ciphers (was Re: Bad packet length error)

Wendy Palm wendyp at cray.com
Wed Apr 25 04:33:51 EST 2001


sorry, misread it.

protocol 1 works fine.

adding a "Ciphers" list to the ssh_config file for protocol 2
(removing aes) didn't work at all.  according to the manpage,
the default list is 
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc''

so shouldn't i be able to use
Ciphers blowfish-cbc,3des-cbc
?

wendy


Wendy Palm wrote:
> 
> i'm getting the same problem ssh'ing from a cray running 2.5.3p1
> (using either protocol 1 or 2) to another cray running 2.5.3p1 or
> to an sgi running 2.5.1p2.
> 
> running from the sgi (2.5.1p2) to the cray (2.5.3p1) works fine.
> cray-cray running 2.3 didn't have this problem at all.
> 
> this looks like the rijndael "endianness" problem we found in february.
> (see the mail archives, 2001-02-27)
> 
> using -c blowfish or -c 3des works with protocol 1 and 2
> 
> adding a "Ciphers" list to the ssh_config file for protocol 1
> (removing aes) worked great.  however, setting "Cipher" for protocol 2 didn't
> work at all.
> 
> wendy
> 
> Tom Orban wrote:
> >
> > Hello,
> >
> > I just built openssh-2.5.2p2 on an HP running HP-UX 11.00.  Seems now
> > when I try and connect to other HP's running ssh with version
> > openssh-2.3.0p1 (using protocol version 2), I'm getting disconnected
> > because of a "Bad packet length" error:
> >
> > ssh -v isd1
> > ...
> > debug1: ssh_dss_verify: signature correct
> > debug1: Wait SSH2_MSG_NEWKEYS.
> > debug1: GOT SSH2_MSG_NEWKEYS.
> > debug1: send SSH2_MSG_NEWKEYS.
> > debug1: done: send SSH2_MSG_NEWKEYS.
> > debug1: done: KEX2.
> > debug1: send SSH2_MSG_SERVICE_REQUEST
> >  42 71 58 e0 7b e7 3b 4f 0d 3d 83 9c a2 01 c6 22
> > Disconnecting: Bad packet length 1114724576.    <------------ ERROR
> > debug1: Calling cleanup 0x400102a2(0x0)
> > debug1: Calling cleanup 0x400102aa(0x0)
> > debug1: writing PRNG seed to file //.ssh/prng_seed
> >
> > Other info:
> > - Going from box running 2.3.0p1 to box with 2.5.2p2 works fine with
> > protocol 2.
> > - 2.5.2p2 box to another 2.5.2p2 box works fine.
> >
> > Workarounds:
> > 1) upgrade offending machine to 2.5.2p2, although I can't for all
> > machines.
> > 2) (Interim fix) connect to offending machine with protocol version 1.
> >
> > Anyone else seen this behavior?  Any chance there's a patch for this?
> >
> > Thanks.
> >
> > -Tom
> 
> --
> wendy palm
> Cray OS Sustaining Engineering, Cray Inc.
> wendyp at cray.com, 651-605-9154

-- 
wendy palm
Cray OS Sustaining Engineering, Cray Inc.
wendyp at cray.com, 651-605-9154



More information about the openssh-unix-dev mailing list