I have a cron script that polls various machines for their configs and archives any changes. When it connects to an OpenWrt router running "OpenSSH_9.1p1, OpenSSL 1.1.1s 1 Nov 2022", it sometimes gets this error: Bad packet length 1231976033. ssh_dispatch_run_fatal: Connection to 192.168.8.1 port 22: message authentication code incorrect What's odd is that the length is *always* 1231976033 (which is 0x496E7661 or "Inva" in ASCII). The client is Ubuntu 22.04.2 LTS, and it's version is "OpenSSH_9.1p1, OpenSSL 3.0.2 15 Mar 2022". I googled this and there are various hypothesis like it's a mismatch in protocol negotiation versions (both client and server will only do Version 2); that my .bashrc file can't emit any output on the server (my server uses Ash); that there can't be an /etc/motd file; that I need to set 'LC_ALL="en_US.UTF-8"' when invoking ssh; and all sorts of other theories which seemed to be clutching at straws. So, what's the real fix? Thanks, -Philip
On 09/04/2023 02:20, Philip Prindeville wrote:> What's odd is that the length is*always* 1231976033 (which is 0x496E7661 or "Inva" in ASCII).Could you get a tcpdump when this happens? Then maybe more of the error can be captured. I grepped for Inva in the source code. There are lots of error messages which start with this which are sent with error() or fatal() or fprint(stderr, ...), but two which stand out as being a bit different: # kex.c ?invalid: ??????????????? send_error(ssh, "Invalid SSH identification string."); # packet.c ??????? if (*typep < SSH2_MSG_MIN || *typep >= SSH2_MSG_LOCAL_MIN) { ??????????????? if ((r = sshpkt_disconnect(ssh, ??????????????????? "Invalid ssh2 packet type: %d", *typep)) != 0 || If it happens to be either of these, then the tcpdump showing the exchange prior to this point would be enlightening.