ssh 3.1p1 problems on SX-6...

Manish Kumar Srivastava, Noida mks at noida.hcltech.com
Tue Jan 7 23:33:25 EST 2003 

Hi,

Thanks a lot for your responses.

The "bad packet length" problem occurs when we try to connect
to an SX machine using ssh from any other machine (including
the same SX machine on which sshd is running). We immediately
get the "Bad Packet Length" message. From our logs we could
identify that the bad packet is recognized first at server side.
Probably our logs sent in previous posts would be helpful in 
recognizing the place.

But we had a break thru today when we tried different versions 
of openssl at our side with openssh-3.1p1

openssl-0.9.6b - aes128-cbc fails (Bad Packet length problem)
openssl-0.9.6h - aes128-cbc fails (Bad packet length problem)
openssl-0.9.7  - PASSES (no bad packet length problem)

In the openssl-0.9.7 changelog, it was written that the crypto/rijndael
is moved to crypto/aes but we couldn't find the implementation of
rijndael in openssl-0.9.6[bh]. I think this may not be the appropriate
place to ask a question about openssl, still...

And our second problem of sftp hanging on exit, is *still* there with all 
versions of openssl and openssh (we have tried 3.1p1 and 3.5p1).

I am attaching two log files one for sftp client side debug output 
and another with sftp server side debug output, both having
PACKET_DEBUG defined. I hope the lists accepts attachments.

Please suggest.

> 
> SX-6 is the NEC machine followon to the SX-5.  SuperUX is the OS.
> Cray Inc currently provides support for some of these machines in the
> US and i have a openssh port of 3.4p1 that runs on one.
> we haven't run into this particular problem, so our port must be more
> complete than manish's.
> 
> be a bit patient and i'll update it to 3.5 and provide our 
> patches for manish to try.

Thanks a lot for this information. We would be eagerly waiting for
the patches.

Regards

Manish

> 
> 
> Ben Lindstrom wrote:
> 
> > 
> > On Mon, 6 Jan 2003, Manish Kumar Srivastava, Noida wrote:
> > 
> > 
> >>Hello,
> >>
> >>We are porting openssh-3.1p1 onto SX-6 running on SuperUX.
> >>We landed into problem when we started running sshd with
> >>the default encryption settings. As you would have already
> >>seen on this mailing list.
> >>
> > 
> > First off.. I have no clue what SX-6 is.. Nor what hardware 
> it runs on.
> > Nor how old it may be.  So it would be nice to be clued in 
> on that.  Maybe
> > even what branch of the UNIX tree it was formed from.
> > 
> > 
> >>Basically we are facing two problems (both client and servers
> >>run on SX):-
> >>
> >>1) If the we use the default encryption algorithm aes128-cbc
> >>   then we get a Bad Packet length problem on server side.
> >>
> >>
> > 
> > Don't know.  Most of the time I've seen 'Bad Packet length' it was a
> > broken OpenSSL.  IIRC in the OpenSSL tree there is a 'make 
> test' that
> > allows you to see if everything passes.
> > 
> > 
> > 
> >>2) If we run the sshd after setting encryption algorithm
> >>   to say 3des-cbc or aes192-cbc, then everything works fine
> >>   except for sftp. When we exit from sftp then it hangs in
> >>   select() called from server_loop2().
> >>
> >>
> > 
> > My tired and befuddled brain wants to say scream out 'race 
> condition', but
> > even after skimming your last emails.  I really am not sure 
> off hand.  I
> > know AIX has oddities under some releases for select().
> > 
> > 
> >>Both the problems are posted on the mailing list and both
> >>recur with the latest version of openssh i.e. 3.5p1 with
> >>openssl 0.9.6b. Kindly suggest something. We want to fix
> >>the problems.
> >>
> >>
> > 
> > I wish I could give you more direct help, but at this 
> point.  I'm not sure
> > what to even suggest for a starting point.
> > 
> > - Ben
> > 
> > _______________________________________________
> > openssh-unix-dev at mindrot.org mailing list
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> > 
> 
> 
> -- 
> wendy palm
> Cray OS Sustaining Engineering, Cray Inc.
> wendyp at cray.com, 651-605-9154
> 

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sftp_output.txt
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030107/82f3507a/attachment.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sftp_sshd_output.txt
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030107/82f3507a/attachment-0001.txt

More information about the openssh-unix-dev mailing list