Paramiko Server -- Exception (server): Error reading SSH protocol banner

ujlain · (This post was last modified: Jul-23-2023, 07:25 PM by Gribouillis.)

For the code snippet below , I am unable to trap error (as enumerated as tracebac)

hostF = "keys/id_rsa"
HOST_KEY = paramiko.RSAKey(filename=hostF)
transport = paramiko.Transport(client)
transport.add_server_key(HOST_KEY)
transport.local_version = "SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3"  # this is the banner that goes out
server = libServer.mySSH()
try: 
   [b] transport.start_server(server=server)  # Trouble here for DOS attack. Error below arent captured[/b][color=#E74C3C][/color]
    channel = transport.accept(20)
    channel.send("Got Channel .. will try SSH connection \r\n")
except Exception as e:
    print (e)

transport.start_server(server=server) --> this triggers a traceback as enumertaed below when a plain socket connection attempt is made on paramiko SSH server listening port. This can be a raw potential DOS attack.

Error:Exception (server): Error reading SSH protocol banner
Traceback (most recent call last):
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2292, in _check_banner
    buf = self.packetizer.readline(timeout)
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/packet.py", line 374, in readline
    buf += self._read_timeout(timeout)
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/packet.py", line 603, in _read_timeout
    raise EOFError()
EOFError

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2113, in run
    self._check_banner()
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2296, in _check_banner
    raise SSHException(
paramiko.ssh_exception.SSHException: Error reading SSH protocol banner

Gribouillis write Jul-23-2023, 07:25 PM:
Please post all code, output and errors (it it's entirety) between their respective tags. Refer to BBCode help topic on how to post. Use the "Preview Post" button to make sure the code is presented as you expect before hitting the "Post Reply/Thread" button.

**Gribouillis** · (This post was last modified: Jul-23-2023, 07:37 PM by Gribouillis.)

The start_server() documentation says that a separate thread is created for protocol negociation. Your exception occurred apparently in an other thread. You could perhaps play with the event parameter to catch the success or failure of the negociation.

ujlain · Jul-24-2023, 05:44 AM

This traceback report can not be gracefully handed as exception.
What I doing here is running SSH server (using paramiko) and instead of making SSH connection, trying to connect using ordinary socket. Obviosuly SSH server expects SSH related packets from client and thus vomits traceback.
Paramiko ought to capture this as a feature.

event = threading.Event()
# Trouble here .. traceback error can't be gracefully handled
transport.start_server(event= event, server=server)
    while True:
        event.wait(0.1)
        if not transport.is_active():
        print ("Bad socket .. not an SSH attempt")
            os.kill(pid, signal.SIGKILL)
        if event.isSet(): break

Error:Exception (server): Error reading SSH protocol banner
Traceback (most recent call last):
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2292, in _check_banner
    buf = self.packetizer.readline(timeout)
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/packet.py", line 374, in readline
    buf += self._read_timeout(timeout)
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/packet.py", line 603, in _read_timeout
    raise EOFError()
EOFError

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2113, in run
    self._check_banner()
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2296, in _check_banner
    raise SSHException(
paramiko.ssh_exception.SSHException: Error reading SSH protocol banner

**Gribouillis** · (This post was last modified: Jul-24-2023, 06:52 AM by Gribouillis.)

(Jul-24-2023, 05:44 AM)ujlain Wrote: Paramiko ought to capture this as a feature.

Issue a bug report to Paramiko's maintainers Exclamation

You could also look into the source code to see why the exception is not handled by the calling thread.

(Jul-24-2023, 05:44 AM)ujlain Wrote: traceback error can't be gracefully handled

See if you can do something by overrinding temporarily
threading.excepthook

(Jul-24-2023, 05:44 AM)ujlain Wrote: while True:

Why a loop? Why not just event.wait()?

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Authentication server (console)	biscoito	0	733	Oct-20-2023, 11:44 PM Last Post: biscoito
	Socks 5 Proxy Server For UDP ASSOCIATE	ankit	1	2,953	Jun-13-2023, 10:48 AM Last Post: margaretmossman
	Handshake ( Server Hello )	JohnnyCoffee	2	1,509	May-27-2023, 03:23 PM Last Post: JohnnyCoffee
	TCP server syntax error	wabbit	2	1,528	May-18-2023, 06:40 AM Last Post: buran
	Server Http and Https	JohnnyCoffee	2	1,993	Feb-10-2023, 12:56 AM Last Post: Skaperen
	multi-threaded tcp server-newbie	gary	15	3,727	Nov-19-2022, 03:45 PM Last Post: dreamer
	Asyncio \| Websockets - general problem starting the server	dreamer	5	3,286	Oct-26-2022, 11:55 AM Last Post: dreamer
	Client/Server proper finalizing transfer	wolfman5874	1	1,475	Jul-04-2022, 07:35 PM Last Post: wolfman5874
	Socket server problem	H84Gabor	0	1,262	Jun-21-2022, 12:14 AM Last Post: H84Gabor
	Problem connecting TLS client written in C++ and Twisted server	gpropf	0	1,407	Jun-12-2022, 05:57 PM Last Post: gpropf

Paramiko Server -- Exception (server): Error reading SSH protocol banner

User Panel Messages

Announcements