OpenSSH v2.3.0p1 on Solaris 2.7/2.8 vs. OpenBSD 2.8

[Ed Vazquez, Jr.]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've seen a few posts, but no solutions as of yet.  Here's a
bit more info.

BoxA - Solaris 2.7, Maintenance Update 01/09/2001, SunWorks cc compiler
BoxB - Solaris 2.8, gcc-2.95.2 gcc compiler
BoxC - Solaris 2.7, Maintenance Update 01/09/2001, gcc-2.95.2 gcc
compiler
BoxD - OpenBSD 2.8, patched to STABLE, gcc-2.95.2 _and_ BSD cc compilers 
available.
BoxE - OpenBSD 2.7, release, no patches

On the Solaris boxen, OpenSSL-engine v0.9.6 was compiled first
with the only configure options being a prefix of /opt/sfw.

Then, OpenSSH v2.3.0p1 was built with configure options of:
- - --prefix=/opt/sfw
- - --with-ipaddr-display
- - --with-ipv4-default
- - --with-4in6

and installed successfully.

On BoxD, I re-built the entire system from stable, then also
compiled v2.3.0p1 with a prefix of /usr/local, plus the options as
on the Solaris boxes using gcc.  This gave me the default ssh, 
_and_ a build supposedly similar to the Solaris boxes.

On SSH connections from the BoxD back to itself (127.0.0.1) or to/
from BoxE, there are no problems with either client or server, ssh-1
or ssh-2.

On SSH connections from any Solaris to any other Solaris, no issues
are seen on either ssh-1 or ssh-2 protocols.
*attachment: successful-ssh

- - From any Solaris to the BSD box though, I got the "Bad packet
length"
error.  Where the packet data translates as:

23 28 62 93 e8 8b ca 43 89 5b 43 b2 df 64 3a 65 (hex)
35 40 98 147 232 139 202 67 137 91 67 178 223 100 58 101 (decimal)
# ( b ~ é < Ê C % [ C ² ß d : e (ascii)
                                                                                
*attachment: sshsolerror

And from the BSD box to any Solaris box, I again got the "Bad packet
length" error, but with slightly different packet data:

a4 c8 7d 9e 89 ad ee dd 19 ca fa 26 df 41 3e c6 (hex)
164 200 125 158 137 173 238 221 25 202 250 38 223 65 62 198 (decimal)
¤ È } unused unused ­ î Ý EM Ê ú & ß A > Æ (ascii)

*attachment: ssherror

Unlike the existing posts, the ascii translations do not make any
sort of sense to me.

Also, all sshd_config and ssh_confige files are identical, I have
tried the server as both an inetd and as a daemon, with the same
results for both ssh-1 and ssh-2.
*attachment: sshd_config
*attachment: ssh_config

As an almost afterthought, SSH clients from Windows machines work
on both ssh-1 and ssh-2 to any of these boxes.  Clients tried were:
VanDyke SecureCRT, PuTTY, TeraTerm.

I think this counts as a build specific bug, but (disclaimer): I am
not a programmer[tm].

If I need to provide more information, please let me know.  None of
these systems are in production yet, so I can destructively test if
needed.

Ed Vazquez
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (OpenBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6Z0QesgiUrZLjn0MRAj7mAKCFmlZiqhcoTPkCBkMEU0y0xdRmVQCfVH6V
l7H673tkANEHRJgH7A9Jq4I=
=ph9F
-----END PGP SIGNATURE-----

