phpseclib: SFTP login 'size error' (works with openssh; logs included)

Hi,

Thank you for your work on phpseclib over the years. I’m using the latest 1.0 branch version (1.0.7).

We’ve had a couple of users recently reporting failure to login. The error message they get is:

* PHP event: code E_USER_NOTICE: Invalid size (line 3157, phpseclib/phpseclib/phpseclib/Net/SSH2.php)
* PHP event: code E_USER_NOTICE: Connection closed by server (line 2095, phpseclib/phpseclib/phpseclib/Net/SSH2.php)

One of them has given me login credentials, allowing me to confirm the error, test with openssh, and get phpseclib logs.

His SFTP server software is ProFTPD Version 1.3.6 with mod_sftp (mod_sftp is mentioned in the log below; he informed me of the other information).

Here is the (anonymised) openssh debug log for a successful login (I can also do other normal operations after login):

$ sftp -v username@host.example.com    
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data $HOME/.ssh/config
debug1: $HOME/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 2: include /etc/crypto-policies/back-ends/openssh.config matched no files
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "$HOME/.ssh/master-username@host.example.com:22" does not exist
debug1: Connecting to host.example.com [111.222.333.444] port 22.
debug1: Connection established.
debug1: identity file $HOME/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file $HOME/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file $HOME/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file $HOME/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file $HOME/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file $HOME/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file $HOME/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file $HOME/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version mod_sftp
debug1: no match: mod_sftp
debug1: Authenticating to host.example.com:22 as 'username'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: kex: ecdh-sha2-nistp256 need=16 dh_need=16
debug1: kex: ecdh-sha2-nistp256 need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:EMlfI8(snip)
debug1: Host 'host.example.com' is known and matches the RSA host key.
debug1: Found key in $HOME/.ssh/known_hosts:311
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: $HOME/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 533
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: $HOME/.ssh/id_dsa
debug1: Trying private key: $HOME/.ssh/id_ecdsa
debug1: Trying private key: $HOME/.ssh/id_ed25519
debug1: Next authentication method: password
username@host.example.com's password: 
debug1: Authentication succeeded (password).
Authenticated to host.example.com ([111.222.333.444]:22).
debug1: setting up multiplex master socket
debug1: channel 0: new [$HOME/.ssh/username@host.example.com:22]
debug1: channel 1: new [client-session]
debug1: Entering interactive session.
debug1: pledge: id
debug1: Sending environment.
debug1: Sending subsystem: sftp
Connected to host.example.com.
sftp>

And here is what is logged by NET_SSH2_LOG_COMPLEX:

00000000  53:53:48:2d:32:2e:30:2d:6d:6f:64:5f:73:66:74:70  SSH-2.0-mod_sftp
00000010  0d:0a                                            ..
->
00000000  53:53:48:2d:32:2e:30:2d:70:68:70:73:65:63:6c:69  SSH-2.0-phpsecli
00000010  62:5f:31:2e:30:20:28:6f:70:65:6e:73:73:6c:2c:20  b_1.0 (openssl, 
00000020  67:6d:70:29:0d:0a                                gmp)..
<- NET_SSH2_MSG_KEXINIT (since last: 0.6799, network: 0.0001s)
00000000  8a:7a:9f:91:40:3a:06:a1:0d:77:4d:44:c0:7b:2d:3d  .z..@:...wMD.{-=
00000010  00:00:01:03:65:63:64:68:2d:73:68:61:32:2d:6e:69  ....ecdh-sha2-ni
00000020  73:74:70:35:32:31:2c:65:63:64:68:2d:73:68:61:32  stp521,ecdh-sha2
00000030  2d:6e:69:73:74:70:33:38:34:2c:65:63:64:68:2d:73  -nistp384,ecdh-s
00000040  68:61:32:2d:6e:69:73:74:70:32:35:36:2c:64:69:66  ha2-nistp256,dif
00000050  66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75  fie-hellman-grou
00000060  70:31:38:2d:73:68:61:35:31:32:2c:64:69:66:66:69  p18-sha512,diffi
00000070  65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:31  e-hellman-group1
00000080  36:2d:73:68:61:35:31:32:2c:64:69:66:66:69:65:2d  6-sha512,diffie-
00000090  68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:31:34:2d  hellman-group14-
000000a0  73:68:61:32:35:36:2c:64:69:66:66:69:65:2d:68:65  sha256,diffie-he
000000b0  6c:6c:6d:61:6e:2d:67:72:6f:75:70:2d:65:78:63:68  llman-group-exch
000000c0  61:6e:67:65:2d:73:68:61:32:35:36:2c:64:69:66:66  ange-sha256,diff
000000d0  69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70  ie-hellman-group
000000e0  2d:65:78:63:68:61:6e:67:65:2d:73:68:61:31:2c:64  -exchange-sha1,d
000000f0  69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72  iffie-hellman-gr
00000100  6f:75:70:31:34:2d:73:68:61:31:2c:72:73:61:31:30  oup14-sha1,rsa10
00000110  32:34:2d:73:68:61:31:00:00:00:0f:73:73:68:2d:72  24-sha1....ssh-r
00000120  73:61:2c:73:73:68:2d:64:73:73:00:00:00:8f:61:65  sa,ssh-dss....ae
00000130  73:32:35:36:2d:63:74:72:2c:61:65:73:31:39:32:2d  s256-ctr,aes192-
00000140  63:74:72:2c:61:65:73:31:32:38:2d:63:74:72:2c:61  ctr,aes128-ctr,a
00000150  65:73:32:35:36:2d:63:62:63:2c:61:65:73:31:39:32  es256-cbc,aes192
00000160  2d:63:62:63:2c:61:65:73:31:32:38:2d:63:62:63:2c  -cbc,aes128-cbc,
00000170  62:6c:6f:77:66:69:73:68:2d:63:74:72:2c:62:6c:6f  blowfish-ctr,blo
00000180  77:66:69:73:68:2d:63:62:63:2c:63:61:73:74:31:32  wfish-cbc,cast12
00000190  38:2d:63:62:63:2c:61:72:63:66:6f:75:72:32:35:36  8-cbc,arcfour256
000001a0  2c:61:72:63:66:6f:75:72:31:32:38:2c:33:64:65:73  ,arcfour128,3des
000001b0  2d:63:74:72:2c:33:64:65:73:2d:63:62:63:00:00:00  -ctr,3des-cbc...
000001c0  8f:61:65:73:32:35:36:2d:63:74:72:2c:61:65:73:31  .aes256-ctr,aes1
000001d0  39:32:2d:63:74:72:2c:61:65:73:31:32:38:2d:63:74  92-ctr,aes128-ct
000001e0  72:2c:61:65:73:32:35:36:2d:63:62:63:2c:61:65:73  r,aes256-cbc,aes
