Hello,
I'm communicating with an old Nortel 5530 (5530_511017.img) device. Its reporting the wrong key size. As near as I can tell, the issue originates on line 256 of Rebex.Net.SshDiffieHellmanOakleyNegotiation:
byte[] buffer = session.ReceivePacket(SshLayer.Transport);
TransportKexDhReply serverKex = new
TransportKexDhReply(buffer, 0, buffer.Length, EncodingTools.ASCII);
When serverKex.GetKey() is called two lines later, it returns a byte[] with a length of 291 (8 bits to long), leading the library to throw an error in the DSAManaged class when it does the length check and discovers that its 648 instead of 640.
I can ssh into the device using putty or securecrt, so the ssh server is working (though perhaps not as intended).
Any ideas?
See the log file below:
2014-05-13 18:47:58.304 Opening log file.
2014-05-13 18:47:58.304 Using FileLogWriter version 2.0.5171.0.
2014-05-13 18:47:58.332 INFO Ssh(1)[10] Info: Connecting to 10.110.0.180:22 using Ssh 1.0.5171.0.
2014-05-13 18:47:58.533 VERBOSE Ssh(1)[10] SSH: Sending data:
0000 |53-53-48-2D-32-2E-30-2D 52-65-62-65-78-53-53-48| SSH-2.0-RebexSSH
0010 |5F-31-2E-30-2E-35-31-37 31-2E-30-0D-0A | _1.0.5171.0..
2014-05-13 18:47:58.537 VERBOSE Ssh(1)[10] SSH: Received data:
0000 |53-53-48-2D-32-2E-30-2D 4D-6F-63-61-6E-61-20-53| SSH-2.0-Mocana S
0010 |53-48-20-0D-0A | SH ..
2014-05-13 18:47:58.537 DEBUG Ssh(1)[10] SSH: Server is 'SSH-2.0-Mocana SSH '.
2014-05-13 18:47:58.540 INFO Ssh(1)[10] SSH: Negotiation started.
2014-05-13 18:47:58.567 VERBOSE Ssh(1)[10] SSH: Sending packet SSH_MSG_KEXINIT (879 bytes).
0000 |14-83-33-5E-BF-27-53-76 EE-9A-D0-47-B7-2A-A0-0B| ..3^.'Sv...G.*..
0010 |ED-00-00-00-7E-64-69-66 66-69-65-2D-68-65-6C-6C| ....~diffie-hell
0020 |6D-61-6E-2D-67-72-6F-75 70-2D-65-78-63-68-61-6E| man-group-exchan
0030 |67-65-2D-73-68-61-32-35 36-2C-64-69-66-66-69-65| ge-sha256,diffie
0040 |2D-68-65-6C-6C-6D-61-6E 2D-67-72-6F-75-70-2D-65| -hellman-group-e
0050 |78-63-68-61-6E-67-65-2D 73-68-61-31-2C-64-69-66| xchange-sha1,dif
0060 |66-69-65-2D-68-65-6C-6C 6D-61-6E-2D-67-72-6F-75| fie-hellman-grou
0070 |70-31-34-2D-73-68-61-31 2C-64-69-66-66-69-65-2D| p14-sha1,diffie-
0080 |68-65-6C-6C-6D-61-6E-2D 67-72-6F-75-70-31-2D-73| hellman-group1-s
0090 |68-61-31-00-00-00-0F-73 73-68-2D-64-73-73-2C-73| ha1....ssh-dss,s
00A0 |73-68-2D-72-73-61-00-00 00-F1-61-65-73-32-35-36| sh-rsa....aes256
00B0 |2D-63-74-72-2C-61-65-73 31-39-32-2D-63-74-72-2C| -ctr,aes192-ctr,
00C0 |61-65-73-31-32-38-2D-63 74-72-2C-61-65-73-32-35| aes128-ctr,aes25
00D0 |36-2D-63-62-63-2C-61-65 73-31-39-32-2D-63-62-63| 6-cbc,aes192-cbc
00E0 |2C-61-65-73-31-32-38-2D 63-62-63-2C-33-64-65-73| ,aes128-cbc,3des
00F0 |2D-63-74-72-2C-33-64-65 73-2D-63-62-63-2C-74-77| -ctr,3des-cbc,tw
0100 |6F-66-69-73-68-32-35-36 2D-63-74-72-2C-74-77-6F| ofish256-ctr,two
