|
Hey everyone!
I’ve reached out to AllegroSoft, the developers of RomSShell, to see if
they can help with this issue, but I can’t expect they will help. Sometimes
people do, sometimes not.
So I’m wondering if any other SSH server developer has experienced this
issue with the RomSShell client.
This is an SSH implementation that runs on resource constrained hardware,
and to which I don’t have source code access. In our case, a user has provided
us with information that suggests the following is happening:
- The RomSShell client connects to our server. SSH version strings are
exchanged.
- KEXINIT packets are exchanged and diffie-hellman-group1-sha1 is
negotiated. (That’s the only key exchange algorithm the client sends. Not sure
if this version supports anything else. Perhaps not.)
- diffie-hellman-group1-sha1 key exchange occurs, and from the server’s
perspective, is completed successfully. The server sends SSH_MSG_NEWKEYS and
waits for the client.
- The client takes a good 25 seconds to think about what the server just
sent. Then it replies with SSH_MSG_DISCONNECT, stating reason code
SSH_DISCONNECT_PROTOCOL_ERROR, and description: “Not expecting new keys
message”.
For comparison – the client is able to connect to other SSH servers, such
as OpenSSH; in which case it neither incurs a 25 second delay (the SSH handshake
completes promptly) nor sends this protocol error message.
At this point, my first instinct is to try delaying SSH_MSG_NEWKEYS by a
second or more, in case the client is not ready to receive NEWKEYS at the same
time it’s processing the last DH key exchange message. However, I’m not sure how
that would cause a 25 second delay before it sends DISCONNECT.
Does anyone else have experience with this client, and has resolved this
issue?
denis
|