Bad packet length problem with "aes128-cbc" and openssh3.1p1

Ajit Yashwant Vaishampayan, Noida ajith at noida.hcltech.com
Thu Dec 26 21:50:17 EST 2002 

Hi,

Here is some information about the problem.

> when does this happen? what plattform? 

When I try to connect to a 64-bit bigendian machine from a 
32-bit little endian machine or even from a 64 bit big endian
machine using ssh. Server (sshd) is running on SUPER-UX 
running on SX-6 and client (ssh) is running on P - II with Red 
Hat 7.1 or vice versa.

> what versions of openssh? 

openssh-3.1p1 on both client and server, compiled and installed
locally.

> are other implementations of ssh involved? 

I am having the same ssh, ssl, zlib installed on 
both client and server.

ssl: openssl-0.9.6b
zlib: zlib-1.1.4

> does this happen on the client or server? 

When running in debug mode, the bad packet is recognized 
at the server side first and then the message is sent to 
client.

The debug output is appended below.

Server side: - 
----------------------------------------------------------------------
# uname -a
SUPER-UX unix 12.2  SX-6

# ./sshd -d -p 12020 -f /usr/local/etc/sshd_config
debug1: sshd version OpenSSH_3.1p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 12020 on 0.0.0.0.
Server listening on 0.0.0.0 port 12020.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from a.b.c.d port 3814
debug1: Client protocol version 2.0; client software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.1p1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: send2: outgoing packet before cipher_crypt: 
0000 01e4 0914 e2a0 5798 041b 6d8a 8a4a
73d1 a66e 9da1 0000 003d 6469 6666 6965
...
debug1: send2: outgoing packet after cipher_crypt: 
0000 01e4 0914 e2a0 5798 041b 6d8a 8a4a
73d1 a66e 9da1 0000 003d 6469 6666 6965
...
debug1: SSH2_MSG_KEXINIT sent
debug1: poll2: incoming packet before cipher_crypt: 
0000 0000 0000 0000 
debug1: poll2: incoming packet after cipher_crypt: 
0000 01dc 0b14 1296 
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: poll2: incoming packet before cipher_crypt: 
0000 01dc 0b14 1296 
debug1: poll2: incoming packet after cipher_crypt: 
0000 0014 0622 0000 
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: send2: outgoing packet before cipher_crypt: 
0000 01a4 0a1f 0000 018f 669b a3ed 661f
226a 090b e564 4a2b b420 9371 b78f c3e6
...
debug1: send2: outgoing packet after cipher_crypt: 
0000 01a4 0a1f 0000 018f 669b a3ed 661f
226a 090b e564 4a2b b420 9371 b78f c3e6
...
debug1: dh_gen_key: priv key bits set: 135/256
debug1: bits set: 1563/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: poll2: incoming packet before cipher_crypt: 
0000 0014 0622 0000 
debug1: poll2: incoming packet after cipher_crypt: 
0000 019c 0720 0000 
debug1: bits set: 1602/3191
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: send2: outgoing packet before cipher_crypt: 
0000 02cc 0b21 0000 0095 0000 0007 7373
682d 7273 6100 0000 0123 0000 0081 00ba
...

debug1: send2: outgoing packet after cipher_crypt: 
0000 02cc 0b21 0000 0095 0000 0007 7373
682d 7273 6100 0000 0123 0000 0081 00ba
...

debug1: kex_derive_keys
debug1: send2: outgoing packet before cipher_crypt: 
0000 000c 0a15 0000 0000 0000 0000 0000

debug1: send2: outgoing packet after cipher_crypt: 
0000 000c 0a15 0000 0000 0000 0000 0000

debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: poll2: incoming packet before cipher_crypt: 
0000 019c 0720 0000 
debug1: poll2: incoming packet after cipher_crypt: 
0000 000c 0a15 0000 
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: dispatch_run

debug1: poll2: incoming packet before cipher_crypt: 
0000 000c 0a15 0000 0000 0000 0000 0000

debug1: poll2: incoming packet after cipher_crypt: 
a95d 0c23 e308 4167 8849 9458 684e e068

a95d 0c23 e308 4167 8849 9458 684e e068

debug1: send2: outgoing packet before cipher_crypt: 
0000 003c 0d01 0000 0002 0000 0021 706f
6c6c 3220 4261 6420 7061 636b 6574 206c
656e 6774 6820 6139 3564 3063 3233 2e00
0000 0028 9ff6 483e 1c57 d8d7 2379 4cb9

debug1: send2: outgoing packet after cipher_crypt: 
0000 003c 0d01 0000 0002 0000 0021 706f
6c6c 3220 4261 6420 7061 636b 6574 206c
656e 6774 6820 6139 3564 3063 3233 2e00
0000 0028 9ff6 483e 1c57 d8d7 2379 4cb9

