Hi, I am using Van Dyke SecureCRT 3.2.1 to access an AIX server running OpenSSH-2.5.0p1. Using ssh1 with X11 forwarding enabled, the server reports the following error (in the client session): Packet integrity error. (34) This problem was not evident in 2.3.0p1. Running sshd in debug gives the output: debug1: sshd version OpenSSH_2.5.1p1 debug1: load_private_key_autodetect: type 0 RSA1 debug1: read SSH2 private key done: name dsa w/o comment success 1 debug1: load_private_key_autodetect: type 2 DSA debug1: Seeded RNG with 38 bytes from programs debug1: Seeded RNG with 3 bytes from system calls debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. debug1: Seeded RNG with 38 bytes from programs debug1: Seeded RNG with 3 bytes from system calls RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 10.141.33.180 port 1522 debug1: Client protocol version 1.5; client software version 1.0 debug1: no match: 1.0 debug1: Local version string SSH-1.99-OpenSSH_2.5.1p1 debug1: Rhosts Authentication disabled, originating port not trusted. debug1: Sent 768 bit server key and 1024 bit host key. debug1: Encryption type: blowfish debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: Attempting authentication for someuser. Accepted rsa for someuser from 10.141.33.180 port 1522 debug1: Trying to reverse map address 10.141.33.180. debug1: session_new: init debug1: session_new: session 0 packet_set_maxsize: setting to 4096 debug1: Allocating pty. debug1: Ignoring unsupported tty mode opcode 13 (0xd) debug1: Received request for X11 forwarding with auth spoofing. Packet integrity error (46 != 42) at session.c:358 Disconnecting: Packet integrity error. (34) debug1: Calling cleanup 0x2000175c(0x2000aee0) debug1: pty_cleanup_proc: /dev/pts/7 debug1: Calling cleanup 0x200016c0(0x0) debug1: Calling cleanup 0x2000139c(0x0) debug1: writing PRNG seed to file /root/.ssh/prng_seed If this is a client issue, then please let me know and I will chase Van Dyke for a resolution. Disabling X11 forwarding and/or moving to ssh2 fixes the problem. Many thanks, -------------------------------------------------------- Doug Manton, AT&T EMEA Commercial Security Solutions demanton at att.com -------------------------------------------------------- "If privacy is outlawed, only outlaws will have privacy"
could you please try sshd -d -d -d thanks, -m On Mon, Feb 19, 2001 at 02:13:51PM +0000, douglas.manton at uk.ibm.com wrote:> > > > Hi, > > I am using Van Dyke SecureCRT 3.2.1 to access an AIX server running > OpenSSH-2.5.0p1. Using ssh1 with X11 forwarding enabled, the server > reports the following error (in the client session): > > Packet integrity error. (34) > > This problem was not evident in 2.3.0p1. Running sshd in debug gives the > output: > > debug1: sshd version OpenSSH_2.5.1p1 > debug1: load_private_key_autodetect: type 0 RSA1 > debug1: read SSH2 private key done: name dsa w/o comment success 1 > debug1: load_private_key_autodetect: type 2 DSA > debug1: Seeded RNG with 38 bytes from programs > debug1: Seeded RNG with 3 bytes from system calls > debug1: Bind to port 22 on 0.0.0.0. > Server listening on 0.0.0.0 port 22. > Generating 768 bit RSA key. > debug1: Seeded RNG with 38 bytes from programs > debug1: Seeded RNG with 3 bytes from system calls > RSA key generation complete. > debug1: Server will not fork when running in debugging mode. > Connection from 10.141.33.180 port 1522 > debug1: Client protocol version 1.5; client software version 1.0 > debug1: no match: 1.0 > debug1: Local version string SSH-1.99-OpenSSH_2.5.1p1 > debug1: Rhosts Authentication disabled, originating port not trusted. > debug1: Sent 768 bit server key and 1024 bit host key. > debug1: Encryption type: blowfish > debug1: Received session key; encryption turned on. > debug1: Installing crc compensation attack detector. > debug1: Attempting authentication for someuser. > Accepted rsa for someuser from 10.141.33.180 port 1522 > debug1: Trying to reverse map address 10.141.33.180. > debug1: session_new: init > debug1: session_new: session 0 > packet_set_maxsize: setting to 4096 > debug1: Allocating pty. > debug1: Ignoring unsupported tty mode opcode 13 (0xd) > debug1: Received request for X11 forwarding with auth spoofing. > Packet