-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've seen a few posts, but no solutions as of yet. Here's a bit more info. BoxA - Solaris 2.7, Maintenance Update 01/09/2001, SunWorks cc compiler BoxB - Solaris 2.8, gcc-2.95.2 gcc compiler BoxC - Solaris 2.7, Maintenance Update 01/09/2001, gcc-2.95.2 gcc compiler BoxD - OpenBSD 2.8, patched to STABLE, gcc-2.95.2 _and_ BSD cc compilers available. BoxE - OpenBSD 2.7, release, no patches On the Solaris boxen, OpenSSL-engine v0.9.6 was compiled first with the only configure options being a prefix of /opt/sfw. Then, OpenSSH v2.3.0p1 was built with configure options of: - - --prefix=/opt/sfw - - --with-ipaddr-display - - --with-ipv4-default - - --with-4in6 and installed successfully. On BoxD, I re-built the entire system from stable, then also compiled v2.3.0p1 with a prefix of /usr/local, plus the options as on the Solaris boxes using gcc. This gave me the default ssh, _and_ a build supposedly similar to the Solaris boxes. On SSH connections from the BoxD back to itself (127.0.0.1) or to/ from BoxE, there are no problems with either client or server, ssh-1 or ssh-2. On SSH connections from any Solaris to any other Solaris, no issues are seen on either ssh-1 or ssh-2 protocols. *attachment: successful-ssh - - From any Solaris to the BSD box though, I got the "Bad packet length" error. Where the packet data translates as: 23 28 62 93 e8 8b ca 43 89 5b 43 b2 df 64 3a 65 (hex) 35 40 98 147 232 139 202 67 137 91 67 178 223 100 58 101 (decimal) # ( b ~ ? < ? C % [ C ? ? d : e (ascii) *attachment: sshsolerror And from the BSD box to any Solaris box, I again got the "Bad packet length" error, but with slightly different packet data: a4 c8 7d 9e 89 ad ee dd 19 ca fa 26 df 41 3e c6 (hex) 164 200 125 158 137 173 238 221 25 202 250 38 223 65 62 198 (decimal) ? ? } unused unused ? ? ? EM ? ? & ? A > ? (ascii) *attachment: ssherror Unlike the existing posts, the ascii translations do not make any sort of sense to me. Also, all sshd_config and ssh_confige files are identical, I have tried the server as both an inetd and as a daemon, with the same results for both ssh-1 and ssh-2. *attachment: sshd_config *attachment: ssh_config As an almost afterthought, SSH clients from Windows machines work on both ssh-1 and ssh-2 to any of these boxes. Clients tried were: VanDyke SecureCRT, PuTTY, TeraTerm. I think this counts as a build specific bug, but (disclaimer): I am not a programmer[tm]. If I need to provide more information, please let me know. None of these systems are in production yet, so I can destructively test if needed. Ed Vazquez -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (OpenBSD) Comment: For info see http://www.gnupg.org iD8DBQE6Z0QesgiUrZLjn0MRAj7mAKCFmlZiqhcoTPkCBkMEU0y0xdRmVQCfVH6V l7H673tkANEHRJgH7A9Jq4I=ph9F -----END PGP SIGNATURE----- -------------- next part -------------- SSH Version OpenSSH_2.3.0, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Reading configuration data /etc/ssh_config debug: ssh_connect: getuid 1000 geteuid 0 anon 0 debug: Connecting to 44.1.2.3 [44.1.2.3] port 22. debug: Allocated local port 703. debug: Connection established. debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1 debug: no match: OpenSSH_2.3.0p1 Enabling compatibility mode for protocol 2.0 debug: Local version string SSH-2.0-OpenSSH_2.3.0 debug: send KEXINIT debug: done debug: wait KEXINIT debug: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug: got kexinit: ssh-dss debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com debug: got kexinit: none,zlib debug: got kexinit: none,zlib debug: got kexinit: debug: got kexinit: debug: first kex follow: 0 debug: reserved: 0 debug: done debug: kex: server->client aes256-cbc hmac-sha1 zlib debug: kex: client->server aes256-cbc hmac-sha1 zlib debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST. debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP. debug: Got SSH2_MSG_KEX_DH_GEX_GROUP. debug: bits set: 493/1024 debug: Sending SSH2_MSG_KEX_DH_GEX_INIT. debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY. debug: Got SSH2_MSG_KEXDH_REPLY. The authenticity of host '44.1.2.3' can't be established. DSA key fingerprint is d5:1e:47:01:9a:63:7d:07:6a:44:6c:a6:61:2d:15:c4. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '44.1.2.3' (DSA) to the list of known hosts. debug: bits set: 524/1024 debug: len 55 datafellows 0 debug: dsa_verify: signature correct debug: Wait SSH2_MSG_NEWKEYS. debug: Enabling compression at level 6. debug: GOT SSH2_MSG_NEWKEYS. debug: send SSH2_MSG_NEWKEYS. debug: done: send SSH2_MSG_NEWKEYS. debug: done: KEX2. debug: send SSH2_MSG_SERVICE_REQUEST a4 c8 7d 9e 89 ad ee dd 19 ca fa 26 df 41 3e c6 debug: compress outgoing: raw data 60, compressed 63, factor 1.05 debug: compress incoming: raw data 0, compressed 0, factor 0.00 Disconnecting: Bad packet length -1530364514. debug: Calling cleanup 0x159fc(0x0) -------------- next part -------------- SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0. Compiled with SSL (0x0090600f). debug: Reading configuration data /etc/ssh/ssh_config debug: Seeded RNG with 33 bytes from programs debug: Seeded RNG with 3 bytes from system calls debug: ssh_connect: getuid 100 geteuid 0 anon 0 debug: Connecting to 172.16.35.120 [172.16.35.120] port 22. debug: Seeded RNG with 34 bytes from