Re: Disconnecting: Bad packet length



Jeff,

I have had also faced the same problem, but it was resolved when my
team cross examined the new server certificate file for compatibility,
there was a change in certificate/ key size. I think you can take up
this problem as a bug.

Also I have found on mutiple OpenVPN forum that people have found
work around for this compatibility issue by creating a script asking
the server to ignore the Bad Packet Length error.

Ref: https://launchpad.net/ubuntu/gutsy/+source/logcheck/1.2.55
http://lists.mindrot.org/pipermail/openssh-unix-dev/2007-September.txt

I hope it helps

On Thu, Jan 8, 2009 at 11:37 AM, Jeff Blaine <jblaine@xxxxxxxxxxxx> wrote:
Server: OpenSSH 5.1p1
Client: OpenSSH 4.3p2

Works fine when server is OpenSSH 4.4p1 instead (our old
instance we're trying to upgrade to 5.1p1)

Any ideas? Adding '-2' to the ssh command line buys me
nothing.

% /usr/local/bin/ssh -v -v -v -p 6000 sshserver
OpenSSH_4.3p2, OpenSSL 0.9.8d 28 Sep 2006
debug1: Reading configuration data /usr/local/etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to sshserver [XX.YY.10.1] port 6000.
debug1: Connection established.
debug1: identity file /home/jblaine/.ssh/identity type -1
debug1: identity file /home/jblaine/.ssh/id_rsa type -1
debug1: identity file /home/jblaine/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 113/256
debug2: bits set: 525/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/jblaine/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/jblaine/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/jblaine/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
debug2: no key of type 0 for host sshserver
debug3: check_host_in_hostfile: filename /home/jblaine/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/jblaine/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
debug2: no key of type 2 for host sshserver
The authenticity of host 'sshserver (XX.YY.10.1)' can't be established.
RSA key fingerprint is 88:b0:14:81:c9:86:4f:a5:a8:96:87:f3:24:df:0c:8b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'sshserver,XX.YY.10.1' (RSA) to the list of
known hosts.
debug2: bits set: 519/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
Disconnecting: Bad packet length 3346013531.

bash-2.05# /custom/openssh-5.1p1/sbin/sshd -p 6000 -d
debug1: sshd version OpenSSH_5.1p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/linus/openssh-5.1p1/sbin/sshd'
debug1: rexec_argv[1]='-p'
debug1: rexec_argv[2]='6000'
debug1: rexec_argv[3]='-d'
debug1: Bind to port 6000 on ::.
Server listening on :: port 6000.
debug1: Bind to port 6000 on 0.0.0.0.
Server listening on 0.0.0.0 port 6000.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 11
debug1: inetd sockets after dupping: 4, 4
Connection from XX.YY.10.14 port 51518
debug1: Client protocol version 2.0; client software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug1: permanently_set_uid: 27/65000
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
Disconnecting: Bad packet length 2596886957.
debug1: do_cleanup
debug1: do_cleanup
bash-2.05#





--
Regards

Vivek P Nair
VP Technology
Appin Software Security Private Limited

| vivekp@xxxxxxxxxxxxxxx | vivek.p@xxxxxxxxxxxxx | 09999668010 |
d3adbra1n.wordpress.com |

Three ways to gain Success

1. know more than others
2. work more than others
3. expect less than others