integrity error (46 != 42) at session.c:358 > Disconnecting: Packet integrity error. (34) > debug1: Calling cleanup 0x2000175c(0x2000aee0) > debug1: pty_cleanup_proc: /dev/pts/7 > debug1: Calling cleanup 0x200016c0(0x0) > debug1: Calling cleanup 0x2000139c(0x0) > debug1: writing PRNG seed to file /root/.ssh/prng_seed > > If this is a client issue, then please let me know and I will chase Van > Dyke for a resolution. Disabling X11 forwarding and/or moving to ssh2 > fixes the problem. > > Many thanks, > -------------------------------------------------------- > Doug Manton, AT&T EMEA Commercial Security Solutions > > demanton at att.com > -------------------------------------------------------- > "If privacy is outlawed, only outlaws will have privacy" > > >
Markus, As requested: debug1: sshd version OpenSSH_2.5.1p1 debug1: load_private_key_autodetect: type 0 RSA1 debug3: Bad RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read SSH2 private key done: name dsa w/o comment success 1 debug1: load_private_key_autodetect: type 2 DSA debug3: Reading output from 'ls -alni /var/log' debug3: Time elapsed: 24 msec debug3: Got 0.15 bytes of entropy from 'ls -alni /var/log' debug3: Reading output from 'ls -alni /var/adm' debug3: Time elapsed: 19 msec debug3: Got 2.00 bytes of entropy from 'ls -alni /var/adm' debug3: Reading output from 'ls -alni /var/spool/mail' debug3: Time elapsed: 16 msec debug3: Got 0.53 bytes of entropy from 'ls -alni /var/spool/mail' debug3: Reading output from 'ls -alni /tmp' debug3: Time elapsed: 19 msec debug3: Got 2.00 bytes of entropy from 'ls -alni /tmp' debug3: Reading output from 'ls -alni /var/tmp' debug3: Time elapsed: 17 msec debug3: Got 0.15 bytes of entropy from 'ls -alni /var/tmp' debug3: Reading output from 'ls -alni /usr/tmp' debug3: Time elapsed: 18 msec debug3: Got 0.16 bytes of entropy from 'ls -alni /usr/tmp' debug3: Reading output from 'netstat -an' debug3: Time elapsed: 30 msec debug3: Got 2.00 bytes of entropy from 'netstat -an' debug3: Reading output from 'netstat -in' debug3: Time elapsed: 21 msec debug3: Got 2.00 bytes of entropy from 'netstat -in' debug3: Reading output from 'netstat -rn' debug3: Time elapsed: 24 msec debug3: Got 2.00 bytes of entropy from 'netstat -rn' debug3: Reading output from 'netstat -s' debug3: Time elapsed: 24 msec debug3: Got 2.00 bytes of entropy from 'netstat -s' debug3: Reading output from 'ifconfig -a' debug3: Time elapsed: 18 msec debug3: Got 0.88 bytes of entropy from 'ifconfig -a' debug3: Reading output from 'ps laxww' debug3: Time elapsed: 68 msec debug3: Got 2.00 bytes of entropy from 'ps laxww' debug3: Reading output from 'ps -al' debug3: Time elapsed: 41 msec debug3: Got 2.00 bytes of entropy from 'ps -al' debug3: Reading output from 'ps -efl' debug3: Time elapsed: 95 msec debug3: Got 2.00 bytes of entropy from 'ps -efl' debug3: Reading output from 'w' debug3: Time elapsed: 21 msec debug3: Got 1.02 bytes of entropy from 'w' debug3: Reading output from 'who -i' debug3: Time elapsed: 19 msec debug3: Got 0.07 bytes of entropy from 'who -i' debug3: Reading output from 'last' debug3: Time elapsed: 139 msec debug3: Got 2.00 bytes of entropy from 'last' debug3: Reading output from 'df' debug3: Time elapsed: 17 msec debug3: Got 1.16 bytes of entropy from 'df' debug3: Reading output from 'df -i' debug3: Time elapsed: 13 msec debug3: Got 1.16 bytes of entropy from 'df -i' debug3: Reading output from 'vmstat' debug3: Time elapsed: 54 msec debug3: Got 0.27 bytes of entropy from 'vmstat' debug3: Reading output from 'uptime' debug3: Time elapsed: 23 msec debug3: Got 0.07 bytes of entropy from 'uptime' debug3: Reading output from 'ipcs -a' debug3: Time elapsed: 150 msec debug3: Got 2.00 bytes of entropy from 'ipcs -a' debug3: Reading output from 'tail -200 /var/log/debug ' debug3: Time elapsed: 19 msec debug3: Got 2.00 bytes of entropy from 'tail -200 /var/log/debug ' debug3: Reading output from 'tail -200 /var/adm/wtmp' debug3: Time elapsed: 43 msec debug3: Got 2.00 bytes of entropy from 'tail -200 /var/adm/wtmp' debug3: Reading output from 'tail -200 /var/adm/sulog' debug3: Time elapsed: 18 msec debug3: Got 2.00 bytes of entropy from 'tail -200 /var/adm/sulog' debug1: Seeded RNG with 41 bytes from programs