>> > Disconnecting: Bad packet length 1349676916
>> 1349676916 decimal = 50726F74 hex = "Prot" ASCII
>> Looks suspiciously like some sort of text message, perhaps
>> beginning "Protocol" or "Protection"? What do the syslog messages
>> on the server say? How about if you try the connection with the
>> server in debug mode?
James> I think it disconected because if assumes a 1.3GB packet is
James> some sort of attack.
It disconnected because the maximum packet size OpenSSH will accept is
2^18 = 262144 bytes. That is the explicit maximum in SSH-1. SSH-2
requires that implementations accept packets at least 35000 bytes long, so
that value works for SSH-2 as well.
James> To answer the original poster's question, make shure both are
James> using the same version of SSH. (apparently the 2.0 protocol
James> isn't completely backwards compatible)
SSH-2 is explicitly *not* backwards compatible with SSH-1 -- but this is
not the problem. Both versions of the protocol begin with each side
transmitting a version string. If there's a mismatch, one side will
end the session with a sensible error message, before even switching to
the packet protocol. The symptoms here mean that both sides thought there
was a common protocol version supported, and got some way into the
conversation when one side got a corrupt packet.
The reason I wrote the bit about 1349676916 = "Prot", is that it is not
uncommon for some software problem to cause one side to emit a text
message into the middle of the SSH protocol stream (this is especially
easy to get if you're starting sshd from inetd). If this happens on a
packet boundary, then one side interprets the first four bytes of the text
as the packet size, which is usually out of bounds. So decoding the
reported bogus packet size in this way is useful to get a clue as to
what's going on.