific algorithm that's failing is.

Your post shows a cipher suite but it's unclear if that cipher suite is for a successful connection or a failing one. But like does it fail if client_to_server/crypt is a specific algorithm? Does every algorithm need to be a specific algorithm for it to fail? idk

If you were to share with me the IP address of the machine (I wouldn't need an account on that machine) to brute force different cipher suites I could do that myself. If you are able to do this you can email the info to terrafrost@gmail.com.

SSH logs would also help. There are two main ways to get SSH log:

Ephemeral Logging

You can get the SSH logs by creating a new temporary SSH instance with sudo /usr/sbin/sshd -ddd -p2222. Connect on port 2222 with the same credential that you normally do and then after the connection resolves itself that command will terminate.

Persistent Logging

idk if you can edit the /etc/ssh/sshd_config file but if you could then adding the following to it would enable you to get the logs:

LogLevel Debug3

Once you do that you'll need to restart SSH (systemctl restart sshd).

As https://serverfault.com/a/1130653 discusses, logs are stored by default to the AUTH SyslogFacility, eg. /var/log/auth.log. You can, however, change that by adding this to your sshd_config, as well:

SyslogFacility LOCAL0

You'd then want to modify /etc/rsyslog.conf and add this:

local0.*     /var/log/sshd.log

You'd then need to restart rsyslog (systemctl restart rsyslog)

@esljaz
Copy link
Author

esljaz commented Apr 30, 2024

Sorry for the very delayed response.

Sadly I won't be able to give you access to the server.

I appreciate you looking into this, but considering how much of an edge case this is, I think the workarounds are sufficient:

  • Upgrade the switch to the most recent security patch
  • Use setPreferredAlgorithms from my initial post

I'll be closing this off, maybe this helps someone somewhen!

@esljaz esljaz closed this as completed Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@terrafrost @esljaz