000001f0  31:39:32:2d:63:62:63:2c:61:65:73:31:32:38:2d:63  192-cbc,aes128-c
00000200  62:63:2c:62:6c:6f:77:66:69:73:68:2d:63:74:72:2c  bc,blowfish-ctr,
00000210  62:6c:6f:77:66:69:73:68:2d:63:62:63:2c:63:61:73  blowfish-cbc,cas
00000220  74:31:32:38:2d:63:62:63:2c:61:72:63:66:6f:75:72  t128-cbc,arcfour
00000230  32:35:36:2c:61:72:63:66:6f:75:72:31:32:38:2c:33  256,arcfour128,3
00000240  64:65:73:2d:63:74:72:2c:33:64:65:73:2d:63:62:63  des-ctr,3des-cbc
00000250  00:00:00:7f:68:6d:61:63:2d:73:68:61:32:2d:32:35  ....hmac-sha2-25
00000260  36:2c:68:6d:61:63:2d:73:68:61:32:2d:35:31:32:2c  6,hmac-sha2-512,
00000270  68:6d:61:63:2d:73:68:61:31:2c:68:6d:61:63:2d:73  hmac-sha1,hmac-s
00000280  68:61:31:2d:39:36:2c:68:6d:61:63:2d:6d:64:35:2c  ha1-96,hmac-md5,
00000290  68:6d:61:63:2d:6d:64:35:2d:39:36:2c:68:6d:61:63  hmac-md5-96,hmac
000002a0  2d:72:69:70:65:6d:64:31:36:30:2c:75:6d:61:63:2d  -ripemd160,umac-
000002b0  36:34:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:75  64@openssh.com,u
000002c0  6d:61:63:2d:31:32:38:40:6f:70:65:6e:73:73:68:2e  mac-128@openssh.
000002d0  63:6f:6d:00:00:00:7f:68:6d:61:63:2d:73:68:61:32  com....hmac-sha2
000002e0  2d:32:35:36:2c:68:6d:61:63:2d:73:68:61:32:2d:35  -256,hmac-sha2-5
000002f0  31:32:2c:68:6d:61:63:2d:73:68:61:31:2c:68:6d:61  12,hmac-sha1,hma
00000300  63:2d:73:68:61:31:2d:39:36:2c:68:6d:61:63:2d:6d  c-sha1-96,hmac-m
00000310  64:35:2c:68:6d:61:63:2d:6d:64:35:2d:39:36:2c:68  d5,hmac-md5-96,h
00000320  6d:61:63:2d:72:69:70:65:6d:64:31:36:30:2c:75:6d  mac-ripemd160,um
00000330  61:63:2d:36:34:40:6f:70:65:6e:73:73:68:2e:63:6f  ac-64@openssh.co
00000340  6d:2c:75:6d:61:63:2d:31:32:38:40:6f:70:65:6e:73  m,umac-128@opens
00000350  73:68:2e:63:6f:6d:00:00:00:04:6e:6f:6e:65:00:00  sh.com....none..
00000360  00:04:6e:6f:6e:65:00:00:00:00:00:00:00:00:00:00  ..none..........
00000370  00:00:00                                         ...
-> NET_SSH2_MSG_KEXINIT (since last: 0.0009, network: 0.0001s)
00000000  a8:61:50:4e:57:25:73:79:81:4e:e3:03:3a:e2:90:3f  .aPNW%sy.N..:..?
00000010  00:00:00:7e:64:69:66:66:69:65:2d:68:65:6c:6c:6d  ...~diffie-hellm
00000020  61:6e:2d:67:72:6f:75:70:31:2d:73:68:61:31:2c:64  an-group1-sha1,d
00000030  69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72  iffie-hellman-gr
00000040  6f:75:70:31:34:2d:73:68:61:31:2c:64:69:66:66:69  oup14-sha1,diffi
00000050  65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:2d  e-hellman-group-
00000060  65:78:63:68:61:6e:67:65:2d:73:68:61:31:2c:64:69  exchange-sha1,di
00000070  66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f  ffie-hellman-gro
00000080  75:70:2d:65:78:63:68:61:6e:67:65:2d:73:68:61:32  up-exchange-sha2
00000090  35:36:00:00:00:0f:73:73:68:2d:72:73:61:2c:73:73  56....ssh-rsa,ss