debug1: Seeded RNG with 3 bytes from system calls debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. debug3: Reading output from 'ls -alni /var/log' debug3: Time elapsed: 16 msec debug3: Got 0.15 bytes of entropy from 'ls -alni /var/log' debug3: Reading output from 'ls -alni /var/adm' debug3: Time elapsed: 26 msec debug3: Got 2.00 bytes of entropy from 'ls -alni /var/adm' debug3: Reading output from 'ls -alni /var/spool/mail' debug3: Time elapsed: 21 msec debug3: Got 0.53 bytes of entropy from 'ls -alni /var/spool/mail' debug3: Reading output from 'ls -alni /tmp' debug3: Time elapsed: 23 msec debug3: Got 2.00 bytes of entropy from 'ls -alni /tmp' debug3: Reading output from 'ls -alni /var/tmp' debug3: Time elapsed: 19 msec debug3: Got 0.15 bytes of entropy from 'ls -alni /var/tmp' debug3: Reading output from 'ls -alni /usr/tmp' debug3: Time elapsed: 27 msec debug3: Got 0.16 bytes of entropy from 'ls -alni /usr/tmp' debug3: Reading output from 'netstat -an' debug3: Time elapsed: 34 msec debug3: Got 2.00 bytes of entropy from 'netstat -an' debug3: Reading output from 'netstat -in' debug3: Time elapsed: 28 msec debug3: Got 2.00 bytes of entropy from 'netstat -in' debug3: Reading output from 'netstat -rn' debug3: Time elapsed: 27 msec debug3: Got 2.00 bytes of entropy from 'netstat -rn' debug3: Reading output from 'netstat -s' debug3: Time elapsed: 28 msec debug3: Got 2.00 bytes of entropy from 'netstat -s' debug3: Reading output from 'ifconfig -a' debug3: Time elapsed: 21 msec debug3: Got 0.88 bytes of entropy from 'ifconfig -a' debug3: Reading output from 'ps laxww' debug3: Time elapsed: 93 msec debug3: Got 2.00 bytes of entropy from 'ps laxww' debug3: Reading output from 'ps -al' debug3: Time elapsed: 41 msec debug3: Got 2.00 bytes of entropy from 'ps -al' debug3: Reading output from 'ps -efl' debug3: Time elapsed: 101 msec debug3: Got 2.00 bytes of entropy from 'ps -efl' debug3: Reading output from 'w' debug3: Time elapsed: 27 msec debug3: Got 1.02 bytes of entropy from 'w' debug3: Reading output from 'who -i' debug3: Time elapsed: 22 msec debug3: Got 0.07 bytes of entropy from 'who -i' debug3: Reading output from 'last' debug3: Time elapsed: 149 msec debug3: Got 2.00 bytes of entropy from 'last' debug3: Reading output from 'df' debug3: Time elapsed: 17 msec debug3: Got 1.16 bytes of entropy from 'df' debug3: Reading output from 'df -i' debug3: Time elapsed: 15 msec debug3: Got 1.16 bytes of entropy from 'df -i' debug3: Reading output from 'vmstat' debug3: Time elapsed: 60 msec debug3: Got 0.27 bytes of entropy from 'vmstat' debug3: Reading output from 'uptime' debug3: Time elapsed: 13 msec debug3: Got 0.07 bytes of entropy from 'uptime' debug3: Reading output from 'ipcs -a' debug3: Time elapsed: 181 msec debug3: Got 2.00 bytes of entropy from 'ipcs -a' debug3: Reading output from 'tail -200 /var/log/debug ' debug3: Time elapsed: 43 msec debug3: Got 2.00 bytes of entropy from 'tail -200 /var/log/debug ' debug3: Reading output from 'tail -200 /var/adm/wtmp' debug3: Time elapsed: 64 msec debug3: Got 2.00 bytes of entropy from 'tail -200 /var/adm/wtmp' debug3: Reading output from 'tail -200 /var/adm/sulog' debug3: Time elapsed: 21 msec debug3: Got 2.00 bytes of entropy from 'tail -200 /var/adm/sulog' debug1: Seeded RNG with 41 bytes from programs debug1: Seeded RNG with 3 bytes from system calls RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 10.141.33.180 port 1620 debug1: Client protocol version 1.5; client software version 1.0 debug1: no match: 1.0 debug1: Local version string SSH-1.99-OpenSSH_2.5.1p1 debug1: Rhosts Authentication disabled, originating port not trusted. debug1: Sent 768 bit server key and 1024 bit host key. debug1: Encryption type: blowfish debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: Attempting authentication for someuser. Accepted rsa for someuser from 10.141.33.180 port 1620 debug1: Trying to reverse map address 10.141.33.180. debug1: session_new: init debug1: session_new: session 0 packet_set_maxsize: setting to 4096 debug1: Allocating pty. debug1: Ignoring unsupported tty mode opcode 13 (0xd) debug1: Received request for X11 forwarding with auth spoofing. debug2: SSH_PROTOFLAG_SCREEN_NUMBER == false Packet integrity error (62 != 58) at session.c:358 Disconnecting: Packet integrity error. (34) debug1: Calling cleanup 0x2000175c(0x2000aee0) debug1: pty_cleanup_proc: /dev/pts/7 debug1: Calling cleanup 0x200016c0(0x0) debug1: Calling cleanup 0x2000139c(0x0) debug1: writing PRNG seed to file /root/.ssh/prng_seed Many thanks, -------------------------------------------------------- Doug Manton, AT&T EMEA Commercial Security Solutions E: demanton at att.com -------------------------------------------------------- "If privacy is outlawed, only outlaws will have privacy"
