SSH2 NONE authentication non-functional
SSH2 NONE authentication is non-functional - it just hangs.
multics@connect.ban.ai
is a public-facing gateway using only NONE authentication (using OpenSSH), but it's reproducible on any server, and the same on OpenSSH and several non-OpenSSH servers. I tested at least 10 different hosts.
I tried all libssh versions (at least back back to 0.7) to see if I could find the first working version, but no version actually worked.
On an OpenSSH server configured with the default logging level logs:
Accepted none for YYY from [XXX] port 9737 ssh2
dispatch_protocol_error: type 50 seq 5
The example client under a debugger shows the hang is around libssh:src/auth.c line ~452 in the ssh_userauth_none
function.
The example client with highest verbose logging (from todays git) outputs:
[2023/01/24 12:05:57.256752, 3] ssh_connect: libssh 0.10.90 (c) 2003-2023 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_pthread
[2023/01/24 12:05:57.256759, 3] getai: host XXX matches an IP address
[2023/01/24 12:05:57.256835, 3] ssh_socket_connect: Nonblocking connection socket: 3
[2023/01/24 12:05:57.256842, 3] ssh_connect: Socket connecting, now waiting for the callbacks to work
[2023/01/24 12:05:57.256845, 3] ssh_connect: Actual timeout : 10000
[2023/01/24 12:05:57.256852, 4] ssh_socket_pollcallback: Poll callback on socket 3 (POLLOUT ), out buffer 0
[2023/01/24 12:05:57.256855, 3] ssh_socket_pollcallback: Received POLLOUT in connecting state
[2023/01/24 12:05:57.256858, 4] socket_callback_connected: Socket connection callback: 1 (0)
[2023/01/24 12:05:57.256886, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2023/01/24 12:05:57.256896, 4] ssh_socket_pollcallback: Poll callback on socket 3 (POLLOUT ), out buffer 0
[2023/01/24 12:05:57.265738, 4] ssh_socket_pollcallback: Poll callback on socket 3 (POLLIN ), out buffer 0
[2023/01/24 12:05:57.265762, 3] callback_receive_banner: Received banner: SSH-2.0-OpenSSH_8.8
[2023/01/24 12:05:57.265766, 3] ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_8.8
[2023/01/24 12:05:57.265768, 3] ssh_analyze_banner: Analyzing banner: SSH-2.0-OpenSSH_8.8
[2023/01/24 12:05:57.265773, 3] ssh_analyze_banner: We are talking to an OpenSSH server version: 8.8 (80800)
[2023/01/24 12:05:57.267102, 3] ssh_client_select_hostkeys: Order of wanted host keys: "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256"
[2023/01/24 12:05:57.267310, 4] ssh_known_hosts_read_entries: Failed to open the known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory
[2023/01/24 12:05:57.267329, 3] ssh_client_select_hostkeys: Algorithms found in known_hosts files: "ssh-ed25519"
[2023/01/24 12:05:57.267335, 3] ssh_client_select_hostkeys: Changing host key method to "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256"
[2023/01/24 12:05:57.267339, 4] ssh_list_kex: kex algos: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c
[2023/01/24 12:05:57.267341, 4] ssh_list_kex: server host key algo: ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
[2023/01/24 12:05:57.267343, 4] ssh_list_kex: encryption client->server: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,
[2023/01/24 12:05:57.267344, 4] ssh_list_kex: encryption server->client: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,
[2023/01/24 12:05:57.267346, 4] ssh_list_kex: mac algo client->server: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512
[2023/01/24 12:05:57.267348, 4] ssh_list_kex: mac algo server->client: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512
[2023/01/24 12:05:57.267349, 4] ssh_list_kex: compression algo client->server: none,zlib@openssh.com,zlib
[2023/01/24 12:05:57.267351, 4] ssh_list_kex: compression algo server->client: none,zlib@openssh.com,zlib
[2023/01/24 12:05:57.267352, 4] ssh_list_kex: languages client->server:
[2023/01/24 12:05:57.267354, 4] ssh_list_kex: languages server->client:
[2023/01/24 12:05:57.267386, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2023/01/24 12:05:57.267392, 3] packet_send2: packet: wrote [type=20, len=916, padding_size=9, comp=906, payload=906]
[2023/01/24 12:05:57.267394, 3] ssh_send_kex: SSH_MSG_KEXINIT sent
[2023/01/24 12:05:57.267399, 4] ssh_socket_pollcallback: Poll callback on socket 3 (POLLIN POLLOUT ), out buffer 0
[2023/01/24 12:05:57.267407, 3] ssh_packet_socket_callback: packet: read type 20 [len=1044,padding=10,comp=1033,payload=1033]