000000a0  68:2d:64:73:73:00:00:00:e9:61:72:63:66:6f:75:72  h-dss....arcfour
000000b0  32:35:36:2c:61:72:63:66:6f:75:72:31:32:38:2c:61  256,arcfour128,a
000000c0  65:73:31:32:38:2d:63:74:72:2c:61:65:73:31:39:32  es128-ctr,aes192
000000d0  2d:63:74:72:2c:61:65:73:32:35:36:2d:63:74:72:2c  -ctr,aes256-ctr,
000000e0  74:77:6f:66:69:73:68:31:32:38:2d:63:74:72:2c:74  twofish128-ctr,t
000000f0  77:6f:66:69:73:68:31:39:32:2d:63:74:72:2c:74:77  wofish192-ctr,tw
00000100  6f:66:69:73:68:32:35:36:2d:63:74:72:2c:61:65:73  ofish256-ctr,aes
00000110  31:32:38:2d:63:62:63:2c:61:65:73:31:39:32:2d:63  128-cbc,aes192-c
00000120  62:63:2c:61:65:73:32:35:36:2d:63:62:63:2c:74:77  bc,aes256-cbc,tw
00000130  6f:66:69:73:68:31:32:38:2d:63:62:63:2c:74:77:6f  ofish128-cbc,two
00000140  66:69:73:68:31:39:32:2d:63:62:63:2c:74:77:6f:66  fish192-cbc,twof
00000150  69:73:68:32:35:36:2d:63:62:63:2c:74:77:6f:66:69  ish256-cbc,twofi
00000160  73:68:2d:63:62:63:2c:62:6c:6f:77:66:69:73:68:2d  sh-cbc,blowfish-
00000170  63:74:72:2c:62:6c:6f:77:66:69:73:68:2d:63:62:63  ctr,blowfish-cbc
00000180  2c:33:64:65:73:2d:63:74:72:2c:33:64:65:73:2d:63  ,3des-ctr,3des-c
00000190  62:63:00:00:00:e9:61:72:63:66:6f:75:72:32:35:36  bc....arcfour256
000001a0  2c:61:72:63:66:6f:75:72:31:32:38:2c:61:65:73:31  ,arcfour128,aes1
000001b0  32:38:2d:63:74:72:2c:61:65:73:31:39:32:2d:63:74  28-ctr,aes192-ct
000001c0  72:2c:61:65:73:32:35:36:2d:63:74:72:2c:74:77:6f  r,aes256-ctr,two
000001d0  66:69:73:68:31:32:38:2d:63:74:72:2c:74:77:6f:66  fish128-ctr,twof
000001e0  69:73:68:31:39:32:2d:63:74:72:2c:74:77:6f:66:69  ish192-ctr,twofi
000001f0  73:68:32:35:36:2d:63:74:72:2c:61:65:73:31:32:38  sh256-ctr,aes128
00000200  2d:63:62:63:2c:61:65:73:31:39:32:2d:63:62:63:2c  -cbc,aes192-cbc,
00000210  61:65:73:32:35:36:2d:63:62:63:2c:74:77:6f:66:69  aes256-cbc,twofi
00000220  73:68:31:32:38:2d:63:62:63:2c:74:77:6f:66:69:73  sh128-cbc,twofis
00000230  68:31:39:32:2d:63:62:63:2c:74:77:6f:66:69:73:68  h192-cbc,twofish
00000240  32:35:36:2d:63:62:63:2c:74:77:6f:66:69:73:68:2d  256-cbc,twofish-
00000250  63:62:63:2c:62:6c:6f:77:66:69:73:68:2d:63:74:72  cbc,blowfish-ctr
00000260  2c:62:6c:6f:77:66:69:73:68:2d:63:62:63:2c:33:64  ,blowfish-cbc,3d
00000270  65:73:2d:63:74:72:2c:33:64:65:73:2d:63:62:63:00  es-ctr,3des-cbc.
00000280  00:00:39:68:6d:61:63:2d:73:68:61:32:2d:32:35:36  ..9hmac-sha2-256
00000290  2c:68:6d:61:63:2d:73:68:61:31:2d:39:36:2c:68:6d  ,hmac-sha1-96,hm
000002a0  61:63:2d:73:68:61:31:2c:68:6d:61:63:2d:6d:64:35  ac-sha1,hmac-md5
000002b0  2d:39:36:2c:68:6d:61:63:2d:6d:64:35:00:00:00:39  -96,hmac-md5...9
000002c0  68:6d:61:63:2d:73:68:61:32:2d:32:35:36:2c:68:6d  hmac-sha2-256,hm
000002d0  61:63:2d:73:68:61:31:2d:39:36:2c:68:6d:61:63:2d  ac-sha1-96,hmac-
000002e0  73:68:61:31:2c:68:6d:61:63:2d:6d:64:35:2d:39:36  sha1,hmac-md5-96
