Error occurs when accessing to OpenSsh_8.0p1

0 votes
asked Nov 20 by Takashi Hashida (120 points)
edited Nov 21 by Takashi Hashida

A error below occurs occasionally when accessing to OpenSsh8.0p1 via Scp.GetFile().
Scp.GetFile() works always correctlly when accessing to OpenSsh
7.8p1.

Rebex error
"ClassName": "Rebex.Net.ScpException", "Message": "Cannot open channel; connect failed. Open failed.", "Data": { "ScpStatus": 1, "Status": 3 },

sshd(OpenSsh_8.0p1) error
Nov 19 15:37:12 rhel80 sshd[2349]: error: server_input_channel_open: invalid remote channel ID

I think the error occurs after this commit of OpenSsh (included in OpenSshd_8.0p1) but I don't know the commit is correct or not.
https://github.com/openssh/openssh-portable/commit/7ec5cb4d15ed2f2c5c9f5d00e6b361d136fc1e2d#diff-68e5826568dd6f49d090ff4387c220d6R685

Is this a Rebex issue or OpenSsh issue or any other issue?

Does Anyone have any information or solutions about this?

1 Answer

0 votes
answered Nov 20 by Lukas Pokorny (104,230 points)

Hello, thanks for bringing this issue to our attention!

It is apparently caused by a bug in OpenSSH that was introduced in the commit you found:

if (rchan > INT_MAX) {
    error("%s: invalid remote channel ID", __func__);

The 'rchan' variable represents SSH_MSG_CHANNEL_OPEN message's 'sender channel' field, which is supposed to be uint32, a 32-bit unsigned integer (see RFC 4254). This means that OpenSSH's check with INT_MAX (the upper bound for signed 32-bit integer) is wrong.

Rebex generates 'sender channel' numbers randomly (except the first allocated channel, which always uses 0) within the uint32 range, which means that when communicating with OpenSSH 8 using SCP (which, unlike SFTP, involves a new channel for each transfer), there is a 50 % chance that a correct 'sender channel' number would be rejected by the server.

Fortunately, adding a workaround for this server-side bug is simple for us - we can just limit our 'sender channel' numbers to int32 as well. Then, the bug will not manifest itself. We'll prepare a hotfix and send you a link shortly.

commented Nov 21 by Takashi Hashida (120 points)
Thanks for your reply.
I'm looking forward to it!
commented Nov 21 by Lukas Pokorny (104,230 points)
I just sent a link to a hotfix build to your e-mail address. The hotfix is stable and can be used in production. Please give it a try and let us know whether it solved the issue.
commented Nov 22 by Takashi Hashida (120 points)
It works.

I have tested communication with OpenSSH 8 using Scp.GetFile() about 50 times and no error has occured.

Thank you!
commented Nov 22 by Lukas Pokorny (104,230 points)
Thank you as well! We'll include this change in the next release.
...