Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Invalid identification string” error #1118

Open
daihang opened this issue Jan 10, 2022 · 1 comment
Open

"Invalid identification string” error #1118

daihang opened this issue Jan 10, 2022 · 1 comment
Labels
compatibility

Comments

@daihang
Copy link

daihang commented Jan 10, 2022

There is an old switch I can ssh by MobaXterm or ssh client in Windows. But when I use ssh2 lib to connect, below error occurs:

node:events:368
      throw er; // Unhandled 'error' event
      ^

Error: Invalid identification string
    at Protocol.parseHeader [as _parse] (D:\dh\code\try-nodejs\node_modules\?[4mssh2?[24m\lib\protocol\Protocol.js:1935:17)
    at Protocol.parse (D:\dh\code\try-nodejs\node_modules\?[4mssh2?[24m\lib\protocol\Protocol.js:293:16)
    at Socket.<anonymous> (D:\dh\code\try-nodejs\node_modules\?[4mssh2?[24m\lib\client.js:713:21)
?[90m    at Socket.emit (node:events:390:28)?[39m
?[90m    at addChunk (node:internal/streams/readable:315:12)?[39m
?[90m    at readableAddChunk (node:internal/streams/readable:289:9)?[39m
?[90m    at Socket.Readable.push (node:internal/streams/readable:228:10)?[39m
?[90m    at TCP.onStreamRead (node:internal/stream_base_commons:199:23)?[39m
Emitted 'error' event on Client instance at:
    at Socket.<anonymous> (D:\dh\code\try-nodejs\node_modules\?[4mssh2?[24m\lib\client.js:715:20)
?[90m    at Socket.emit (node:events:390:28)?[39m
    [... lines matching original stack trace ...]
?[90m    at TCP.onStreamRead (node:internal/stream_base_commons:199:23)?[39m

After added some debug code to Protocol.js , I found the identification string from the switch might not match standard well:

172.28.230.19: initiate
172.28.230.19: Connection.connect
Connected
<dh.debug>data
<Buffer 53 53 48 2d 32 2e 30 2d 20 20 20 20 20 20 20 0d 0a>
<dh.debug>full
SSH-2.0-
<dh.debug>identRaw
SSH-2.0-

so I bypass the throwing exception by changing code as below and then the script works as expected

if (!m){
    // throw new Error('Invalid identification string');
    m =[];
    m[1] = '2.0';
    m[2] ='';
    m[3] =''
  }

I guess the root cause shoud be the switch's bug, but is it possible to be compatible with this case like MobaXterm?

FYI: the identificatin output when run "ssh -vvv [user]@[IP]" from Windows CMD:

debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version
debug1: no match:
@Sapkotaanish Sapkotaanish mentioned this issue Dec 1, 2022
Closed
@ethanherbertson
Copy link

ethanherbertson commented Jul 12, 2023
edited
Loading

Ran into this same issue today when attempting a connection known to work under earlier versions of this module (pre 1.0).

Based on my (non-expert) read of RFC4253 Section 4.2, it doesn't explicitly state that the softwareversion in the ident can't be all whitespace... although at best it means it is unclear whether some of the whitespace is meant to be comments or whether it's all meant to be softwareversion. EDIT: I'm a dummy. It very much says it can't be all whitespace, in fact it says it must not even contain whitespace.

That being said, I'd expect this library to log the ident to the debug handler/callback before raising this kind of error, because currently in order to actually see the ident in question I've had to use a downgraded version of the library.

(After downgrading and turning on debug logging, I got:)

SSH DEBUG: DEBUG: Local ident: 'SSH-2.0-ssh2js0.4.8'
SSH DEBUG: DEBUG: Client: Trying [redacted] on port 22 ...
SSH DEBUG: DEBUG: Client: Connected
SSH DEBUG: DEBUG: Parser: IN_INIT
SSH DEBUG: DEBUG: Parser: IN_GREETING
SSH DEBUG: DEBUG: Parser: IN_HEADER
SSH DEBUG: DEBUG: Remote ident: 'SSH-2.0-             '
SSH DEBUG: DEBUG: Outgoing: Writing KEXINIT
SSH DEBUG: DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
SSH DEBUG: DEBUG: Parser: IN_PACKET
SSH DEBUG: DEBUG: Parser: pktLen:676,padLen:5,remainLen:672
SSH DEBUG: DEBUG: Parser: IN_PACKETDATA
SSH DEBUG: DEBUG: Parser: IN_PACKETDATAAFTER, packet: KEXINIT
SSH DEBUG: DEBUG: Comparing KEXINITs ...

But to be honest it seems like an argument could be made that supporting remote ident strings with all-whitespace softwareversion values is a "need" rather than a "nice-to-have" since it's not disallowed by the relevant RFC. Maybe?

The OpenSSH CLI client appears to not bother trying to distinguish between the softwareversion and optional comments at all:

https://github.com/openssh/openssh-portable/blob/V_8_9_P1/ssh_api.c#L383

image

For this particular server, OpenSSH logs:

debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
debug1: Remote protocol version 2.0, remote software version
debug1: compat_banner: no match:
debug2: fd 3 setting O_NONBLOCK

skyfireitdiy added a commit to skyfireitdiy/ssh2 that referenced this issue Nov 16, 2023
@skyfireitdiy
Fix mscdex#1118: Fix the regular expression in Protocol.js for handli…
4148056 
…ng ident information.

There is a scenario where some SSH servers return an ident of 'SSH-2.0-' which leads to the throwing of an 'Invalid identification string' exception. This commit addresses compatibility for this scenario.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
compatibility
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mscdex @ethanherbertson @daihang