[2023/01/24 12:05:57.267410, 3] ssh_packet_process: Dispatching handler for packet type 20
[2023/01/24 12:05:57.267417, 4] ssh_list_kex: kex algos: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
[2023/01/24 12:05:57.267422, 4] ssh_list_kex: server host key algo: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
[2023/01/24 12:05:57.267424, 4] ssh_list_kex: encryption client->server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[2023/01/24 12:05:57.267426, 4] ssh_list_kex: encryption server->client: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[2023/01/24 12:05:57.267428, 4] ssh_list_kex: mac algo client->server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[2023/01/24 12:05:57.267431, 4] ssh_list_kex: mac algo server->client: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[2023/01/24 12:05:57.267433, 4] ssh_list_kex: compression algo client->server: none,zlib@openssh.com
[2023/01/24 12:05:57.267435, 4] ssh_list_kex: compression algo server->client: none,zlib@openssh.com
[2023/01/24 12:05:57.267437, 4] ssh_list_kex: languages client->server:
[2023/01/24 12:05:57.267439, 4] ssh_list_kex: languages server->client:
[2023/01/24 12:05:57.267453, 3] ssh_kex_select_methods: Negotiated curve25519-sha256,ssh-ed25519,chacha20-poly1305@openssh.com,chacha20-poly1305@openssh.com,aead-poly1305,aead-poly1305,none,none,,
[2023/01/24 12:05:57.267617, 3] packet_send2: packet: wrote [type=30, len=44, padding_size=6, comp=37, payload=37]
[2023/01/24 12:05:57.267627, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2023/01/24 12:05:57.267633, 4] ssh_socket_pollcallback: Poll callback on socket 3 (POLLOUT ), out buffer 0
[2023/01/24 12:05:57.267635, 4] ssh_socket_pollcallback: sending control flow event
[2023/01/24 12:05:57.267636, 4] ssh_packet_socket_controlflow_callback: sending channel_write_wontblock callback
[2023/01/24 12:05:57.311839, 4] ssh_socket_pollcallback: Poll callback on socket 3 (POLLIN ), out buffer 0
[2023/01/24 12:05:57.311860, 3] ssh_packet_socket_callback: packet: read type 31 [len=188,padding=8,comp=179,payload=179]
[2023/01/24 12:05:57.311863, 3] ssh_packet_process: Dispatching handler for packet type 31
[2023/01/24 12:05:57.312037, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2023/01/24 12:05:57.312044, 3] packet_send2: packet: wrote [type=21, len=12, padding_size=10, comp=1, payload=1]
[2023/01/24 12:05:57.312047, 4] ssh_packet_set_newkeys: called, direction = OUT
[2023/01/24 12:05:57.312156, 3] crypt_set_algorithms2: Set output algorithm to chacha20-poly1305@openssh.com
[2023/01/24 12:05:57.312160, 3] crypt_set_algorithms2: Set HMAC output algorithm to aead-poly1305
[2023/01/24 12:05:57.312163, 3] crypt_set_algorithms2: Set input algorithm to chacha20-poly1305@openssh.com
[2023/01/24 12:05:57.312164, 3] crypt_set_algorithms2: Set HMAC input algorithm to aead-poly1305
[2023/01/24 12:05:57.312206, 3] ssh_init_rekey_state: Set rekey after 134217728 blocks
[2023/01/24 12:05:57.312209, 3] ssh_init_rekey_state: Set rekey after 134217728 blocks
[2023/01/24 12:05:57.312238, 3] ssh_packet_client_curve25519_reply: SSH_MSG_NEWKEYS sent
[2023/01/24 12:05:57.312241, 3] ssh_packet_socket_callback: Processing 292 bytes left in socket buffer
[2023/01/24 12:05:57.312243, 3] ssh_packet_socket_callback: packet: read type 21 [len=12,padding=10,comp=1,payload=1]
[2023/01/24 12:05:57.312245, 3] ssh_packet_process: Dispatching handler for packet type 21
[2023/01/24 12:05:57.312247, 3] ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
[2023/01/24 12:05:57.312251, 4] ssh_pki_signature_verify: Going to verify a ssh-ed25519 type signature
[2023/01/24 12:05:57.312393, 4] pki_verify_data_signature: Signature valid
[2023/01/24 12:05:57.312397, 3] ssh_packet_newkeys: Signature verified and valid
[2023/01/24 12:05:57.312399, 4] ssh_packet_set_newkeys: called, direction = IN
[2023/01/24 12:05:57.312402, 3] ssh_packet_socket_callback: Processing 276 bytes left in socket buffer
[2023/01/24 12:05:57.312416, 3] ssh_packet_socket_callback: packet: read type 7 [len=256,padding=8,comp=247,payload=247]
[2023/01/24 12:05:57.312418, 3] ssh_packet_process: Dispatching handler for packet type 7
[2023/01/24 12:05:57.312422, 3] ssh_packet_ext_info: Received SSH_MSG_EXT_INFO
[2023/01/24 12:05:57.312423, 3] ssh_packet_ext_info: Follows 1 extensions
[2023/01/24 12:05:57.312426, 3] ssh_packet_ext_info: Extension: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
[2023/01/24 12:05:57.312429, 3] ssh_connect: current state : 7
