-
-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSH sshd disconnects with invalid packet type: 192 on sshpiper >= 1.2.4 #323
Comments
this is an interesting issue workaround is to upgrade your sshd or use 1.2.3- sshpiper let me think about how to deal it |
btw what is fancy os dist? your ssh client is too |
I'm using Manjaro which already distributes OpenSSH 9.6.
If I undestand this correctly the ping@openssh message may either be replied to with the exact copy of the data or may just be ignored. So one way would be for sshpiper to filter ping@openssh messages if the upstream doesn't support it or reply by itself instead of passing it to upstream. |
i am not into filtering it as inspecting every single msg contributes to latency the design of sshpiper is to void touching msg after authentication |
chart 0.3.5 published, it can unblock you for now |
Hi,
I'm facing an issue with sshpiper >= 1.2.4 where sshd receives a packet with type 192 and immediately disconnects afterwards with "connection from 1.2.3.4:11282 closed reason: ssh: disconnect, reason2: Invalid ssh2 packet type: 192".
sshd-backend logs for disconnect:
The disconnects happens right after I type something after connecting. Means: Connection works, I get a terminal from the backend but as soon as I type something (press enter, typing a letter) I get disconnected.
SFTP on the other hand works - i can upload/download/delete files, create directories, etc.
Using connection multiplexing with the ControlSocket option and first connecting with SFTP and then multiplexing this connection with SSH I can also use the terminal without disconnects.
So something must be happening when using SSH and trying to send a keystroke for the first time.
With sshpiper 1.2.3 I can't reproduce the error anymore. Digging through the changelog from 1.2.3 to 1.2.4 I found this change in crypto module: tg123/sshpiper.crypto@833695f
Setup
Currently sshpiper is running on a single-node rke2 Kubernetes with this helm chart.
I've installed it with these settings:
helm install --create-namespace --namespace sshpiper sshpiper sshpiper/sshpiper --version 0.3.4 --set service.type=LoadBalancer --set service.port=22 --set sshpiper.loglevel=trace --set sshpiper.kubernetes_all_namespaces=true --set rbac.clusterRole=true --set sshpiper.drop_hostkeys_message=true
As backend I'm using a debian:12 base with openssh-9.2p1. I've also tried with lscr.io/linuxserver/openssh-server:latest and got the same disconnects.
I'm not doing anything "fancy" outside of the examples in doc to get the Pipes in k8s working, but I can still post more details about the setup if needed for reproduction.
The text was updated successfully, but these errors were encountered: