perlssh has asked for the wisdom of the Perl Monks concerning the following question:

I upgraded my SSH Server to Openssh 7.1p1 to overcome security vulnerabilities. But now my perl scripts using Net::SSH have stopped working and they give a Protocol Error as follow:

Protocol error: expected packet type 91, got 80 at /auto/share/perl/5.8.6/lib/site_perl/5.8.6/Net/SSH/Perl/Packet.pm line 222 /

Here is the complete debug trace: 
: Reading configuration data /etc/ssh_config
: Allocated local port 1023.
: Connecting to 10.98.109.105, port 22.
: Remote version string: SSH-2.0-OpenSSH_7.1

: Remote protocol version 2.0, remote software version OpenSSH_7.1
: Net::SSH::Perl Version 1.42, protocol version 2.0.
: No compat match: OpenSSH_7.1
: Connection established.
: Sent key-exchange init (KEXINIT), wait response.
: Algorithms, c->s: 3des-cbc hmac-sha1 none
: Algorithms, s->c: 3des-cbc hmac-sha1 none
: Entering Diffie-Hellman Group 1 key exchange.
: Sent DH public key, waiting for reply.
: Received host key, type 'ssh-rsa'.
: Host '10.98.109.105' is known and matches the host key.
: Computing shared secret key.
: Verifying server signature.
: Send NEWKEYS.
: Waiting for NEWKEYS message.
: Enabling encryption/MAC/compression.
: Sending request for user-authentication service.
: Service accepted: ssh-userauth.
: Trying empty user-authentication request.
: Authentication methods that can continue: publickey,password,keyboar
+d-interactive.
: Next method to try is publickey.
: Next method to try is password.
: Trying password authentication.
: Login completed, opening dummy shell channel.
: channel 0: new [client-session]
: Requesting channel_open for channel 0.
Protocol error: expected packet type 91, got 80 at /auto/share/perl/5.
+8.6/lib/site_perl/5.8.6/Net/SSH/Perl/Packet.pm line 222
/

[download]

Can someone please help how to resolve this error?

Thanks!

Replies are listed 'Best First'.
Re: Net::SSH Protocol Error
by atcroft (Abbot) on Oct 13, 2015 at 21:56 UTC
[reply]
Re: Net::SSH Protocol Error
by salva (Canon) on Oct 14, 2015 at 06:10 UTC
[reply]
Debugging Net::SSH Protocol Error
by cmv (Chaplain) on Oct 07, 2016 at 15:24 UTC
    Monks-

    This error has been looming for quite a while, and it has just recently hit-the-fan for me.

    If anybody has a solution, please speak up.

    I am attempting to debug, and am using this note to document my progress. Any help or suggestions is much appreciated!

    -Craig

    I am running with perl v5.8.8 built for darwin using the following: 

    Module id = Net::SSH::Perl
    CPAN_USERID  SCHWIGON (Steffen Schwigon <schwigon@cpan.org>)
    CPAN_VERSION 2.01
    CPAN_FILE    S/SC/SCHWIGON/Net-SSH-Perl-2.01.tar.gz
    MANPAGE      Net::SSH::Perl - Perl client Interface to SSH
    INST_FILE    /opt/exp/perl/perl5.8/lib/site_perl/5.8.8/Net/SSH/Per
+l.pm
    INST_VERSION 1.34

    [download]
    The exact error message I get is as follows: 
    XS_Tk__Callback_Call error:Protocol error: expected packet type 91, go
+t 80 at /opt/exp/perl/perl5.8/lib/site_perl/5.8.8/Net/SSH/Perl/Packet
+.pm line 222

    [download]
    Read more... (2 kB)

    Checking out Packet.pm I see line 222 in the following: 

    217 sub read_expect {
218     my $class = shift;
219     my($ssh, $type) = @_;
220     my $pack = $class->read($ssh);
221     if ($pack->type != $type) {
222         $ssh->fatal_disconnect(sprintf
223           "Protocol error: expected packet type %d, got %d",
224             $type, $pack->type);
225     }
226     $pack;
227 }

    [download]
    It seems that read_expect() in this case is being called from here: 
    caller DUMP:
$VAR1 = 'Net::SSH::Perl::SSH2';
$VAR2 = '/opt/exp/perl/perl5.8/lib/site_perl/5.8.8/Net/SSH/Perl/SSH2.p
+m';
$VAR3 = 78;