Disconnecting: poll2 Bad packet length a95d0c23.
debug1: Calling cleanup 0x4000b3e98(0x0)

-----------------------------------------------------------------

Client side: -

----------------------------------------------------------------------
$ uname -a
SUPER-UX unix 12.2  SX-6

$ ./ssh -p 12020 -v -v -v -l ajith sx6i
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /usr/local/etc/ssh_config
debug3: Seeing PRNG from /usr/local/libexec/ssh-rand-helper
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 106 geteuid 106 anon 1
debug1: Connecting to sx6i [a.b.c.d] port 12020.
debug1: temporarily_use_uid: 106/102 (e=106)
debug1: restore_uid
debug1: temporarily_use_uid: 106/102 (e=106)
debug1: restore_uid
debug1: Connection established.
debug1: identity file /home/ajith/.ssh/identity type -1
debug1: identity file /home/ajith/.ssh/id_rsa type -1
debug1: identity file /home/ajith/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: send2: outgoing packet before cipher_crypt: 
0000 01dc 0b14 1296 3983 bf61 f319 7740
bd01 e53e d51a 0000 003d 6469 6666 6965
...

debug1: send2: outgoing packet after cipher_crypt: 
0000 01dc 0b14 1296 3983 bf61 f319 7740
bd01 e53e d51a 0000 003d 6469 6666 6965
...

debug1: SSH2_MSG_KEXINIT sent
debug1: poll2: incoming packet before cipher_crypt: 
0000 0000 0000 0000 
debug1: poll2: incoming packet after cipher_crypt: 
0000 01e4 0914 e2a0 
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: send2: outgoing packet before cipher_crypt: 
0000 0014 0622 0000 0400 0000 0800 0000
2000 0000 0000 0000 
debug1: send2: outgoing packet after cipher_crypt: 
0000 0014 0622 0000 0400 0000 0800 0000
2000 0000 0000 0000 
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: poll2: incoming packet before cipher_crypt: 
0000 01e4 0914 e2a0 
debug1: poll2: incoming packet after cipher_crypt: 
0000 01a4 0a1f 0000 
debug1: dh_gen_key: priv key bits set: 118/256
debug1: bits set: 1602/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: send2: outgoing packet before cipher_crypt: 
0000 019c 0720 0000 018f 5a03 7ac0 e60e
c2e0 2186 8ab9 522b c61f 5876 c887 db28
...

debug1: send2: outgoing packet after cipher_crypt: 
0000 019c 0720 0000 018f 5a03 7ac0 e60e
c2e0 2186 8ab9 522b c61f 5876 c887 db28
...

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: poll2: incoming packet before cipher_crypt: 
0000 01a4 0a1f 0000 
debug1: poll2: incoming packet after cipher_crypt: 
0000 02cc 0b21 0000 
debug3: check_host_in_hostfile: filename /home/ajith/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug3: check_host_in_hostfile: filename /home/ajith/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'sx6i' is known and matches the RSA host key.
debug1: Found key in /home/ajith/.ssh/known_hosts:2
debug1: bits set: 1563/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: send2: outgoing packet before cipher_crypt: 
0000 000c 0a15 0000 0000 0000 0000 0000

debug1: send2: outgoing packet after cipher_crypt: 
0000 000c 0a15 0000 0000 0000 0000 0000

debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: poll2: incoming packet before cipher_crypt: 
0000 02cc 0b21 0000 
debug1: poll2: incoming packet after cipher_crypt: 
0000 000c 0a15 0000 
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: send2: outgoing packet before cipher_crypt: 
0000 001c 0a05 0000 000c 7373 682d 7573
6572 6175 7468 af31 35ee ef1a 8e54 496a

debug1: send2: outgoing packet after cipher_crypt: 
0000 001c 0a05 0000 000c 7373 682d 7573
6572 6175 7468 af31 35ee ef1a 8e54 496a

debug1: poll2: incoming packet before cipher_crypt: 
0000 000c 0a15 0000 0000 0000 0000 0000

debug1: poll2: incoming packet after cipher_crypt: 
0000 003c 0d01 0000 0002 0000 0021 706f

Received disconnect from a.b.c.d: 2: poll2 Bad packet length a95d0c23.
debug1: Calling cleanup 0x40009a198(0x0)
-------------------------------------------------------------


> does this happen with newer releases?  

I have not tried with any other versions.

> please provide more details.
> 
> thx, -m
> 

Thanks & Regards

Ajit

More information about the openssh-unix-dev mailing list