0110 |66-69-73-68-31-39-32-2D 63-74-72-2C-74-77-6F-66| fish192-ctr,twof
0120 |69-73-68-31-32-38-2D-63 74-72-2C-74-77-6F-66-69| ish128-ctr,twofi
0130 |73-68-32-35-36-2D-63-62 63-2C-74-77-6F-66-69-73| sh256-cbc,twofis
0140 |68-31-39-32-2D-63-62-63 2C-74-77-6F-66-69-73-68| h192-cbc,twofish
0150 |31-32-38-2D-63-62-63-2C 74-77-6F-66-69-73-68-2D| 128-cbc,twofish-
0160 |63-62-63-2C-62-6C-6F-77 66-69-73-68-2D-63-74-72| cbc,blowfish-ctr
0170 |2C-62-6C-6F-77-66-69-73 68-2D-63-62-63-2C-61-72| ,blowfish-cbc,ar
0180 |63-66-6F-75-72-32-35-36 2C-61-72-63-66-6F-75-72| cfour256,arcfour
0190 |31-32-38-2C-61-72-63-66 6F-75-72-00-00-00-F1-61| 128,arcfour....a
01A0 |65-73-32-35-36-2D-63-74 72-2C-61-65-73-31-39-32| es256-ctr,aes192
01B0 |2D-63-74-72-2C-61-65-73 31-32-38-2D-63-74-72-2C| -ctr,aes128-ctr,
01C0 |61-65-73-32-35-36-2D-63 62-63-2C-61-65-73-31-39| aes256-cbc,aes19
01D0 |32-2D-63-62-63-2C-61-65 73-31-32-38-2D-63-62-63| 2-cbc,aes128-cbc
01E0 |2C-33-64-65-73-2D-63-74 72-2C-33-64-65-73-2D-63| ,3des-ctr,3des-c
01F0 |62-63-2C-74-77-6F-66-69 73-68-32-35-36-2D-63-74| bc,twofish256-ct
0200 |72-2C-74-77-6F-66-69-73 68-31-39-32-2D-63-74-72| r,twofish192-ctr
0210 |2C-74-77-6F-66-69-73-68 31-32-38-2D-63-74-72-2C| ,twofish128-ctr,
0220 |74-77-6F-66-69-73-68-32 35-36-2D-63-62-63-2C-74| twofish256-cbc,t
0230 |77-6F-66-69-73-68-31-39 32-2D-63-62-63-2C-74-77| wofish192-cbc,tw
0240 |6F-66-69-73-68-31-32-38 2D-63-62-63-2C-74-77-6F| ofish128-cbc,two
0250 |66-69-73-68-2D-63-62-63 2C-62-6C-6F-77-66-69-73| fish-cbc,blowfis
0260 |68-2D-63-74-72-2C-62-6C 6F-77-66-69-73-68-2D-63| h-ctr,blowfish-c
0270 |62-63-2C-61-72-63-66-6F 75-72-32-35-36-2C-61-72| bc,arcfour256,ar
0280 |63-66-6F-75-72-31-32-38 2C-61-72-63-66-6F-75-72| cfour128,arcfour
0290 |00-00-00-47-68-6D-61-63 2D-73-68-61-31-2C-68-6D| ...Ghmac-sha1,hm
02A0 |61-63-2D-6D-64-35-2C-68 6D-61-63-2D-73-68-61-32| ac-md5,hmac-sha2
02B0 |2D-32-35-36-2C-68-6D-61 63-2D-73-68-61-32-2D-35| -256,hmac-sha2-5
02C0 |31-32-2C-68-6D-61-63-2D 73-68-61-31-2D-39-36-2C| 12,hmac-sha1-96,
02D0 |68-6D-61-63-2D-6D-64-35 2D-39-36-00-00-00-47-68| hmac-md5-96...Gh
02E0 |6D-61-63-2D-73-68-61-31 2C-68-6D-61-63-2D-6D-64| mac-sha1,hmac-md
02F0 |35-2C-68-6D-61-63-2D-73 68-61-32-2D-32-35-36-2C| 5,hmac-sha2-256,
0300 |68-6D-61-63-2D-73-68-61 32-2D-35-31-32-2C-68-6D| hmac-sha2-512,hm
0310 |61-63-2D-73-68-61-31-2D 39-36-2C-68-6D-61-63-2D| ac-sha1-96,hmac-
0320 |6D-64-35-2D-39-36-00-00 00-1A-6E-6F-6E-65-2C-7A| md5-96....none,z
0330 |6C-69-62-2C-7A-6C-69-62 40-6F-70-65-6E-73-73-68| lib,zlib@openssh
0340 |2E-63-6F-6D-00-00-00-1A 6E-6F-6E-65-2C-7A-6C-69| .com....none,zli
0350 |62-2C-7A-6C-69-62-40-6F 70-65-6E-73-73-68-2E-63| b,zlib@openssh.c
0360 |6F-6D-00-00-00-00-00-00 00-00-00-00-00-00-00 | om.............