    [download]
    Going to SSH2.pm shows line 78 to look like this: 
     65 sub login {
 66     my $ssh = shift;
 67     $ssh->SUPER::login(@_);
 68     my $suppress_shell = $_[2];
 69     $ssh->_login or $ssh->fatal_disconnect("Permission denied");
 70
 71     $ssh->debug("Login completed, opening dummy shell channel.");
 72     my $cmgr = $ssh->channel_mgr;
 73     my $channel = $cmgr->new_channel(
 74         ctype => 'session', local_window => 0,
 75         local_maxpacket => 0, remote_name => 'client-session');
 76     $channel->open;
 77
 78     my $packet = Net::SSH::Perl::Packet->read_expect($ssh,
 79         SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
 80     $cmgr->input_open_confirmation($packet);
 81
 82     unless ($suppress_shell) {
 83         $ssh->debug("Got channel open confirmation, requesting she
+ll.");
 84         $channel->request("shell", 0);
 85     }
 86 }

    [download]
    So we are in the process of logging in, and expecting to get a SSH2_MSG_CHANNEL_OPEN_CONFIRMATION (defined as 91 in constants.pm), but instead we are getting message 80, which is not defined in any of the Net:SSH:Perl code.

    Google points me here to see a list of messages and see that message 80 is: 

    80        SSH_MSG_GLOBAL_REQUEST

    [download]
    Okay, why the heck are we getting this message in the middle of login? More googling leads me to IETF which states: 
    4.  Global Requests

   There are several kinds of requests that affect the state of the
   remote end globally, independent of any channels.  An example is a
   request to start TCP/IP forwarding for a specific port.  Note that
   both the client and server MAY send global requests at any time, an
+d
   the receiver MUST respond appropriately.

    [download]
    Read more... (2 kB)

    Huh, interesting. I didn't know about SSH global requests, but why is it making Net::SSH::Perl barf now?

    More googling gets me to stackoverflow which seems to have a reasonable answer:

    The message 80 stands for SSH_MSG_GLOBAL_REQUEST.

    Modern versions of OpenSSH server use this generic message for various proprietary extensions of the SSH protocol.

    Most clients will/should silently ignore unrecognized messages. The SSH.NET does ignore the SSH_MSG_GLOBAL_REQUEST too, but it does not expect the message until an authentication completes.

    Unfortunately it seems that OpenSSH sends some of these (maybe the hostkeys-prove-00@openssh.com) even before the authentication.

    The problem has been fixed in SSH.NET 2016.0.0-beta1. See Issue #8.

    So it seems that a good hack might be to get Net::SSH::Perl to simply ignore all of these global requests.

    Does that sound right? Any better suggestions?

[reply]
[d/l]
[select]
[reply]
        Mr. Muskrat++

        Thanks for the pointer. You are correct - I am not on version 2.01 as I thought.

        Looking at the 2.01 code, they already have a fix in place for this issue.

        I'm glad it was fixed!

        -Craig

[reply]
      Folks-

      This is a quick hack that seems to be working for me.

      Suggestions on a better one would be welcome!

      Thanks

      -Craig

      Editing .../Net/SSH/Perl/Packet.pm: 

      217 sub read_expect {
218     my $class = shift;
219     my($ssh, $type) = @_;
220     my $pack = $class->read($ssh);
221     while($pack->type == 80) {          # CMV Hack start vvvv
222 print STDERR "IGNORING GLOBAL MESSAGE...";
223        $pack = $class->read($ssh);
224 print STDERR " NEXT MESSAGE IS: ", $pack->type, "\n";
225     }                                   # CMV Hack end ^^^^
226     if ($pack->type != $type) {
227         $ssh->fatal_disconnect(sprintf
228           "Protocol error: expected packet type %d, got %d",
229             $type, $pack->type);
230     }
231     $pack;
232 }

      [download]
[reply]
[d/l]
Re: Net::SSH Protocol Error
by klongfel (Initiate) on Feb 19, 2016 at 18:54 UTC
    Hi, I have the same issue and have not been able to resolve it after looking at the OpenSSH links. Were you able to resolve this? If so how? Thanks, Kevin
[reply]

Back to Seekers of Perl Wisdom