On Mon, Feb 19, 2001 at 02:13:51PM +0000, douglas.manton at uk.ibm.com wrote:> If this is a client issue, then please let me know and I will chase Van > Dyke for a resolution. Disabling X11 forwarding and/or moving to ssh2 > fixes the problem.this is a client side bug. tell them that Markus Friedl from the OpenSSH project confirmed the bug :)> debug1: Allocating pty. > debug1: Ignoring unsupported tty mode opcode 13 (0xd) > debug1: Received request for X11 forwarding with auth spoofing. > debug2: SSH_PROTOFLAG_SCREEN_NUMBER == false > Packet integrity error (62 != 58) at session.c:358 > Disconnecting: Packet integrity error. (34) > debug1: Calling cleanup 0x2000175c(0x2000aee0) > debug1: pty_cleanup_proc: /dev/pts/7it seems that SecureCRT sends a display 'screen' number in the x11 request packet, but did not set the matching protocol flag in an earlier message. this worked before because OpenSSH-2.3.0p1 was buggy and ignored the protocol flag.... -m
markus> it seems that SecureCRT sends a display 'screen' number in the x11 markus> request packet, but did not set the matching protocol flag in an markus> earlier message. this worked before because OpenSSH-2.3.0p1 was buggy markus> and ignored the protocol flag.... I actually also noticed this also a day or so ago, and was about to post about it here when I checked and saw this thread. This is a problem with the F-Secure client as well as SecureCRT. Both programs do not set the SSH_PROTOFLAG_SCREEN_NUMBER protocol flag in SSH-1 sessions, even though they do in fact include the X11 screen number field in SSH_CMSG_X11_REQUEST_FORWARDING packets. This was not a problem -- until Markus added code to session.c in 2.5 to check actual vs expected packet lengths on these requests. Now, SSH-1 connections with X forwarding from these clients fail immediately with the message, "packet integrity error." I've submitted bug reports to both companies. A small note: I think it would be good to change the error message -- "packet integrity error" sounds like the crc-32 integrity check failed, which isn't what happened. Perhaps instead, "expected packet length did not match actual." - Richard
could you please try this patch? -m -------------- next part -------------- An embedded message was scrubbed... From: Markus Friedl <markus at cvs.openbsd.org> Subject: no subject Date: Thu, 22 Feb 2001 01:36:49 -0700 (MST) Size: 2100 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010222/0a04a676/attachment.mht
> could you please try this patch?> + screen_flag = (packet_get_protocol_flags() & > + SSH_PROTOFLAG_SCREEN_NUMBER;The compiler (IBM AIX VisualAge C++) threw out the above two lines. I added a close bracket and it compiled fine. Initial testing shows that this has solved the problem connecting from SecureCRT, using ssh1 and X11 forwarding. I will let you know if I experience any problems as I find them :-) Thanks for your help, -------------------------------------------------------- Doug Manton, AT&T EMEA Commercial Security Solutions E: demanton at att.com -------------------------------------------------------- "If privacy is outlawed, only outlaws will have privacy"
Hi! Just mailing in order to report, that the patch from Markus on 2001-02-22 fixes the X11 forwarding problem also for a (broken) F-Secure SSH 1.0 client. (Of course, the missing right parenthesis had to be added.) Greetings, Oskari ----------------------------------------------------------------- Oskari Jaaskelainen Laboratory of Physics Oskari.Jaaskelainen at hut_DOT_fi Helsinki University of Technology tel +358-9-451 3110 P.O.Box 1100 fax +358-9-451 3116 02015 HUT, Finland -----------------------------------------------------------------