Hello,
I'm having a crash problem with latest version (also previous ones) with ssh private key authentication and Putty Pageant. Looks like there is a buffer overflow involved. With several smaller keys (e.g. ssh-ed25519) it works well.
I found a scenario to reproduce it:
- Generate a RSA 4096 Bit length private/public key pair
- Load it on the Windows client into Putty Pageant
- Put public key at the server at ~/.ssh/authorized_keys
- open connection to the server => crash, see logs
Looks like it is a bug in the old libssh library version with large private/public keys.
Can you please fix the topic.
Some questions:
- Is the used libssh version really version 0.9.2? - The logs have some entries with: agent_talk - len of request - That has been changed in git to another logging in 2011: https://git.libssh.org/projects/libssh.git/commit/?id=ba4f10dc4657952ec47f71... - Version 0.9.2 has been released in 2019: https://www.libssh.org/2019/11/07/libssh-0-9-2/ - So it looks, not the version 0.9.2 is used
- Any plans to upgrade to latest version of libssh 0.11.0 while keeping Putty Pageant Agent support?
- Upgrade plans to newer Putty version?
- Is there a newer nightly Windows build from newer git sources available?
Version:
- X2Go Client 4.1.2.3-ba65703-kdrclient-a3134d6 - according to the logs: ssh_connect: libssh 0.9.2 (c) 2003-2019 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_pthread
- Server: (not relevant but version is: x2goserver-4.1.0.6-4.fc41.x86_64)
Thnx.
Ciao, Gerhard
Relevant debug log file on the client: x2go-DEBUG-src\sshmasterconnection.cpp:674> Setting SSH directory to C:/Users/user/ssh [2024/12/17 08:03:09.904803, 3] : agent_talk - len of request: 1 [2024/12/17 08:03:09.904803, 3] : agent_talk - response length: 568 [2024/12/17 08:03:09.904803, 1] ssh_agent_get_ident_count: Answer type: 12, expected answer: 12 [2024/12/17 08:03:09.904803, 3] ssh_agent_get_ident_count: Agent count: 1 [2024/12/17 08:03:09.904803, 3] ssh_userauth_agent: Trying identity rsa-key-20241217 [2024/12/17 08:03:09.904803, 3] ssh_key_algorithm_allowed: Checking rsa-sha2-512 with list <ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss> [2024/12/17 08:03:09.904803, 3] ssh_key_algorithm_allowed: Checking rsa-sha2-512 with list <ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss> [2024/12/17 08:03:09.904803, 3] packet_send2: packet: wrote [type=5, len=32, padding_size=14, comp=17, payload=17] [2024/12/17 08:03:09.904803, 3] ssh_service_request: Sent SSH_MSG_SERVICE_REQUEST (service ssh-userauth) [2024/12/17 08:03:09.904803, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket [2024/12/17 08:03:09.949398, 3] ssh_packet_socket_callback: packet: read type 6 [len=32,padding=14,comp=17,payload=17] [2024/12/17 08:03:09.949398, 3] ssh_packet_process: Dispatching handler for packet type 6 [2024/12/17 08:03:09.949398, 3] ssh_packet_service_accept: Received SSH_MSG_SERVICE_ACCEPT [2024/12/17 08:03:09.949398, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket [2024/12/17 08:03:09.949398, 3] packet_send2: packet: wrote [type=50, len=608, padding_size=11, comp=596, payload=596] [2024/12/17 08:03:09.959352, 3] ssh_packet_socket_callback: packet: read type 60 [len=576,padding=19,comp=556,payload=556] [2024/12/17 08:03:09.959352, 3] ssh_packet_process: Dispatching handler for packet type 60 [2024/12/17 08:03:09.959352, 3] ssh_userauth_agent: Public key of rsa-key-20241217 accepted by server [2024/12/17 08:03:09.959352, 3] ssh_key_algorithm_allowed: Checking rsa-sha2-512 with list <ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss> [2024/12/17 08:03:09.959352, 3] ssh_key_algorithm_allowed: Checking rsa-sha2-512 with list <ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss> [2024/12/17 08:03:09.959352, 3] : agent_talk - len of request: 1180 QObject::~QObject: Timers cannot be stopped from another thread <---------- CRASH HERE ---------->