英文:
SSH proxy, bad packet length
问题
在Go语言中实现SSH代理时,出现了"bad packet length"错误。以下是在调试模式下SSH出现的错误信息:
debug1: SSH2_MSG_KEXINIT sentBad packet length 1231976033.ssh_dispatch_run_fatal: Connection to ::1 port 8080: message authentication code incorrect
代码部分:
func handleSSH(conn net.Conn, r *bufio.Reader, protocol string) {target, err := url.Parse("ssh://localhost:3333")if err != nil {fmt.Println("Error parsing target", err)conn.Close()return}targetConn, err := net.Dial("tcp", target.Host)if err != nil {fmt.Println("error dialing SSH target:", err)conn.Close()return}defer targetConn.Close()var wg sync.WaitGroupwg.Add(2)go func() {_, err := io.Copy(targetConn, conn)if err != nil {fmt.Println("error copying data to target:", err)}wg.Done()}()go func() {_, err := io.Copy(conn, targetConn)if err != nil {fmt.Println("error copying data from target:", err)}wg.Done()}()wg.Wait()conn.Close()}// EDITfunc connection(conn net.Conn) {r := bufio.NewReader(conn)protocol, err := r.ReadString('\n')if err != nil {fmt.Println("Error reading first line", err)conn.Close()return}if protocol[0:3] == "SSH" {handleSSH(conn, r, protocol)}}func main() {ln, err := net.Listen("tcp", ":8080")if err != nil {panic(err)}defer ln.Close()for {conn, err := ln.Accept()if err != nil {panic(err)}go connection(conn)}}
编辑:添加了相关信息的代码,以展示连接是如何初始化并重现错误。
我最好的猜测是SSH协商过程被中断,导致同步出现问题。
英文:
Implementing an ssh proxy in Go, errors out with bad packet length, these are the errors with ssh in debug mode:
debug1: SSH2_MSG_KEXINIT sentBad packet length 1231976033.ssh_dispatch_run_fatal: Connection to ::1 port 8080: message authentication code incorrect
Code:
func handleSSH(conn net.Conn, r *bufio.Reader, protocol string) {target, err := url.Parse("ssh://localhost:3333")if err != nil {fmt.Println("Error parsing target", err)conn.Close()return}targetConn, err := net.Dial("tcp", target.Host)if err != nil {fmt.Println("error dialing SSH target:", err)conn.Close()return}defer targetConn.Close()var wg sync.WaitGroupwg.Add(2)go func() {_, err := io.Copy(targetConn, conn)if err != nil {fmt.Println("error copying data to target:", err)}wg.Done()}()go func() {_, err := io.Copy(conn, targetConn)if err != nil {fmt.Println("error copying data from target:", err)}wg.Done()}()wg.Wait()conn.Close()}// EDITfunc connection(conn net.Conn) {r := bufio.NewReader(conn)protocol, err := r.ReadString('\n')if err != nil {fmt.Println("Error reading first line", err)conn.Close()return}if protocol[0:3] == "SSH" {handleSSH(conn, r, protocol)}}func main() {ln, err := net.Listen("tcp", ":8080")if err != nil {panic(err)}defer ln.Close()for {conn, err := ln.Accept()if err != nil {panic(err)}go connection(conn)}}
EDIT: added code for relevant information on how the connection is initiated and reproduce the error.
My best guess is the ssh negotiation process is being interrupted, and things goes out of sync.
答案1
得分: 1
代码正在从客户端读取第一行,并检查协议类型以调用适当的处理程序:
protocol, err := r.ReadString('\n')...if protocol[0:3] == "SSH" {handleSSH(conn, r, protocol)}
但是,代码未能将已读取的字节转发到连接的服务器。这些字节位于protocol中,并且被传递给handleSSH。但是,一旦建立连接,它未能将这些字节发送到连接的服务器。相反,它只是在客户端和服务器之间复制新数据。
这意味着服务器无法从客户端获取第一行。因此,它可能会抱怨协议错误,类似于Invalid SSH identification string.,这会被转发到客户端,并被错误地解释为SSH连接的有效数据。
英文:
The code is reading the first line from the client and checks the kind of protocol in order to call the appropriate handler:
protocol, err := r.ReadString('\n')...if protocol[0:3] == "SSH" {handleSSH(conn, r, protocol)}}
But the code fails to forward the already read bytes to the connected server. These bytes are in protocol and are given to handleSSH. But it fails to send these bytes to the connected server once the connection is established. Instead it only copies new data between client and server.
This means the server does not get the first line from the client. It therefore likely complains about a protocol error with something like Invalid SSH identification string. which gets forwarded to the client and misinterpreted as valid data from an SSH connection.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论