plugout.net

[Jocko]

Hi Iamola

Thank you for your trace log file.

Note: I advice you to compress it before uploading

Code: Select all

tar -czf trace.tar.gz trace.log

I already detected this point: your sftp client uses openSSH to open a ssh channel. It seems you have an old version: version 5.3 (2009-oct)

Later you may try to update your openSSH (current version 7.5)

Maybe I would have to contact developers' module, so I need detailled information :
- what sftp client do you use (name and version)
- for openSSH, I have now information
- do you get "buggy/malicious packet" message only if the uploaded filesize is bigger than 2TB ? Do try to upload other big files with size like 100MB, 500MB, 1GB

[Jocko]

From your trace.log

Error happens at 2017-06-03 02:53:48,411. So after ~53min running. At this time, succeeded transfer is around 1,99GB

Code: Select all

2017-06-03 02:53:47,863 [6887] <sftp:7>: received request: WRITE 53ee7f6096881ef4 2140930048 32768
2017-06-03 02:53:47,864 [6887] <sftp:8>: sending response: STATUS 0 'OK'

(2140930048 +32768)=>1,99GB

Then a bit later I see this warning

Code: Select all

client packet bytes recvd (2148521680) reached rekey bytes limit (2147483648), requesting rekey

So you reach the limit 2TB for reuse the current key. I do not know yet if it is a limit from your sftp client or our sftp server (=> need to deepen this)

This events seems to occurs a bad exchange between your client and the server, as later a paylaod with the uploaded file size is asked by your client

Code: Select all

2017-06-03 02:53:48,411 [6887] <ssh2:20>: SSH2 packet len = 2886517715 bytes
2017-06-03 02:53:48,411 [6887] <ssh2:20>: SSH2 packet padding len = 164 bytes
2017-06-03 02:53:48,411 [6887] <ssh2:20>: SSH2 packet payload len = 2886517550 bytes
2017-06-03 02:53:48,411 [6887] <ssh2:20>: payload len (2886517550 bytes) exceeds max payload len (262144), ignoring payload
2017-06-03 02:53:48,412 [6887] <ssh2:3>: reading 131314 bytes of data for discarding
2017-06-03 02:53:48,412 [6887] <ssh2:19>: waiting for max of 600 secs while polling socket 0 using select(2)
2017-06-03 02:53:48,412 [6887] <ssh2:20>: read 52 bytes, expected 131314 bytes; pessimistically returning
2017-06-03 02:53:48,412 [6887] <ssh2:9>: disconnecting (Application error) [at packet.c:1408]
2017-06-03 02:53:48,413 [6887] <ssh2:19>: waiting for max of 5 secs while polling socket 1 using select(2)
2017-06-03 02:53:48,413 [6887] <ssh2:3>: sent SSH_MSG_DISCONNECT (1) packet (68 bytes)
2017-06-03 02:53:48,424 [6887] <ssh2:15>: destroying unclosed channel ID 0 (0 bytes pending)

So stop the transfer...

[Jocko]

On server side rekey is disabled by default (none value):

Code: Select all

SFTPRekey
Syntax: SFTPRekey "none"|"required" [[interval bytes] timeout]
Default: None
Context: server config, <VirtualHost>, <Global>
Module: mod_sftp
Compatibility: 1.3.2rc2 and later

However I see in your trace log, your client tries to init again ssh session

Code: Select all

2017-06-03 02:53:47,866 [6887] <ssh2:3>: received SSH_MSG_KEXINIT (20) packet
2017-06-03 02:53:47,866 [6887] <ssh2:9>: reading KEXINIT message from client


But something happens at this step:

Code: Select all

2017-06-03 02:53:47,892 [6887] <ssh2:3>: unable to request rekey: KEX not completed
2017-06-03 02:53:47,892 [6887] <ssh2:3>: trying rekey request in another 5 seconds


See if on your sftp client there are some options for rekeying

[iamola]

Everything is done by cpanel so no way to change the settings, client side. :(

Yes, the problem is the XXX.tar.gz one, throws that error and does not transfer the whole thing. It only transfers about 2GB of the 4GB file.

[Jocko]

Anyhow the issue is on the sftp client side (so MAC side)

(I do not have issue to upload a 4GB via the sftp server).

It seems your client does not support well rekey process when key limit is reached and then send a bad payload value. I think you should update your outdated openSSH

[iamola]

I filed a request with cpanel/whm.
Lets see what they say?

[Jocko]

I have also posted a request on the sftp module develepers.

[Jocko]

Hi Iamola,

I have an answer from the developer and they think it sounds very like this bug:
http://bugs.proftpd.org/show_bug.cgi?id=4216

As it seems version 1.3.6rc3 fixes the issue, we go to compile the last version (1.3.6e) to see if you still have your issue. (I wanted to upgrade proftpd on the next version...)

So wait

[Jocko]

Hi Iamola,

I sent you a pm to explain how to install the last proftpd version.

For a first test, I advice to disable the trace mode (=> on FTP setup menu, un-select your additional conf file)

[iamola]

Ok done.
Process should run tonight at midnight and i should have an update tomorrow for you.

Thank You.