2014-05-13 18:47:58.571 VERBOSE Ssh(1)[10] SSH: Received packet SSH_MSG_KEXINIT (383 bytes).
0000 |14-86-2B-AD-FB-C1-AE-6E EE-D4-58-5B-73-3B-B3-21| ..+....n..X[s;.!
0010 |A8-00-00-00-1A-64-69-66 66-69-65-2D-68-65-6C-6C| .....diffie-hell
0020 |6D-61-6E-2D-67-72-6F-75 70-31-2D-73-68-61-31-00| man-group1-sha1.
0030 |00-00-07-73-73-68-2D-64 73-73-00-00-00-61-61-65| ...ssh-dss...aae
0040 |73-32-35-36-2D-63-62-63 2C-72-69-6A-6E-64-61-65| s256-cbc,rijndae
0050 |6C-32-35-36-2D-63-62-63 2C-61-65-73-31-39-32-2D| l256-cbc,aes192-
0060 |63-62-63-2C-72-69-6A-6E 64-61-65-6C-31-39-32-2D| cbc,rijndael192-
0070 |63-62-63-2C-61-65-73-31 32-38-2D-63-62-63-2C-72| cbc,aes128-cbc,r
0080 |69-6A-6E-64-61-65-6C-31 32-38-2D-63-62-63-2C-33| ijndael128-cbc,3
0090 |64-65-73-2D-63-62-63-2C 61-72-63-66-6F-75-72-00| des-cbc,arcfour.
00A0 |00-00-61-61-65-73-32-35 36-2D-63-62-63-2C-72-69| ..aaes256-cbc,ri
00B0 |6A-6E-64-61-65-6C-32-35 36-2D-63-62-63-2C-61-65| jndael256-cbc,ae
00C0 |73-31-39-32-2D-63-62-63 2C-72-69-6A-6E-64-61-65| s192-cbc,rijndae
00D0 |6C-31-39-32-2D-63-62-63 2C-61-65-73-31-32-38-2D| l192-cbc,aes128-
00E0 |63-62-63-2C-72-69-6A-6E 64-61-65-6C-31-32-38-2D| cbc,rijndael128-
00F0 |63-62-63-2C-33-64-65-73 2D-63-62-63-2C-61-72-63| cbc,3des-cbc,arc
0100 |66-6F-75-72-00-00-00-2B 68-6D-61-63-2D-73-68-61| four...+hmac-sha
0110 |31-2C-68-6D-61-63-2D-73 68-61-31-2D-39-36-2C-68| 1,hmac-sha1-96,h
0120 |6D-61-63-2D-6D-64-35-2C 68-6D-61-63-2D-6D-64-35| mac-md5,hmac-md5
0130 |2D-39-36-00-00-00-2B-68 6D-61-63-2D-73-68-61-31| -96...+hmac-sha1
0140 |2C-68-6D-61-63-2D-73-68 61-31-2D-39-36-2C-68-6D| ,hmac-sha1-96,hm
0150 |61-63-2D-6D-64-35-2C-68 6D-61-63-2D-6D-64-35-2D| ac-md5,hmac-md5-
0160 |39-36-00-00-00-04-6E-6F 6E-65-00-00-00-04-6E-6F| 96....none....no
0170 |6E-65-00-00-00-00-00-00 00-00-00-00-00-00-00 | ne.............
2014-05-13 18:47:58.588 DEBUG Ssh(1)[10] SSH: Negotiating key.
2014-05-13 18:47:58.621 VERBOSE Ssh(1)[10] SSH: Sending packet SSH_MSG_KEX_30 (134 bytes).
0000 |1E-00-00-00-81-00-DA-AF C8-9F-36-75-E4-2C-8D-17| ..........6u.,..
0010 |D9-AA-C4-C5-24-EA-54-84 B1-50-62-C0-3F-34-02-27| ....$.T..Pb.?4.'
0020 |40-10-A7-68-2C-71-0B-57 E1-7F-40-A6-4A-CD-54-4A| @..h,q.W..@.J.TJ
0030 |D5-65-95-D1-2D-90-B9-62 CD-E7-E3-DB-CB-BF-98-08|