000002f0  2c:68:6d:61:63:2d:6d:64:35:00:00:00:04:6e:6f:6e  ,hmac-md5....non
00000300  65:00:00:00:04:6e:6f:6e:65:00:00:00:00:00:00:00  e....none.......
00000310  00:00:00:00:00:00                                ......
-> NET_SSH2_MSG_KEXDH_INIT (since last: 0.0088, network: 0s)
00000000  00:00:01:01:00:ed:47:82:4b:50:3e:a2:12:34:0a:de  ......G.KP>..4..
00000010  e7:4d:b9:aa:ae:92:91:a9:c6:a2:bd:00:08:80:2b:09  .M............+.
00000020  5a:ed:d5:bd:01:28:79:80:17:7a:63:28:d1:07:37:59  Z....(y..zc(..7Y
00000030  c4:ff:5f:af:74:03:ee:3d:eb:2f:ca:b6:de:b2:b5:29  .._.t..=./.....)
00000040  5b:dc:ea:ee:40:68:64:53:ac:02:10:6f:e3:11:da:26  [...@hdS...o...&
00000050  c3:8b:4b:42:b8:56:df:59:33:e5:1a:9c:bd:dd:04:66  ..KB.V.Y3......f
00000060  99:3f:71:00:2a:55:6e:b4:83:20:9e:e1:83:08:96:cb  .?q.*Un.. ......
00000070  05:c7:ae:f8:7e:bc:f2:59:00:af:d6:4d:7a:24:82:db  ....~..Y...Mz$..
00000080  d8:87:b3:b2:93:c7:60:0a:a0:69:f5:9c:ef:4d:f8:34  ......`..i...M.4
00000090  7b:49:f4:4d:3e:a4:da:9f:d4:22:bc:8a:60:8e:21:91  {I.M>...."..`.!.
000000a0  04:b6:9a:c1:fa:91:19:27:7b:b9:21:4f:61:c5:19:28  .......'{.!Oa..(
000000b0  90:02:65:c9:af:c5:8e:34:e5:05:87:7d:fe:61:1d:46  ..e....4...}.a.F
000000c0  61:65:07:81:54:bc:6b:1e:cc:16:48:bf:4c:43:ce:67  ae..T.k...H.LC.g
000000d0  94:5a:b8:74:cc:d3:c6:d8:12:b1:cf:fe:49:47:0c:0d  .Z.t........IG..
000000e0  fc:71:2c:b4:4a:5d:55:47:04:2e:4b:b9:49:82:68:27  .q,.J]UG..K.I.h'
000000f0  b3:e9:0f:6b:9a:0d:c3:74:9b:3e:6a:1a:06:58:9f:6d  ...k...t.>j..X.m
00000100  96:29:4f:a5:af                                   .)O..
<- NET_SSH2_MSG_KEXDH_REPLY (since last: 0.5022, network: 0.5021s)
00000000  00:00:01:15:00:00:00:07:73:73:68:2d:72:73:61:00  ........ssh-rsa.
00000010  00:00:01:23:00:00:01:01:00:e4:40:79:a7:fe:47:a7  ...#......@y..G.
00000020  78:46:5b:5a:07:a2:4f:8f:20:e1:fd:3d:b9:fb:72:75  xF[Z..O. ..=..ru
00000030  22:1a:65:04:06:b0:95:8e:70:30:f8:7a:ca:c8:df:1b  ".e.....p0.z....
00000040  61:55:74:74:81:a5:96:cc:18:5f:09:06:ff:e6:e0:88  aUtt....._......
00000050  19:44:e8:85:48:04:0a:be:27:05:56:bb:54:ac:b3:72  .D..H...'.V.T..r
00000060  9a:ac:76:37:3a:f1:49:51:76:68:67:24:51:83:f1:9c  ..v7:.IQvhg$Q...
00000070  ff:e2:d1:08:4e:e5:c8:aa:70:59:0e:f4:75:b7:a5:19  ....N...pY..u...
00000080  1c:b2:24:51:f7:e9:e3:6f:eb:24:97:a1:46:2d:1a:4c  ..$Q...o.$..F-.L
00000090  25:53:92:15:68:73:c0:a4:ec:5e:e0:b1:cf:65:af:ea  %S..hs...^...e..
000000a0  85:24:5b:3e:8d:a1:c2:88:74:a2:b0:ad:81:e8:d1:79  .$[>....t......y
000000b0  b3:6d:5b:99:e5:c7:4d:03:34:58:2c:be:7f:12:bf:3d  .m[...M.4X,....=
000000c0  9c:21:82:f1:b0:f5:73:2a:05:31:b3:c6:71:b3:18:27  .!....s*.1..q..'
000000d0  f9:0f:d4:bd:1e:ee:ab:80:1b:02:1c:81:30:bc:6f:ec  ............0.o.
000000e0  38:c9:d6:97:3b:3c:9a:1c:b9:39:e8:d9:1c:3d:b8:c6  8...;....9...=..
000000f0  62:d6:09:23:6e:79:a2:3a:1e:93:4d:72:04:59:b9:eb  b..#ny.:..Mr.Y..
