ciphers (was Re: Bad packet length error)

Tom Orban tom.orban at corp.usa.net
Thu Apr 26 06:19:22 EST 2001


Actually Richard Silverman suggested using a different "bulk cipher",
and that works fine.  If I "ssh -c blowfish" or ssh -c 3des, I can go to
the 2.5.0.p1 sshd's without the bad packet length errors.

So in summary, I'm upgrading the machines that I can, to 2.5.2p2, and
for the ones I can't, then I just ssh with -c blowfish or -c 3des, and
all is well using protocol 2.

-Tom


Wendy Palm wrote:
> 
> sorry, misread it.
> 
> protocol 1 works fine.
> 
> adding a "Ciphers" list to the ssh_config file for protocol 2
> (removing aes) didn't work at all.  according to the manpage,
> the default list is
> ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc''
> 
> so shouldn't i be able to use
> Ciphers blowfish-cbc,3des-cbc
> ?
> 
> wendy
> 
> Wendy Palm wrote:
> >
> > i'm getting the same problem ssh'ing from a cray running 2.5.3p1
> > (using either protocol 1 or 2) to another cray running 2.5.3p1 or
> > to an sgi running 2.5.1p2.
> >
> > running from the sgi (2.5.1p2) to the cray (2.5.3p1) works fine.
> > cray-cray running 2.3 didn't have this problem at all.
> >
> > this looks like the rijndael "endianness" problem we found in february.
> > (see the mail archives, 2001-02-27)
> >
> > using -c blowfish or -c 3des works with protocol 1 and 2
> >
> > adding a "Ciphers" list to the ssh_config file for protocol 1
> > (removing aes) worked great.  however, setting "Cipher" for protocol 2 didn't
> > work at all.
> >
> > wendy
> >
> > Tom Orban wrote:
> > >
> > > Hello,
> > >
> > > I just built openssh-2.5.2p2 on an HP running HP-UX 11.00.  Seems now
> > > when I try and connect to other HP's running ssh with version
> > > openssh-2.3.0p1 (using protocol version 2), I'm getting disconnected
> > > because of a "Bad packet length" error:
> > >
> > > ssh -v isd1
> > > ...
> > > debug1: ssh_dss_verify: signature correct
> > > debug1: Wait SSH2_MSG_NEWKEYS.
> > > debug1: GOT SSH2_MSG_NEWKEYS.
> > > debug1: send SSH2_MSG_NEWKEYS.
> > > debug1: done: send SSH2_MSG_NEWKEYS.
> > > debug1: done: KEX2.
> > > debug1: send SSH2_MSG_SERVICE_REQUEST
> > >  42 71 58 e0 7b e7 3b 4f 0d 3d 83 9c a2 01 c6 22
> > > Disconnecting: Bad packet length 1114724576.    <------------ ERROR
> > > debug1: Calling cleanup 0x400102a2(0x0)
> > > debug1: Calling cleanup 0x400102aa(0x0)
> > > debug1: writing PRNG seed to file //.ssh/prng_seed
> > >
> > > Other info:
> > > - Going from box running 2.3.0p1 to box with 2.5.2p2 works fine with
> > > protocol 2.
> > > - 2.5.2p2 box to another 2.5.2p2 box works fine.
> > >
> > > Workarounds:
> > > 1) upgrade offending machine to 2.5.2p2, although I can't for all
> > > machines.
> > > 2) (Interim fix) connect to offending machine with protocol version 1.
> > >
> > > Anyone else seen this behavior?  Any chance there's a patch for this?
> > >
> > > Thanks.
> > >
> > > -Tom
> >
> > --
> > wendy palm
> > Cray OS Sustaining Engineering, Cray Inc.
> > wendyp at cray.com, 651-605-9154
> 
> --
> wendy palm
> Cray OS Sustaining Engineering, Cray Inc.
> wendyp at cray.com, 651-605-9154



More information about the openssh-unix-dev mailing list