I'm trying to connect from OpenSSH clients that are version 2.5.2p2 to
several different HP-UX 11.00 machines that are running 2.5.1p1, but
cannot. I can, however, connect to a Linux machine running 2.5.1p1
without problem. I get this message from both a Solaris 2.7 (x86)
machine and a Solaris 2.6 (SPARC) machine.
>From the x86 machine, I get
ssh dozer
51 f6 46 8d 9d 98 17 a6 b6 10 79 43 57 d2 30 f8
Disconnecting: Bad packet length 1375094413.
>From the SPARC machine, I get
ssh apoc
2c 15 98 83 67 46 9e 27 f3 d0 db 34 89 55 64 ac
Disconnecting: Bad packet length 739612803.
Below, I've put some of the debug info. I also just confirmed that this
happens from a RedHat Linux machine running 2.5.2p2 as well, when
trying to connect to the same HP-UX machines.
I can't upgrade the HP's right now to see if the problem goes away with
2.5.2p2 on the other side as well. In case it matters, we're running
OpenSSL 0.9.6 and prngd 0.9.7.
Anyone got any ideas on what might cause this?
Marty Hoff
In debug mode, I get the following:
ssh -v dozer
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: getuid 860 geteuid 0 anon 1
debug1: Connecting to dozer [216.142.25.126] port 22.
debug1: Connection established.
debug1: unknown identity file /local/users/martang/.ssh/identity
debug1: identity file /local/users/martang/.ssh/identity type -1
debug1: unknown identity file /local/users/martang/.ssh/id_rsa
debug1: identity file /local/users/martang/.ssh/id_rsa type -1
debug1: unknown identity file /local/users/martang/.ssh/id_dsa
debug1: identity file /local/users/martang/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_2.5.1p1
debug1: match: OpenSSH_2.5.1p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.5.2p2
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug1: got kexinit: ssh-dss
debug1: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc
at lysator.liu.se
debug1: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc
at lysator.liu.se
debug1: got kexinit:
hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug1: got kexinit:
hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug1: got kexinit: none,zlib
debug1: got kexinit: none,zlib
debug1: got kexinit:
debug1: got kexinit:
debug1: first kex follow: 0
debug1: reserved: 0
debug1: done
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug1: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug1: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug1: dh_gen_key: priv key bits set: 126/256
debug1: bits set: 986/2049
debug1: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug1: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
debug1: Got SSH2_MSG_KEXDH_REPLY.
debug1: Host 'dozer' is known and matches the DSA host key.
debug1: Found key in /local/users/martang/.ssh/known_hosts2:12
debug1: bits set: 1029/2049
debug1: len 55 datafellows 0
debug1: ssh_dss_verify: signature correct
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: send SSH2_MSG_SERVICE_REQUEST
06 d8 6d da b8 5b ac ea f3 b4 4d 35 37 ec 44 5f
Disconnecting: Bad packet length 114847194.
debug1: Calling cleanup 0x807ea90(0x0)
--------------------------------------------
Marty Hoff martang at clearcommerce.com
UNIX Administrator ClearCommerce Corp.
Always remember you're unique, just like everyone else.