Need help with debugging erlang :ssh

After upgrading erlang from 18.3 to 19.x i have troubles when connecting to a SFTP server.

As some remote servers work and others don’t i need to debug the SSH connection.

The erlang docs for ssh.connect state that there is an option for defining a custom debug function:
{ssh_msg_debug_fun, fun(ConnectionRef::ssh_connection_ref(), AlwaysDisplay::boolean(), Msg::binary(), LanguageTag::binary()) -> _}

In Elixir i tried to add this option when calling :ssh.connect
ssh_msg_debug_fun: fn(_, _, msg, _) -> IO.inspect(msg) end
but it didn’t show/print any log.

Do you have experience with debugging the Erlang ssh/sftp applications?

Any help welcome

I’ve last touched :ssh in erlang when I built a server with it about 10 years ago, but I’m pretty sure I remember that working fine. Do you have an example iex session of the entire transaction? You did send and receive data over a channel with subsystem?

My code looks like this:

iex(2)> :ssh.start
:ok

iex(5)> {:ok, ssh_pid} = :ssh.connect('sftp.xxxxxx.de', 22, [user: '375191-yyyyyy', password: 'Ifzzzzz7', ssh_msg_debug_fun: fn(_, _, msg, _) -> IO.inspect(msg) end])
{:ok, #PID<0.603.0>}

iex(6)> :ssh.connection_info(ssh_pid, [:client_version, :server_version, :user, :peer, :sockname])                                                                            
[client_version: {{2, 0}, 'SSH-2.0-Erlang/4.3.4'},
 server_version: {{2, 0}, 'SSH-2.0-OpenSSH_6.6p1-hpn14v4'},
 user: '375191-yyyyyy', peer: {'sftp.xxxxxx.de', {{133, 119, 78, 199}, 22}},
 sockname: {{192, 168, 33, 146}, 50345}]

iex(7)> :ssh_sftp.start_channel(ssh_pid)
{:error, :closed}

So when i start a channel the connection drops…

The exact same code works with Erlang 18.3 - there also sending and retrieving data works!

As a further hint:

Im using Ubuntu 16.04 with Erlang from the official Erlang Solution repository.

Ahh, so it is not a logging function issue, you have not reached the point when that should be called yet (it logs ssh messages, of which you’ve not started yet since you have no channel).

That implies to me the server you are connecting to does not support sftp or your user has it disallowed, let me test with one of my servers, sec…

iex> ..snipped
iex> :ssh.connection_info(ssh_pid, [:client_version, :server_version, :user, :peer, :sockname])
[sockname: {{10, 1, 2, 158}, 56645},
 peer: {'my.server.com', {{74, 195, 29, 38}, 22}}, user: 'my-user',
 server_version: {{2, 0}, 'SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1'},
 client_version: {{2, 0}, 'SSH-2.0-Erlang/4.3'}]
iex> a = :ssh_sftp.start_channel(ssh_pid)
{:ok, #PID<0.683.0>}

Yeah looks like you may not have access or so with your user or the remote server has sftp disabled in another way?

Also, you are connecting to a very old version of OpenSSH (even mine is old at 7.2, current release is 7.3, openSSH is something that you really badly want to keep up to date), so that might be related as it may not support a newer cert that you might be configured for?

OK - so i don’t get any debug messages before the channel is started - too bad.

The SFTP server is in a managed hosting environment - that explains the old OpenSSH version.

The user and credentials are allowed and work well with erlang 18.3.

My guess is that Erlang 19 handles something different during SSH negotiation.

As I recall, Erlang 19 upgraded the ssh library (openssh), which removed a variety of known broken encryption styles (after being deprecated for years), so if that server is too old or it is setup by someone who does not know what they are doing (like holy hell old version of openssh regardless!) and only allow the broken encryption styles, then no you would not be able to connect. OpenSSH is about security, broken styles will be removed, and they should be manually disabled immediately if you are using an older release. Maybe tell them to check that? They really, like really badly need to upgrade OpenSSH, they could be taken over pretty easily with that old version.