ssh on Debian, not connecting to OpenBSD 2.7 ["Disconnecting: Bad packet length 1349676916"]

ssh on Debian, not connecting to OpenBSD 2.7 ["Disconnecting: Bad packet length 1349676916"]

Post by Darren Wyn Ree » Wed, 28 Feb 2001 07:57:28



Would somebody please clarify what needs changing to enable me to
ssh into an OpenBSD (2.7) box, using Debian (OpenSSH 1.2.3, protocol
version 1.5).  (a) the ssh client on the Debian box, (b) the
ssh daemon on the OpenBSD one, or (please, no) (c) both.  *Thnx*

--

ASK your ISP to ADD the NEW england.* Newsgroups
http://www.england.news-admin.org/accessfaq.html

 
 
 

ssh on Debian, not connecting to OpenBSD 2.7 ["Disconnecting: Bad packet length 1349676916"]

Post by Richard E. Silverm » Wed, 28 Feb 2001 11:06:35


Quote:> Disconnecting: Bad packet length 1349676916

1349676916 decimal = 50726F74 hex = "Prot" ASCII

Looks suspiciously like some sort of text message, perhaps beginning
"Protocol" or "Protection"?  What do the syslog messages on the server
say?  How about if you try the connection with the server in debug mode?

--
  Richard Silverman


 
 
 

ssh on Debian, not connecting to OpenBSD 2.7 ["Disconnecting: Bad packet length 1349676916"]

Post by J Phillip » Thu, 01 Mar 2001 07:14:21



Quote:> > Disconnecting: Bad packet length 1349676916

--------------------------------^

> 1349676916 decimal = 50726F74 hex = "Prot" ASCII
> Looks suspiciously like some sort of text message, perhaps beginning
> "Protocol" or "Protection"?  What do the syslog messages on the server
> say?  How about if you try the connection with the server in debug mode?
> --
>   Richard Silverman


I think it disconected because if assumes a 1.3GB packet is some sort
of attack.

To answer the original poster's question, make shure both are using
the same version of SSH. (apparently the 2.0 protocol isn't
completely backwards compatible)

--
James Phillips

however, include "ID" in the subject line if
you want your response "rescued".

 
 
 

ssh on Debian, not connecting to OpenBSD 2.7 ["Disconnecting: Bad packet length 1349676916"]

Post by Richard E. Silverm » Thu, 01 Mar 2001 13:15:53




    >> > Disconnecting: Bad packet length 1349676916
    James> --------------------------------^
    >> 1349676916 decimal = 50726F74 hex = "Prot" ASCII

    >> Looks suspiciously like some sort of text message, perhaps
    >> beginning "Protocol" or "Protection"?  What do the syslog messages
    >> on the server say?  How about if you try the connection with the
    >> server in debug mode?


    James> I think it disconected because if assumes a 1.3GB packet is
    James> some sort of attack.

It disconnected because the maximum packet size OpenSSH will accept is
2^18 = 262144 bytes.  That is the explicit maximum in SSH-1.  SSH-2
requires that implementations accept packets at least 35000 bytes long, so
that value works for SSH-2 as well.

    James> To answer the original poster's question, make shure both are
    James> using the same version of SSH. (apparently the 2.0 protocol
    James> isn't completely backwards compatible)

SSH-2 is explicitly *not* backwards compatible with SSH-1 -- but this is
not the problem.  Both versions of the protocol begin with each side
transmitting a version string.  If there's a mismatch, one side will
end the session with a sensible error message, before even switching to
the packet protocol.  The symptoms here mean that both sides thought there
was a common protocol version supported, and got some way into the
conversation when one side got a corrupt packet.

The reason I wrote the bit about 1349676916 = "Prot", is that it is not
uncommon for some software problem to cause one side to emit a text
message into the middle of the SSH protocol stream (this is especially
easy to get if you're starting sshd from inetd).  If this happens on a
packet boundary, then one side interprets the first four bytes of the text
as the packet size, which is usually out of bounds.  So decoding the
reported bogus packet size in this way is useful to get a clue as to
what's going on.

--
  Richard Silverman

 
 
 

ssh on Debian, not connecting to OpenBSD 2.7 ["Disconnecting: Bad packet length 1349676916"]

Post by Markus Frie » Thu, 01 Mar 2001 18:47:47




>> > Disconnecting: Bad packet length 1349676916
>--------------------------------^
>> 1349676916 decimal = 50726F74 hex = "Prot" ASCII
>> Looks suspiciously like some sort of text message, perhaps beginning
>> "Protocol" or "Protection"?  What do the syslog messages on the server
>> say?  How about if you try the connection with the server in debug mode?
>> --
>>   Richard Silverman

>I think it disconected because if assumes a 1.3GB packet is some sort
>of attack.

no, Richard is right.

apart from this, 1.3GB packets are not legal in the SSH protocol.

-m

 
 
 

1. Net::SSH::CG/Apache: "Bad packet length.."

I've got some curious message using mod_perl and Net::SSH::Perl:

- SuSE Linux 8.0, OpenSSH_3.4p1
- perl 5.6.1, Net::SSH::Perl from CPAN
- DSAAuthentication yes (/etc/ssh/sshd.conf)
- PubkeyAuthentication yes (/etc/ssh/sshd.conf)
- DSAAuthentication yes (/etc/ssh/sshd.conf)
- All public keys of the user wwwrun are attached to    
  /var/lib/wwwrun/.ssh/authorized_keys(2) (id_dsa.pub => authorized_keys2,    
  id_rsa.pub => authorized_keys2, identitiy.pub => authorized_keys)

With SuSE 8.0 the apache user is "wwwrun". This user has his $HOME at
/var/lib/wwwrun. He doesn't have any Password for login.

The host "myapache" runs well when I'm running some other CGI-Scripts.

When I'm running the program at the bottom of this file with mod_perl an an
Apache virtual host I get an error message
------------------------------------------------------------------------
"Bad packet length 540912819 at
/usr/lib/perl5/site_perl/5.6.1/Net/SSH/Perl/Packet.pm line 171"
------------------------------------------------------------------------
Running the same code as user "w2wrun"from shell everyting works fine.
Any hints?

Thanks!

Hermann Flacke


==============================================================================

The source of the test file:

#!/usr/bin/perl -w

use strict;
use CGI;
use Net::SSH::Perl;

my $q = new CGI;

my $host = "myapache";
my $user = "wwwrun";
my $cmd  = "cat /proc/sys/net/ipv4/ip_forward";
my $pass = "";

my $ssh = Net::SSH::Perl->new($host, debug=>3, protocol=>'2');
$ssh->login($user, $pass);
my($stdout, $stderr, $exit) = $ssh->cmd($cmd);

print   $q->header( "text/html"),
        $q->start_html( -title => "Test10"),
        $q->p("$stdout"),
        $q->end_html;

2. acomp.exe

3. "bad packet length" with OpenSSH 2.9p1

4. OLTP Testing Tools

5. Problem: "Local: Bad packet length 16844810."

6. Stuck!

7. "Bad Packet Length"

8. Should people pay for mags and software?

9. Keys and "bad packet length" with 2.9p1

10. disconnecting : bad packet length ...

11. disconnecting : bad packet length...

12. "session" not "server" key does the main work, right?

13. DON'T BELIEVE "Tracker", "Debbie", VPNSISHACKERSSECRET, "snailmail"!