SFTP with curl and libssh2

mangOH Yellow
1

Hi,

I rebuilt mangoh yellow image following this link: Rebuild Yocto for wp77xx
I could add 3dparty libraries and all but now I’m facing a problem with SFTP on curl and libssh2.
Curl has been built with libssh2 in order to support SFTP.

When I try to connect to my sftp server I’m always getting the error: “Failure establishing ssh session” corresponding to libssh2 error code -43 and error 2 on curl.
This error happens when calling libssh2_session_handshake function.

Here logs on sftp server side:
Aug 4 11:45:36 ubuntu sshd[26729]: debug3: fd 5 is not O_NONBLOCK
Aug 4 11:45:36 ubuntu sshd[26729]: debug1: Forked child 26853.
Aug 4 11:45:36 ubuntu sshd[26729]: debug3: send_rexec_state: entering fd = 8 config len 1016
Aug 4 11:45:36 ubuntu sshd[26729]: debug3: ssh_msg_send: type 0
Aug 4 11:45:36 ubuntu sshd[26729]: debug3: send_rexec_state: done
Aug 4 11:45:36 ubuntu sshd[26853]: debug3: oom_adjust_restore
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: Set /proc/self/oom_score_adj to 0
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: inetd sockets after dupping: 3, 3
Aug 4 11:45:36 ubuntu sshd[26853]: Connection from 192.168.2.2 port 44066 on 192.168.2.3 port 22
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: Client protocol version 2.0; client software version libssh2_1.7.0
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: no match: libssh2_1.7.0
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: Enabling compatibility mode for protocol 2.0
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
Aug 4 11:45:36 ubuntu sshd[26853]: debug2: fd 3 setting O_NONBLOCK
Aug 4 11:45:36 ubuntu sshd[26853]: debug2: Network child is on pid 26854
Aug 4 11:45:36 ubuntu sshd[26853]: debug3: preauth child monitor started
Aug 4 11:45:36 ubuntu sshd[26853]: debug3: privsep user:group 121:65534 [preauth]
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: permanently_set_uid: 121/65534 [preauth]
Aug 4 11:45:36 ubuntu sshd[26853]: debug3: list_hostkey_types: ssh-dss key not permitted by HostkeyAlgorithms [preauth]
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Aug 4 11:45:36 ubuntu sshd[26853]: debug3: send packet: type 20 [preauth]
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Aug 4 11:45:36 ubuntu sshd[26853]: Connection reset by 192.168.2.2 port 44066 [preauth]
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: do_cleanup [preauth]
Aug 4 11:45:36 ubuntu sshd[26853]: debug3: PAM: sshpam_thread_cleanup entering [preauth]
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: monitor_read_log: child log fd closed
Aug 4 11:45:36 ubuntu sshd[26853]: debug3: mm_request_receive entering
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: do_cleanup
Aug 4 11:45:36 ubuntu sshd[26853]: debug3: PAM: sshpam_thread_cleanup entering
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: Killing privsep child 26854
Aug 4 11:45:36 ubuntu sshd[26853]: debug1: audit_event: unhandled event 12

Mangoh yellow versions:
Curl version is 7.61.0
Libssh2 version is 1.8.0, I also tried with 1.7.0 but same result.
Openssl version is 1.0.2p

This works fine on a wp85 with R14 and R16.1, It also works fine trying to connect to SFTP server from another PC.

Any idea on where is coming this behavior on wp7702 and maybe how to correct it ?
Hope somebody can help.

Best regards

2

Have you tried to shut down the firewall of the module?

iptables -I INPUT -j ACCEPT

3

Thanks for your reply.

I tried but it’s still the same behavior.
As I can ssh to server without problem I’m not really sure it can be related to firewall.

Regards

4

Aug 4 11:45:36 ubuntu sshd[26853]: Connection reset by 192.168.2.2 port 44066 [preauth]

You might meed to use wireshark to see what happens

Also, can you enable the ssh and sftp debug logging on module side?

Another suggestion is to do the following on server side:
sudo dpkg-reconfigure openssh-server

5

You will find my wireshark log here: https://we.tl/t-WDKO0SBFlF

Here logs from from curl:

root@0F0DC352653090226333:~# curl -k -u test:testpwd sftp://192.168.2.3/upload/test.txt -o /tmp/monFichier -v

  • Trying 192.168.2.3…
  • TCP_NODELAY set
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed
    0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0* Connected to 192.168.2.3 (192.168.2.3) port 22 (#0)
  • Failure establishing ssh session
    0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0
    0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0
  • Closing connection 0
    curl: (2) Failure establishing ssh session

Can’t have logs from ssh unless rebuilding dropbear if my research was right. i’m going to try rebuilding it with required option(s).

No change after trying dpkg-reconfigure.

Regards

6

seems to be a known issue:

not sure if that works if you replace the libssh2 library of WP76 module by that of WP85 in /usr/lib/

7

Here I have copied the binary from FX30, but still no luck …

mkdir /tmp/tmp_usr_lib;mkdir /tmp/tmp_usr_lib_wr;
mount -t overlay overlay /usr/lib -o lowerdir=/usr/lib,upperdir=/tmp/tmp_usr_lib,workdir=/tmp/tmp_usr_lib_wr;

cp /tmp/libssh2.so.1.0.1 /usr/lib/
cp /tmp/libssl.so.1.0.0 /usr/lib/
cp /tmp/libcrypto.so.1.0.0 /usr/lib/

cp /tmp/libcurl.so.5 /usr/lib/
cp /tmp/libgnutls.so.28 /usr/lib/
cp /tmp/libnettle.so.4 /usr/lib/
cp /tmp/libhogweed.so.2 /usr/lib/
cp /tmp/libgmp.so.10 /usr/lib/

/tmp/curl -k -u tester:123456 sftp://xxx.xxx.xxx.xxx:5050/teraterm.log -o /tmp/teraterm.log -v

8

In this topic, it says that “Officially we don’t support SFTP” but if I’m not wrong from what I know this can’t be related to a WP. SFTP should only depend on embedded libraries from the Linux image.
If it’s possible to ssh to somewhere else it should be possible to do SFTP too.
But maybe I’m missing something.

I already tried to use same libraries versions as on WP85 to WP76 for libssh2 and openssl but without success. The behavior was still the same.

If I’m not mistaking, it should not be possible to use crosscompile libraries from WP85 to WP77 as architectures are different.

Regards

9

Here some logs from libssh2 recipe version 1.9.0:
[libssh2] 0.382262 Conn: Setting blocking mode ON
[libssh2] 0.383710 Transport: session_startup for socket 3
[libssh2] 0.385272 Transport: Sending Banner: SSH-2.0-libssh2_1.9.0
[libssh2] 0.386620 Socket: Sent 23/23 bytes at 0xb6f85164+0
[libssh2] 0.387403 Socket: Error recving 1 bytes: 22
[libssh2] 0.387487 Failure Event: -43 - Failed getting banner
Failure establishing SSH session: -43

I will dig into this

10

not sure if this is related.