I've ran into some problems with SSH, using any o the following libraries JSCH, sshd from apache and sshj. They all block on the exec channel
when trying to read the output from a command I run and it will eventually timeout. The thing is that this only happens for some routers which have OpenSSH 4.5 server installed. The client works perfectly on my virtual box where I installed the latest possible version of OpenSSH.
Using Apache MINA SSHD the client would be:
public static void main(String[] args) throws InterruptedException, IOException {
String cmdToRun = "ls";
SshClient client = SshClient.setUpDefaultClient();
client.start();
ClientSession session = client.connect("127.0.0.1", 22).await().getSession();
session.authPassword("sshUser", "sshPass").await().isSuccess();
ChannelExec channelExec = session.createExecChannel(cmdToRun);
channelExec.setOut(System.out);
channelExec.open();
channelExec.waitFor(ClientChannel.CLOSED, 0);
channelExec.close(true);
client.stop();
}
I am debugging it in Eclipse and using WireShark I am observing the messages transmitted and the messages received, and everything seems fine. DH exchange goes well, auth also, but when I am trying to open the exec channel, in Virtual Box (where it works) I get:
.....
.....
Received SSH_MSG_USERAUTH_SUCCESS
Send SSH_MSG_CHANNEL_OPEN on channel 101
The response that i receive from the server looks like:
5b 00 00 00 65 00 00 00 00 00 00 00 00 00 00 80 00
5b means SSH_MSG_CHANNEL_OPEN_CONFIRMATION
00 00 00 65 is the channel the client sent(101 of course)
00 00 00 00 is the channel that the server assigned
00 00 00 00 is the initial window size
00 00 80 00 is the maximum packet size
Because the initial window size is 0, I first receive a SSH_MSG_CHANNEL_WINDOW_ADJUST
message, and then I a SSH_MSG_CHANNEL_SUCCESS
, which means that the request(the command) was successfully run. The SSH_MSG_CHANNEL_REQUEST
, which contains exit-status 0
and the SSH_MSG_CHANNEL_DATA
, which contains the result of my ls
command, are exchanged later on as expected.
Now on a router which has OpenSSH 4.5 the 5b message looks slightly different:
5b 00 00 00 65 00 00 00 00 00 02 00 00 00 00 80 00
As we can see the initial window is set, so there is no need to receive the SSH_MSG_CHANNEL_WINDOW_ADJUST
. I do receive SSH_MSG_CHANNEL_SUCCESS
, and that is it, then it stops. It doesn't receive any SSH_MSG_CHANNEL_REQUEST
containing the exit-status of the command, or a SSH_MSG_CHANNEL_DATA
, as shown in the previous example. Wireshark confirms it.
Why is this happening? How come I don't receive the result if I recieve the SSH_MSG_CHANNEL_SUCCESS
, which confirms that the request was successful?
This happens with all the different client libraries that I use, somehow they timeout. All works fine if I open a shell
channel but I don't want to use an interactive session. For commands that have many pages you have to read each line, see if you need to press something to continue etc.
Should I just give up? Maybe OpenSSH 4.5 does not allow exec
channels? Why isn't there any error?
So apparently the SSH settings on the servers are the culprit of me not getting any response or error.
In case it helps someone: If you want to debug ssh message exchange between client and server to see exactly what they exchange, without having to capture the session key, and decrypt ssh, you can take a look at the buffer you receive in: ClientSessionImpl:doHandleMessage(Buffer) for the Apache Mina SSH client. Ohh this is to see what you receive from the server, to see what you send should be easy, take a look at the methods you use in your code.