Disconnecting: Bad packet length 2056273721.

mouring at etoh.eviladmin.org mouring at etoh.eviladmin.org
Thu Mar 22 04:37:36 EST 2001


This is a known issue with with 2.5.1p2 and below.  AES
encryption did not handle little vs big ended correctly.
Please use another encryption like Blowfish or upgrade
the box in question to 2.5.2.

- Ben

On Wed, 21 Mar 2001, John Dunlap wrote:

> OpenSSH-2.5.2.p1 won't connect to OpenSSH-2.5.1p2 using
> version 2 protocol, quitting with the error message:
>
> [dunlap at tesla dunlap]$ ssh -2 kraken
>  7a 90 3f 39 37 67 0d 9e ac 43 74 c3 83 83 f5 a2
> Disconnecting: Bad packet length 2056273721.
>
>
> tesla is Linux tesla.apl.washington.edu 2.2.16-3 #1 Mon Jun 19
> 19:11:44 EDT 2000 i686 unknown Intel RHL6.2 with OpenSSH-2.5.2.p1
> compiled from sources on machine with all RHL6.2 patches.  kraken is
> SunOS kraken 5.6 Generic_105181-23 sun4u sparc SUNW,Ultra-5_10 with
> OpenSSH-2.5.1p2.  This problem does not exsist when an OpenSSH-2.5.1p2
> client is used from tesla.  Nor does it exist when OpenSSH-2.5.2.p1
> client is used to an OpenSSH-2.5.1p2 server on RHL6.2.
>
> Here is the result of the faulty (non)connection with full debugging.
> Presently I don't have root access to the server machine.
>
> [dunlap at tesla dunlap]$ ssh -v -v -v -2 kraken
> OpenSSH_2.5.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
> debug1: Seeding random number generator
> debug1: Rhosts Authentication disabled, originating port will not be trusted.
> debug1: ssh_connect: getuid 101 geteuid 0 anon 1
> debug1: Connecting to kraken [128.95.97.25] port 22.
> debug1: Connection established.
> debug1: identity file /home/dunlap/.ssh/identity type 0
> debug1: unknown identity file /home/dunlap/.ssh/id_dsa
> debug1: identity file /home/dunlap/.ssh/id_dsa type -1
> debug1: unknown identity file /home/dunlap/.ssh/id_rsa1
> debug1: identity file /home/dunlap/.ssh/id_rsa1 type -1
> debug1: unknown identity file /home/dunlap/.ssh/id_rsa2
> debug1: identity file /home/dunlap/.ssh/id_rsa2 type -1
> debug1: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p1
> debug1: match: OpenSSH_2.5.1p1 pat ^OpenSSH
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_2.5.2p1
> debug1: send KEXINIT
> debug1: done
> debug1: wait KEXINIT
> debug1: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug1: got kexinit: ssh-dss
> debug1: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
> debug1: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
> debug1: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug1: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug1: got kexinit: none,zlib
> debug1: got kexinit: none,zlib
> debug1: got kexinit:
> debug1: got kexinit:
> debug1: first kex follow: 0
> debug1: reserved: 0
> debug1: done
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
> debug1: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
> debug1: Got SSH2_MSG_KEX_DH_GEX_GROUP.
> debug1: dh_gen_key: priv key bits set: 123/256
> debug1: bits set: 1010/2049
> debug1: Sending SSH2_MSG_KEX_DH_GEX_INIT.
> debug1: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
> debug1: Got SSH2_MSG_KEXDH_REPLY.
> debug1: Host 'kraken' is known and matches the DSA host key.
> debug1: Found key in /home/dunlap/.ssh/known_hosts2:4
> debug1: bits set: 1034/2049
> debug1: len 55 datafellows 0
> debug1: ssh_dss_verify: signature correct
> debug1: Wait SSH2_MSG_NEWKEYS.
> debug1: GOT SSH2_MSG_NEWKEYS.
> debug1: send SSH2_MSG_NEWKEYS.
> debug1: done: send SSH2_MSG_NEWKEYS.
> debug1: done: KEX2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
>  de 58 63 8c 67 dd 9d 26 c2 f9 23 84 80 d0 94 0b
> Disconnecting: Bad packet length -564632692.
> debug1: Calling cleanup 0x805e31c(0x0)
>
>
> --
> John Dunlap                           University of Washington
> Senior Electrical Engineer            Applied Physics Laboratory
> dunlap at apl.washington.edu             1013 NE 40th Street
> 206-543-7207, 543-1300, FAX 543-6785  Seattle, WA   98105-6698
>
>






More information about the openssh-unix-dev mailing list