Re: Disconnecting: Bad packet length



Anyone?

So, I'll submit this as a bug then?

Jeff Blaine wrote:
Server: OpenSSH 5.1p1
Client: OpenSSH 4.3p2

Works fine when server is OpenSSH 4.4p1 instead (our old
instance we're trying to upgrade to 5.1p1)

Any ideas? Adding '-2' to the ssh command line buys me
nothing.

% /usr/local/bin/ssh -v -v -v -p 6000 sshserver
OpenSSH_4.3p2, OpenSSL 0.9.8d 28 Sep 2006
debug1: Reading configuration data /usr/local/etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to sshserver [XX.YY.10.1] port 6000.
debug1: Connection established.
debug1: identity file /home/jblaine/.ssh/identity type -1
debug1: identity file /home/jblaine/.ssh/id_rsa type -1
debug1: identity file /home/jblaine/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 113/256
debug2: bits set: 525/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/jblaine/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/jblaine/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/jblaine/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
debug2: no key of type 0 for host sshserver
debug3: check_host_in_hostfile: filename /home/jblaine/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/jblaine/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
debug2: no key of type 2 for host sshserver
The authenticity of host 'sshserver (XX.YY.10.1)' can't be established.
RSA key fingerprint is 88:b0:14:81:c9:86:4f:a5:a8:96:87:f3:24:df:0c:8b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'sshserver,XX.YY.10.1' (RSA) to the list of
known hosts.
debug2: bits set: 519/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
Disconnecting: Bad packet length 3346013531.

bash-2.05# /custom/openssh-5.1p1/sbin/sshd -p 6000 -d
debug1: sshd version OpenSSH_5.1p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/linus/openssh-5.1p1/sbin/sshd'
debug1: rexec_argv[1]='-p'
debug1: rexec_argv[2]='6000'
debug1: rexec_argv[3]='-d'
debug1: Bind to port 6000 on ::.
Server listening on :: port 6000.
debug1: Bind to port 6000 on 0.0.0.0.
Server listening on 0.0.0.0 port 6000.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 11
debug1: inetd sockets after dupping: 4, 4
Connection from XX.YY.10.14 port 51518
debug1: Client protocol version 2.0; client software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug1: permanently_set_uid: 27/65000
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
Disconnecting: Bad packet length 2596886957.
debug1: do_cleanup
debug1: do_cleanup
bash-2.05#





Relevant Pages

  • Publickey DSA Authentication Problem (long)
    ... can't get it to work with a remote host at my ISP. ... > debug2: we sent a publickey packet, ... > debug1: next auth method to try is keyboard-interactive ...
    (comp.security.ssh)
  • Publickey DSA Authentication Problem (long)
    ... can't get it to work with a remote host at my ISP. ... > debug2: we sent a publickey packet, ... > debug1: next auth method to try is keyboard-interactive ...
    (comp.security.ssh)
  • Problem: passwordless login with Kerberos doesnt work
    ... I installed 2 testmachines, configured MIT Kerberos, LDAP and PAM and got to the point where we all can login on to the SSH server using our Active Directory credentials. ... debug1: Connection established. ... debug2: fd 3 setting O_NONBLOCK ... debug1: Offering GSSAPI proposal: ...
    (comp.security.ssh)
  • Problem: passwordless SSH-login with Kerberos doesnt work
    ... I installed 2 testmachines, configured MIT Kerberos, OpenLDAP and PAM and got to the point where we all can login on to the SSH server using our Active Directory credentials. ... debug1: Connection established. ... debug2: fd 3 setting O_NONBLOCK ... debug1: Offering GSSAPI proposal: ...
    (comp.protocols.kerberos)
  • Re: Trouble with OpenSSH 3.4p1 - Cant connect with an RSA key pair
    ... >> I have a computer functioning as a server using RedHat 8.0 with OpenSSH ... I am experiencing a similar problem using passkey authentication with the ... < debug2: bits set: 1604/3191 ... < debug1: Server accepts key: pkalg ssh-rsa blen 149 ...
    (comp.security.ssh)