-------------- next part --------------
SSH Version OpenSSH_2.3.0, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh_config
debug: ssh_connect: getuid 1000 geteuid 0 anon 0
debug: Connecting to 44.1.2.3 [44.1.2.3] port 22.
debug: Allocated local port 703.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1
debug: no match: OpenSSH_2.3.0p1
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.3.0
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit: 
debug: got kexinit: 
debug: first kex follow: 0 
debug: reserved: 0 
debug: done
debug: kex: server->client aes256-cbc hmac-sha1 zlib
debug: kex: client->server aes256-cbc hmac-sha1 zlib
debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug: bits set: 493/1024
debug: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
The authenticity of host '44.1.2.3' can't be established.
DSA key fingerprint is d5:1e:47:01:9a:63:7d:07:6a:44:6c:a6:61:2d:15:c4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '44.1.2.3' (DSA) to the list of known hosts.
debug: bits set: 524/1024
debug: len 55 datafellows 0
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: Enabling compression at level 6.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
 a4 c8 7d 9e 89 ad ee dd 19 ca fa 26 df 41 3e c6
debug: compress outgoing: raw data 60, compressed 63, factor 1.05
debug: compress incoming: raw data 0, compressed 0, factor 0.00
Disconnecting: Bad packet length -1530364514.
debug: Calling cleanup 0x159fc(0x0)

-------------- next part --------------
SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeded RNG with 33 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: ssh_connect: getuid 100 geteuid 0 anon 0
debug: Connecting to 172.16.35.120 [172.16.35.120] port 22.
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Allocated local port 646.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0
debug: no match: OpenSSH_2.3.0
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.3.0p1
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit: 
debug: got kexinit: 
debug: first kex follow: 0 
debug: reserved: 0 
debug: done
debug: kex: server->client aes256-cbc hmac-sha1 none
debug: kex: client->server aes256-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug: bits set: 1043/2049
debug: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
Warning: Permanently added '172.16.35.120' (DSA) to the list of known hosts.
debug: bits set: 1004/2049
debug: len 55 datafellows 0
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
 23 28 62 93 e8 8b ca 43 89 5b 43 b2 df 64 3a 65
Disconnecting: Bad packet length 589849235.
debug: Calling cleanup 0x51940(0x0)
debug: Calling cleanup 0x5c1a0(0x0)
debug: writing PRNG seed to file /home/evazquez/.ssh/prng_seed
-------------- next part --------------
SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeded RNG with 36 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: ssh_connect: getuid 100 geteuid 0 anon 0
debug: Connecting to 44.1.2.2 [44.1.2.2] port 22.
debug: Seeded RNG with 36 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Allocated local port 900.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1
debug: no match: OpenSSH_2.3.0p1
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.3.0p1
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndae
l128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndae
l128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit: 
debug: got kexinit: 
debug: first kex follow: 0 
debug: reserved: 0 
debug: done
debug: kex: server->client aes256-cbc hmac-sha1 none
debug: kex: client->server aes256-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug: bits set: 527/1024
debug: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
Warning: Permanently added '44.1.2.2' (DSA) to the list of known hosts.
debug: bits set: 501/1024
debug: len 55 datafellows 0
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
debug: service_accept: ssh-userauth
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: authentications that can continue: publickey,password
debug: next auth method to try is publickey
debug: key does not exist: /home/evazquez/.ssh/id_dsa
debug: next auth method to try is password
evazquez at 44.1.2.2's password: 
debug: ssh-userauth2 successfull: method password
debug: channel 0: new [client-session]
debug: send channel open 0
debug: Entering interactive session.
debug: client_init id 0 arg 0
debug: channel request 0: shell
debug: channel 0: open confirm rwindow 0 rmax 16384
-------------- next part --------------
# This is ssh client systemwide configuration file.  This file provides 
# defaults for users, and the values can be changed in per-user configuration
# files or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for various options

# Host *
#   ForwardAgent yes
#   ForwardX11 yes
#   RhostsAuthentication yes
#   RhostsRSAAuthentication yes
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   FallBackToRsh no
#   UseRsh no
#   BatchMode no
#   CheckHostIP yes
#   StrictHostKeyChecking no
#   IdentityFile ~/.ssh/identity
#   Port 22
Protocol 2,1
Cipher blowfish
Ciphers aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc
#   EscapeChar ~
-------------- next part --------------
# This is ssh server systemwide configuration file.

Port 22
Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords 
#SkeyAuthentication no
#KbdInteractiveAuthentication yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

CheckMail no
#UseLogin no

# Uncomment if you want to enable sftp
#Subsystem	sftp	/usr/local/libexec/sftp-server
#MaxStartups 10:30:60