Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH Agent doesn't work with OpenSSH 8.9 #30

Open
wiktor-k opened this issue Mar 14, 2022 · 0 comments · May be fixed by #31
Open

SSH Agent doesn't work with OpenSSH 8.9 #30

wiktor-k opened this issue Mar 14, 2022 · 0 comments · May be fixed by #31

Comments

@wiktor-k
Copy link

Hi,

Just recently my distro updated OpenSSH to version 8.9 and it seems this version started sending session-bind@openssh.com extension. This makes the agent library fail when deserializing the extension contents with:

Error while handling message; error = Proto(Deserialization("Buffer not depleted. Remaining bytes: [0, 0, 0, 32, 31, 92, 89, 168, 63, 119, 109, 158, 157, 181, 208, 89, 2, 30, 180, 210, 255, 25, 137, 122, 89, 202, 215, 36, 138, 117, 129, 147, 165, 82, 137, 17, 0, 0, 0, 83, 0, 0, 0, 11, 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 64, 188, 188, 199, 20, 11, 19, 240, 109, 186, 82, 210, 236, 15, 242, 13, 15, 72, 199, 139, 139, 115, 208, 157, 112, 8, 248, 92, 55, 181, 17, 117, 115, 168, 51, 99, 61, 79, 1, 186, 190, 140, 144, 234, 172, 144, 64, 47, 93, 157, 71, 20, 36, 134, 76, 254, 7, 67, 176, 15, 19, 24, 129, 191, 3, 0]"))

It seems that extension_contents field of the Extension struct is not defined correctly. I've browsed the spec but I don't see a clear definition on how byte[] should be serialized on the wire.

I've added some further debugging to the request and got this:

Error while handling message; error = Proto(Deserialization("Buffer not depleted. All bytes: [27, 0, 0, 0, 24, 115, 101, 115, 115, 105, 111, 110, 45, 98, 105, 110, 100, 64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, 0, 0, 0, 51, 0, 0, 0, 11, 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 32, 177, 185, 198, 92, 165, 45, 127, 95, 202, 195, 226, 63, 6, 115, 10, 104, 18, 137, 172, 240, 153, 154, 174, 74, 83, 7, 1, 204, 14, 177, 153, 40, 0, 0, 0, 32, 175, 96, 42, 133, 218, 171, 58, 220, 97, 78, 155, 114, 20, 67, 90, 133, 24, 185, 156, 71, 128, 163, 234, 195, 202, 15, 160, 177, 130, 229, 114, 164, 0, 0, 0, 83, 0, 0, 0, 11, 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 64, 4, 235, 93, 135, 144, 110, 220, 24, 17, 150, 40, 11, 143, 37, 207, 58, 215, 159, 23, 233, 95, 218, 115, 22, 205, 101, 55, 159, 146, 42, 121, 190, 229, 82, 75, 174, 143, 199, 121, 141, 52, 155, 73, 215, 119, 220, 104, 241, 116, 83, 96, 129, 184, 12, 93, 93, 33, 243, 171, 236, 201, 123, 17, 1, 0].
Result: Extension(Extension { extension_type: \"session-bind@openssh.com\", extension_contents: [0, 0, 0, 11, 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 32, 177, 185, 198, 92, 165, 45, 127, 95, 202, 195, 226, 63, 6, 115, 10, 104, 18, 137, 172, 240, 153, 154, 174, 74, 83, 7, 1, 204, 14, 177, 153, 40] }).
Remaining bytes: [0, 0, 0, 32, 175, 96, 42, 133, 218, 171, 58, 220, 97, 78, 155, 114, 20, 67, 90, 133, 24, 185, 156, 71, 128, 163, 234, 195, 202, 15, 160, 177, 130, 229, 114, 164, 0, 0, 0, 83, 0, 0, 0, 11, 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 64, 4, 235, 93, 135, 144, 110, 220, 24, 17, 150, 40, 11, 143, 37, 207, 58, 215, 159, 23, 233, 95, 218, 115, 22, 205, 101, 55, 159, 146, 42, 121, 190, 229, 82, 75, 174, 143, 199, 121, 141, 52, 155, 73, 215, 119, 220, 104, 241, 116, 83, 96, 129, 184, 12, 93, 93, 33, 243, 171, 236, 201, 123, 17, 1, 0]"))

It seems that the extension name is deserialized properly and that the next thing is treated as the extension_content but in reality it's a hostkey field from the spec:

The message format is:

	byte		SSH_AGENTC_EXTENSION (0x1b)
	string		session-bind@openssh.com
	string		hostkey
	string		session identifier
	string		signature
	bool		is_forwarding

After hostkey there are additional fields that are the "remaining bytes" the error speaks of.

It seems like only the extension name should be parsed from the byte stream and the rest treated as bytes and the deserialization process should stop there.
wiktor-k referenced this issue in wiktor-k/ssh-agent-lib Mar 18, 2022
@wiktor-k
Fix deserialization of unknown extensions
e67cf9e 
OpenSSH 8.9 ssh client started sending EXTENSION commands. Unfortunately
ssh-agent.rs didn't deserialize them correctly and even though these
extensions were optional the agent didn't work.

This patch adjusts the deserialization of extension contents to properly
capture all bytes and includes a test code observed in the wild.

Fixes #30.
@wiktor-k wiktor-k linked a pull request Mar 18, 2022 that will close this issue
Open
wiktor-k referenced this issue in wiktor-k/ssh-agent-lib Mar 18, 2022
@wiktor-k
Fix deserialization of unknown extensions
c1616f9 
OpenSSH 8.9 ssh client started sending EXTENSION commands. Unfortunately
ssh-agent.rs didn't deserialize them correctly and even though these
extensions were optional the agent didn't work.

This patch adjusts the deserialization of extension contents to properly
capture all bytes and includes a test code observed in the wild.

Fixes #30.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix deserialization of unknown extensions wiktor-k/ssh-agent-lib
1 participant
@wiktor-k