[2023/01/24 12:05:57.312615, 3] packet_send2: packet: wrote [type=5, len=24, padding_size=6, comp=17, payload=17]
[2023/01/24 12:05:57.312619, 3] ssh_service_request: Sent SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
[2023/01/24 12:05:57.312622, 4] ssh_socket_pollcallback: Poll callback on socket 3 (POLLOUT ), out buffer 44
[2023/01/24 12:05:57.312626, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2023/01/24 12:05:57.312629, 4] ssh_socket_pollcallback: Poll callback on socket 3 (POLLOUT ), out buffer 0
[2023/01/24 12:05:57.312631, 4] ssh_socket_pollcallback: sending control flow event
[2023/01/24 12:05:57.312633, 4] ssh_packet_socket_controlflow_callback: sending channel_write_wontblock callback
[2023/01/24 12:05:57.353122, 4] ssh_socket_pollcallback: Poll callback on socket 3 (POLLIN ), out buffer 0
[2023/01/24 12:05:57.353151, 3] ssh_packet_socket_callback: packet: read type 6 [len=24,padding=6,comp=17,payload=17]
[2023/01/24 12:05:57.353154, 3] ssh_packet_process: Dispatching handler for packet type 6
[2023/01/24 12:05:57.353156, 3] ssh_packet_service_accept: Received SSH_MSG_SERVICE_ACCEPT
[2023/01/24 12:05:57.353194, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2023/01/24 12:05:57.353199, 3] packet_send2: packet: wrote [type=50, len=48, padding_size=9, comp=38, payload=38]
[2023/01/24 12:05:57.353203, 4] ssh_socket_pollcallback: Poll callback on socket 3 (POLLOUT ), out buffer 0
[2023/01/24 12:05:57.353204, 4] ssh_socket_pollcallback: sending control flow event
[2023/01/24 12:05:57.353206, 4] ssh_packet_socket_controlflow_callback: sending channel_write_wontblock callback
[2023/01/24 12:05:57.362313, 4] ssh_socket_pollcallback: Poll callback on socket 3 (POLLIN ), out buffer 0
[2023/01/24 12:05:57.362348, 3] ssh_packet_socket_callback: packet: read type 52 [len=8,padding=6,comp=1,payload=1]
[2023/01/24 12:05:57.362352, 3] ssh_packet_process: Dispatching handler for packet type 52
[2023/01/24 12:05:57.362354, 3] ssh_packet_userauth_success: Authentication successful
[2023/01/24 12:05:57.362356, 4] ssh_packet_userauth_success: Received SSH_USERAUTH_SUCCESS
[2023/01/24 12:05:57.362358, 3] ssh_packet_need_rekey: rekey: [data_rekey_needed=0, out_blocks=6, in_blocks=32]
[2023/01/24 12:05:57.362365, 3] ssh_packet_need_rekey: rekey: [data_rekey_needed=0, out_blocks=10, in_blocks=36]
[2023/01/24 12:05:57.362393, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2023/01/24 12:05:57.362398, 3] packet_send2: packet: wrote [type=50, len=48, padding_size=9, comp=38, payload=38]
[2023/01/24 12:05:57.362401, 4] ssh_socket_pollcallback: Poll callback on socket 3 (POLLOUT ), out buffer 0
[2023/01/24 12:05:57.362403, 4] ssh_socket_pollcallback: sending control flow event
[2023/01/24 12:05:57.362405, 4] ssh_packet_socket_controlflow_callback: sending channel_write_wontblock callback
[2023/01/24 12:05:57.364277, 4] ssh_socket_pollcallback: Poll callback on socket 3 (POLLIN ), out buffer 0
[2023/01/24 12:05:57.364298, 3] ssh_packet_socket_callback: packet: read type 80 [len=608,padding=4,comp=603,payload=603]
[2023/01/24 12:05:57.364301, 3] ssh_packet_process: Dispatching handler for packet type 80
[2023/01/24 12:05:57.364303, 3] ssh_packet_global_request: Received SSH_MSG_GLOBAL_REQUEST packet
[2023/01/24 12:05:57.364306, 3] ssh_packet_global_request: UNKNOWN SSH_MSG_GLOBAL_REQUEST hostkeys-00@openssh.com, want_reply = 0
[2023/01/24 12:05:57.364308, 3] ssh_packet_global_request: The requester doesn't want to know the request failed!
[2023/01/24 12:05:57.364310, 4] ssh_packet_global_request: Invalid SSH_MSG_GLOBAL_REQUEST packet
[2023/01/24 12:05:57.364312, 3] ssh_packet_need_rekey: rekey: [data_rekey_needed=0, out_blocks=10, in_blocks=107]
[2023/01/24 12:05:57.404993, 4] ssh_socket_pollcallback: Poll callback on socket 3 (POLLIN ), out buffer 0
[2023/01/24 12:05:57.405025, 3] ssh_packet_socket_callback: packet: read type 3 [len=16,padding=10,comp=5,payload=5]
[2023/01/24 12:05:57.405028, 3] ssh_packet_process: Dispatching handler for packet type 3
[2023/01/24 12:05:57.405031, 1] ssh_packet_unimplemented: Received SSH_MSG_UNIMPLEMENTED (sequence number 5)
[2023/01/24 12:05:57.405033, 3] ssh_packet_need_rekey: rekey: [data_rekey_needed=0, out_blocks=10, in_blocks=107]
At this point there is no further output, and I had interrupted the client process. Allowing it to just sit results in the server disconnecting the client for timeout.