Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH_MSG_IGNORE have no data string. #967

Open
GiantPanda0090 opened this issue Dec 17, 2024 · 0 comments
Open

SSH_MSG_IGNORE have no data string. #967

GiantPanda0090 opened this issue Dec 17, 2024 · 0 comments

Comments

@GiantPanda0090
Copy link

As RFC4253 stated - https://datatracker.ietf.org/doc/html/rfc4253#section-11.2 . SSH_MSG_IGNORE must have a string with data inside. Quote RFC4253 as below

[11.2](https://datatracker.ietf.org/doc/html/rfc4253#section-11.2).  Ignored Data Message

      byte      SSH_MSG_IGNORE
      string    data

   All implementations MUST understand (and ignore) this message at any
   time (after receiving the identification string).  No implementation
   is required to send them.  This message can be used as an additional
   protection measure against advanced traffic analysis techniques.

At the same time, as RFC4251 stated - https://datatracker.ietf.org/doc/html/rfc4251#section-5 , string cannot be empty. Even it is empty, it must be a empty string with 0 length like "".

string

      Arbitrary length binary string.  Strings are allowed to contain
      arbitrary binary data, including null characters and 8-bit
      characters.  They are stored as a uint32 containing its length
      (number of bytes that follow) and zero (= empty string) or more
      bytes that are the value of the string.  Terminating null
      characters are not used.

      Strings are also used to store text.  In that case, US-ASCII is
      used for internal names, and ISO-10646 UTF-8 for text that might
      be displayed to the user.  The terminating null character SHOULD
      NOT normally be stored in the string.  For example: the US-ASCII
      string "testing" is represented as 00 00 00 07 t e s t i n g.  The
      UTF-8 mapping does not alter the encoding of US-ASCII characters.

However in SSHJ implmentation (under all branches include master) - src/main/java/net/schmizz/keepalive/Heartbeater.java . We do not provide any data field

    @Override
    protected void doKeepAlive() throws TransportException {
        conn.getTransport().write(new SSHPacket(Message.IGNORE));   <<<<<<  No data field
    }
}

This will cause SSH Server on the other side define this message as invalid message and terminate the connection.
For example the SSHJ log as below

System - Sending SSH_MSG_SERVICE_REQUEST 
sshj-Heartbeater - Encoding packet #0: 02
sshj-Reader- Received packet #0: <mask for security>
sshj-Reader-Received packet DISCONNECT
sshj-Reader-Received SSH_MSG_DISCONNECT (reason=PROTOCOL_ERROR, msg=Protocol error)
sshj-Reader-Dying because - Protocol error

Except issues from our side, another similar issue has also happend in https://issues.apache.org/jira/browse/SSHD-699 . I believe they also have a very good point on this.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GiantPanda0090