Getting odd error in SSH server OnClientError event

Discussion of open issues, suggestions and bugs regarding network security and data protection solution - SecureBridge
Post Reply
snorkel
Posts: 384
Joined: Tue 08 Aug 2006 15:10
Location: Milwaukee WI USA

Getting odd error in SSH server OnClientError event

Post by snorkel » Thu 04 Jan 2018 20:45

I have been getting this odd error in the OnClientError in the SSH server:

SSH Client(0.0.0.0:519) ERROR for user:N/A:Authentication failed

The last part after the : is the error from the server the other stuff I pull from the ClientInfo: TScSSHClientInfo passed to the event.

the ClientInfo object has a port and a 0.0.0.0 IP address which is odd as that's the listening IP address i.e. listen on all interfaces.

Anyone have any idea on how to figure out what is causing this? Right around this time we do get 3 valid connections from a particular user account.

ViktorV
Devart Team
Posts: 2414
Joined: Wed 30 Jul 2014 07:16

Re: Getting odd error in SSH server OnClientError event

Post by ViktorV » Fri 05 Jan 2018 15:35

Unfortunately, we could not reproduce this case when client IP equals 0.0.0.0 in the OnClientError event handler. TClientInfo.SockAddr specifies the IP and port of the client. To get the IP and port of the client in the OnClientError event handler, you can use the following code:

Code: Select all

procedure TSSHServerFrame.ScSSHServerClientError(Sender: TObject;
  ClientInfo: TScSSHClientInfo; E: Exception);
var
  IP: string;
  Port: integer;
begin
  IP := string(inet_ntoa(ClientInfo.SockAddr.sin_addr));
  Port := ClientInfo.SockAddr.sin_port;
end;

snorkel
Posts: 384
Joined: Tue 08 Aug 2006 15:10
Location: Milwaukee WI USA

Re: Getting odd error in SSH server OnClientError event

Post by snorkel » Mon 08 Jan 2018 16:21

That's almost exactly how I get the IP in Lazarus:

if ClientInfo <> nil then
begin
ip:=inet_ntoa(clientinfo.SockAddr^.sin_addr);
port:=intTostr(ntohs(ClientInfo.SockAddr^.sin_port));

I'm having a problem figuring out what the heck is causing this error.

The client info object is not null, but it does not have a username and it never hits the password or the key auth events in the tscFilestorage, yet the error that is raised is Auth Failure.

This is on a real server not a desktop and we transfer a ton of files and this error happens every day around the same time.

snorkel
Posts: 384
Joined: Tue 08 Aug 2006 15:10
Location: Milwaukee WI USA

Re: Getting odd error in SSH server OnClientError event

Post by snorkel » Mon 08 Jan 2018 16:38

I noticed that each day it's always on the same ports:

On Jan 5th:
SSH Client(0.0.0.0:65287) ERROR for user:N/A:Authentication failed
SSH Client(0.0.0.0:519) ERROR for user:N/A:Authentication failed

On Jan 4th:

SSH Client(0.0.0.0:65287) ERROR for user:N/A:Authentication failed
SSH Client(0.0.0.0:519) ERROR for user:N/A:Authentication failed

Is this possible some type of listener error and not really a Authentication failed error.

I am using a slightly older version of Securebridge, it's not the latest.

ViktorV
Devart Team
Posts: 2414
Joined: Wed 30 Jul 2014 07:16

Re: Getting odd error in SSH server OnClientError event

Post by ViktorV » Thu 11 Jan 2018 13:54

We will add the BeforeClientConnect event handler, in which you can save ClientInfo and then compare the saved information with ClientInfo in the OnClientError event handler. We'll let you know when we add the above event handler.

tcaduto12068
Posts: 68
Joined: Wed 17 Aug 2016 05:57

Re: Getting odd error in SSH server OnClientError event

Post by tcaduto12068 » Wed 03 Oct 2018 13:23

I think we may have found the source of this error:
SSH Client(0.0.0.0:65287) ERROR for user:N/A:Authentication failed
SSH Client(0.0.0.0:519) ERROR for user:N/A:Authentication failed

It appears the devart SSH/SFTP server is dropping the connections because of the backlog limit or possibly the max startups.
I have the backlog set to 15 and the max startups set to 150 and one of our clients sent 11 files in separate sessions at one time. I have since increased the backlog to 50 and left max startups at 150.

If this is indeed the cause of the above error is there anyway you guys can add better error handling for when this happens?
Maybe an event or something that is triggered?

tcaduto12068
Posts: 68
Joined: Wed 17 Aug 2016 05:57

Re: Getting odd error in SSH server OnClientError event

Post by tcaduto12068 » Thu 04 Oct 2018 17:34

I think I tracked this error down to this function:

Line 120 in procedure TSsh2ServerConnection.UserAuthentication;

I am guessing this is where it does some server key verification?

Their connections work sometimes and other times we get this:
SSH Client(0.0.0.0:56838) ERROR for user:N/A:Authentication failed

Is there anyway to get the actual error that caused the Auth to fail?

ViktorV
Devart Team
Posts: 2414
Joined: Wed 30 Jul 2014 07:16

Re: Getting odd error in SSH server OnClientError event

Post by ViktorV » Fri 05 Oct 2018 15:16

We are investigating the issue and will notify you about the result.

Post Reply