00000100  a3:22:21:c1:cf:39:e7:9b:ad:a3:d9:9e:94:45:26:58  ."!..9.......E&X
00000110  d4:3e:0b:e3:f0:00:af:8c:3f:00:00:01:00:58:de:46  .>......?....X.F
00000120  45:c4:0b:96:28:ee:c5:45:d5:5e:bc:96:20:c0:55:57  E...(..E.^.. .UW
00000130  3c:96:22:ed:7d:53:8b:e9:63:2c:8f:9b:c1:3a:ee:91  ..".}S..c,...:..
00000140  31:25:98:e8:7c:48:4f:ef:48:bc:37:6e:8d:75:c0:86  1%..|HO.H.7n.u..
00000150  99:49:f0:66:43:db:ec:e8:ea:23:bd:d8:1f:92:89:77  .I.fC....#.....w
00000160  7a:34:bf:f4:7d:4a:a2:9f:60:bf:3b:35:9c:d5:8f:59  z4..}J..`.;5...Y
00000170  b9:5a:0f:23:38:93:08:a7:2c:18:03:43:f6:52:49:e3  .Z.#8...,..C.RI.
00000180  82:0e:6e:9b:0b:39:8d:f4:9d:d6:d7:5f:86:9f:28:3f  ..n..9....._..(?
00000190  2d:4c:41:e0:b2:6f:ea:5a:e1:0e:0d:7f:da:d8:43:8b  -LA..o.Z......C.
000001a0  bc:50:bb:93:ae:24:1f:1d:63:b3:50:f2:a7:98:56:76  .P...$..c.P...Vv
000001b0  0a:09:9b:f7:d3:6d:97:cf:de:9c:b2:dd:6e:4a:91:8b  .....m......nJ..
000001c0  cb:be:9f:92:c0:f6:d7:f4:46:d8:84:7f:56:6e:1e:78  ........F...Vn.x
000001d0  32:e3:e4:86:3c:67:ff:aa:e7:78:b0:d1:23:87:e3:cf  2....g...x..#...
000001e0  70:ca:bb:3e:0a:af:9e:9f:95:73:09:5c:4c:dc:40:65  p..>.....s.\L.@e
000001f0  9d:70:70:cc:9c:f2:ed:3e:90:9d:09:39:60:e2:a1:36  .pp....>...9`..6
00000200  7e:e7:2b:78:09:da:50:3f:ad:14:db:d9:e9:f5:4c:16  ~.+x..P?......L.
00000210  a7:87:5b:99:79:21:b1:18:33:af:db:c9:29:00:00:01  ..[.y!..3...)...
00000220  0f:00:00:00:07:73:73:68:2d:72:73:61:00:00:01:00  .....ssh-rsa....
00000230  5d:8c:90:ce:7b:3d:ad:ff:61:6e:e4:3b:b1:cb:9b:4b  ]...{=..an.;...K
00000240  4f:94:3f:b0:47:10:1d:89:98:5b:21:41:96:00:12:76  O.?.G....[!A...v
00000250  e3:b0:cc:44:54:c2:89:8e:db:df:cd:24:88:dd:43:49  ...DT......$..CI
00000260  af:29:eb:07:f3:19:3a:b8:7b:b6:5f:2d:08:65:73:fb  .)....:.{._-.es.
00000270  d2:f5:e8:c7:32:63:3b:b7:8a:f8:ec:74:95:51:b6:68  ....2c;....t.Q.h
00000280  33:d4:0b:b6:3b:d3:9a:a3:cd:6f:21:20:b6:13:0c:13  3...;....o! ....
00000290  30:0b:3b:f4:86:4e:b8:6f:c1:42:c1:6c:fe:19:a6:c1  0.;..N.o.B.l....
000002a0  b3:1b:46:39:65:9b:c1:63:bf:bb:fb:55:3b:1f:ee:e7  ..F9e..c...U;...
000002b0  dd:92:9d:85:dc:3c:e2:e9:f5:de:c8:8d:7b:06:25:a1  ............{.%.
000002c0  86:b8:2a:bc:46:df:0a:0c:97:a7:93:d8:db:a0:27:a7  ..*.F.........'.
000002d0  b0:24:3b:e1:a2:2f:a4:f5:fe:d3:f5:04:3e:64:8e:ed  .$;../......>d..
000002e0  de:67:68:7a:6c:78:c4:05:5f:15:fd:dc:55:87:de:72  .ghzlx.._...U..r
000002f0  18:95:73:8d:3c:30:65:03:af:22:71:63:ea:40:46:0d  ..s..0e.."qc.@F.
00000300  de:1a:d8:f1:95:45:9f:23:fd:9d:cc:3f:40:f2:0e:97  .....E.#...?@...
00000310  8c:e1:2f:98:bf:87:3c:b8:19:0d:f8:c7:a6:62:67:c0  ../..........bg.
00000320  a3:ec:5c:f0:f6:ba:f5:d7:75:78:4f:12:47:7a:e0:ba  ..\.....uxO.Gz..
-> NET_SSH2_MSG_NEWKEYS (since last: 0.0008, network: 0s)
                                                 
