Community discussions

 
ners
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

Possible bug in RouterOS's SSH server

Fri May 01, 2015 6:52 pm

I am using VanDyke's SecureFX for accessing my boxes via SFTP.
However SecureFX fails to connect to a Mikrotik RouterOS device. At some point the connection process just stops.

People at VanDyke say there is a bug with Mikrotik's SSH server: it is sending a packet with an invalid "request-id" value.

Could you (the Mikrotik guys) please look into this? It should not be very hard to fix.

SecureCRT/SecureFX are very popular among system and network engineers.

I have attached a log file reflecting this issue.
sfx_733_810_trace9_mikrotik.log
You do not have the required permissions to view the files attached to this post.
 
User avatar
DigitalBlueBiz
Trainer
Trainer
Posts: 33
Joined: Fri Mar 27, 2015 9:11 pm
Location: Brno, Czech Republic, Europe
Contact:

Re: Possible bug in RouterOS's SSH server

Sat May 02, 2015 12:13 am

Hi ners,
Mikrotik guys checks the forum quite often but your request can get lost due to high number of posts.
I strongly suggest you to send an email to support@mikrotik.com with your issue so it can get the correct attention.
If post is useful please "rate post positive"
--
Matteo Ferraroni
MTCNA - MTCWE - MTCTCE - MTCRE
Certified Trainer #TR0346
http://www.digital-blue.biz
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1290
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Possible bug in RouterOS's SSH server

Sat May 02, 2015 7:09 am

I would begin by looking at your path MTU. Every ssh / ssl issue I have dealt with has been caused by a path MTU being less than 1500. Check your interfaces, VPN's, bridges, everything. I use SecureFX on Windows boxes and Forklift on my Macs with no sftp issues at all.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
ners
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

Re: Possible bug in RouterOS's SSH server

Mon May 04, 2015 12:58 am

I contacted VanDyke's support and after an investigation they told me
the following:

> the SSH server is sending a packet with an invalid SFTP request ID.

> Here is the malformed packet SecureFX receives from the server: 00
> 00 00 2c 0d 5e 00 00 00 00 00 00 00 15 00 00 00 11 65 73 2d 6d 75 00
> 00 00 08 00 00 00 00 00 00 00 00
>
> The data suggests that the server is attempting to send an
> UNSUPPORTED message (00 00 00 08) in response to SecureFX's
> STAT/REALPATH request. But, the server supplies an invalid request
> ID (73 2d 6d 75), in violation of the SFTP protocol. Rather than
> assume or guess the server's intention, SecureFX terminates the
> connection.

So this doesn't look like an MTU problem (also WinSCP connects fine)

Who is online

Users browsing this forum: MSN [Bot] and 65 guests