programs debug: Seeded RNG with 3 bytes from system calls debug: Allocated local port 646. debug: Connection established. debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0 debug: no match: OpenSSH_2.3.0 Enabling compatibility mode for protocol 2.0 debug: Local version string SSH-2.0-OpenSSH_2.3.0p1 debug: send KEXINIT debug: done debug: wait KEXINIT debug: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug: got kexinit: ssh-dss debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com debug: got kexinit: none,zlib debug: got kexinit: none,zlib debug: got kexinit: debug: got kexinit: debug: first kex follow: 0 debug: reserved: 0 debug: done debug: kex: server->client aes256-cbc hmac-sha1 none debug: kex: client->server aes256-cbc hmac-sha1 none debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST. debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP. debug: Got SSH2_MSG_KEX_DH_GEX_GROUP. debug: bits set: 1043/2049 debug: Sending SSH2_MSG_KEX_DH_GEX_INIT. debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY. debug: Got SSH2_MSG_KEXDH_REPLY. Warning: Permanently added '172.16.35.120' (DSA) to the list of known hosts. debug: bits set: 1004/2049 debug: len 55 datafellows 0 debug: dsa_verify: signature correct debug: Wait SSH2_MSG_NEWKEYS. debug: GOT SSH2_MSG_NEWKEYS. debug: send SSH2_MSG_NEWKEYS. debug: done: send SSH2_MSG_NEWKEYS. debug: done: KEX2. debug: send SSH2_MSG_SERVICE_REQUEST 23 28 62 93 e8 8b ca 43 89 5b 43 b2 df 64 3a 65 Disconnecting: Bad packet length 589849235. debug: Calling cleanup 0x51940(0x0) debug: Calling cleanup 0x5c1a0(0x0) debug: writing PRNG seed to file /home/evazquez/.ssh/prng_seed -------------- next part -------------- SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0. Compiled with SSL (0x0090600f). debug: Reading configuration data /etc/ssh/ssh_config debug: Seeded RNG with 36 bytes from programs debug: Seeded RNG with 3 bytes from system calls debug: ssh_connect: getuid 100 geteuid 0 anon 0 debug: Connecting to 44.1.2.2 [44.1.2.2] port 22. debug: Seeded RNG with 36 bytes from programs debug: Seeded RNG with 3 bytes from system calls debug: Allocated local port 900. debug: Connection established. debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1 debug: no match: OpenSSH_2.3.0p1 Enabling compatibility mode for protocol 2.0 debug: Local version string SSH-2.0-OpenSSH_2.3.0p1 debug: send KEXINIT debug: done debug: wait KEXINIT debug: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug: got kexinit: ssh-dss debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndae l128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndae l128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com debug: got kexinit: none,zlib debug: got kexinit: none,zlib debug: got kexinit: debug: got kexinit: debug: first kex follow: 0 debug: reserved: 0 debug: done debug: kex: server->client aes256-cbc hmac-sha1 none debug: kex: client->server aes256-cbc hmac-sha1 none debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST. debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP. debug: Got SSH2_MSG_KEX_DH_GEX_GROUP. debug: bits set: 527/1024 debug: Sending SSH2_MSG_KEX_DH_GEX_INIT. debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY. debug: Got SSH2_MSG_KEXDH_REPLY. Warning: Permanently added '44.1.2.2' (DSA) to the list of known hosts. debug: bits set: 501/1024 debug: len 55 datafellows 0 debug: dsa_verify: signature correct debug: Wait SSH2_MSG_NEWKEYS. debug: GOT SSH2_MSG_NEWKEYS. debug: send SSH2_MSG_NEWKEYS. debug: done: send SSH2_MSG_NEWKEYS. debug: done: KEX2. debug: send SSH2_MSG_SERVICE_REQUEST debug: service_accept: ssh-userauth debug: got SSH2_MSG_SERVICE_ACCEPT debug: authentications that can continue: publickey,password debug: next auth method to try is publickey debug: key does not exist: /home/evazquez/.ssh/id_dsa debug: next auth method to try is password evazquez at 44.1.2.2's password: debug: ssh-userauth2 successfull: method password debug: channel 0: new [client-session] debug: send channel open 0 debug: Entering interactive session. debug: client_init id 0 arg 0 debug: channel request 0: shell debug: channel 0: open confirm rwindow 0 rmax 16384 -------------- next part -------------- # This is ssh client systemwide configuration file. This file provides # defaults for users, and the values can be changed in per-user configuration # files or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for various options # Host * # ForwardAgent yes # ForwardX11 yes # RhostsAuthentication yes # RhostsRSAAuthentication yes # RSAAuthentication yes # PasswordAuthentication yes # FallBackToRsh no # UseRsh no # BatchMode no # CheckHostIP yes # StrictHostKeyChecking no # IdentityFile ~/.ssh/identity # Port 22 Protocol 2,1 Cipher blowfish Ciphers aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc # EscapeChar ~ -------------- next part -------------- # This is ssh server systemwide configuration file. Port 22 Protocol 2,1 ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts RhostsRSAAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #SkeyAuthentication no #KbdInteractiveAuthentication yes # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes CheckMail no #UseLogin no # Uncomment if you want to enable sftp #Subsystem sftp /usr/local/libexec/sftp-server #MaxStartups 10:30:60