"Bad packet length 1231976033"
Philip Prindeville
philipp_subx at redfish-solutions.com
Mon Apr 24 06:08:57 AEST 2023
Sorry about taking so long to get back to you. The problem is sporadic and I've had other fires to put out first...
Here's a PCAP of authentication failures:
https://www.redfish-solutions.com/misc/kvm1.pcap
> On Apr 9, 2023, at 1:21 AM, Brian Candler <b.candler at pobox.com> wrote:
>
> On 09/04/2023 02:20, Philip Prindeville wrote:
>> What's odd is that the length is*always* 1231976033 (which is 0x496E7661 or "Inva" in ASCII).
>
> Could you get a tcpdump when this happens? Then maybe more of the error can be captured.
>
> I grepped for Inva in the source code. There are lots of error messages which start with this which are sent with error() or fatal() or fprint(stderr, ...), but two which stand out as being a bit different:
>
> # kex.c
>
> invalid:
> send_error(ssh, "Invalid SSH identification string.");
>
> # packet.c
>
> if (*typep < SSH2_MSG_MIN || *typep >= SSH2_MSG_LOCAL_MIN) {
> if ((r = sshpkt_disconnect(ssh,
> "Invalid ssh2 packet type: %d", *typep)) != 0 ||
>
> If it happens to be either of these, then the tcpdump showing the exchange prior to this point would be enlightening.
>
More information about the openssh-unix-dev
mailing list