<- NET_SSH2_MSG_NEWKEYS (since last: 0, network: 0s)
                                                 
-> NET_SSH2_MSG_SERVICE_REQUEST (since last: 0.0017, network: 0s)
00000000  00:00:00:0c:73:73:68:2d:75:73:65:72:61:75:74:68  ....ssh-userauth

About this issue

Original URL
State: closed
Created 7 years ago
Comments: 20 (18 by maintainers)

Commits related to this issue

SSH2: workaround for bad arcfour256 implementations — committed to phpseclib/phpseclib by terrafrost 7 years ago

Most upvoted comments

when phpseclib attempts to connect, then it only supports weak ciphers, which their server does not support

The server administrator is an idiot, serving up FUD.

phpseclib supports ECDH if you have libsodium installed. It doesn’t currently support chacha20-poly1305@openssh.com but then again your server doesn’t either.

The best symmetric cipher that phpseclib supports is AES and it supports it in every mode save for GCM (just as with PuTTY) and, guess what, the server supports the AES algorithms too.

phpseclib does support “weak” ciphers like arcfour256 but, then again, so does the server. In fact, there-in probably lies the problem.

Anyway, try this:

#
#-----[ OPEN ]------------------------------------------
#
Net/SSH2.php
#
#-----[ FIND ]------------------------------------------
#
        $encryption_algorithms = array(
            // from <http://tools.ietf.org/html/rfc4345#section-4>:
            'arcfour256',
            'arcfour128',
#
#-----[ REPLACE WITH ]----------------------------------
#
        $encryption_algorithms = array(
            // from <http://tools.ietf.org/html/rfc4345#section-4>:
            //'arcfour256',
            //'arcfour128',

ie. the server says it supports arcfour256 and arcfour128 but it really doesn’t. What it supports is a buggy implementation of those algorithms.

terrafrost on Aug 25, 2017