On Mon, 6 Jan 2003, Manish Kumar Srivastava, Noida wrote:> Hello, > > We are porting openssh-3.1p1 onto SX-6 running on SuperUX. > We landed into problem when we started running sshd with > the default encryption settings. As you would have already > seen on this mailing list. >First off.. I have no clue what SX-6 is.. Nor what hardware it runs on. Nor how old it may be. So it would be nice to be clued in on that. Maybe even what branch of the UNIX tree it was formed from.> Basically we are facing two problems (both client and servers > run on SX):- > > 1) If the we use the default encryption algorithm aes128-cbc > then we get a Bad Packet length problem on server side. >Don't know. Most of the time I've seen 'Bad Packet length' it was a broken OpenSSL. IIRC in the OpenSSL tree there is a 'make test' that allows you to see if everything passes.> 2) If we run the sshd after setting encryption algorithm > to say 3des-cbc or aes192-cbc, then everything works fine > except for sftp. When we exit from sftp then it hangs in > select() called from server_loop2(). >My tired and befuddled brain wants to say scream out 'race condition', but even after skimming your last emails. I really am not sure off hand. I know AIX has oddities under some releases for select().> Both the problems are posted on the mailing list and both > recur with the latest version of openssh i.e. 3.5p1 with > openssl 0.9.6b. Kindly suggest something. We want to fix > the problems. >I wish I could give you more direct help, but at this point. I'm not sure what to even suggest for a starting point. - Ben
Hello, We are porting openssh-3.1p1 onto SX-6 running on SuperUX. We landed into problem when we started running sshd with the default encryption settings. As you would have already seen on this mailing list. Basically we are facing two problems (both client and servers run on SX):- 1) If the we use the default encryption algorithm aes128-cbc then we get a Bad Packet length problem on server side. 2) If we run the sshd after setting encryption algorithm to say 3des-cbc or aes192-cbc, then everything works fine except for sftp. When we exit from sftp then it hangs in select() called from server_loop2(). Both the problems are posted on the mailing list and both recur with the latest version of openssh i.e. 3.5p1 with openssl 0.9.6b. Kindly suggest something. We want to fix the problems. Best Regards Manish
On Mon, Jan 06, 2003 at 07:33:33PM +0530, Manish Kumar Srivastava, Noida wrote:> Hello, > > We are porting openssh-3.1p1 onto SX-6 running on SuperUX. > We landed into problem when we started running sshd with > the default encryption settings. As you would have already > seen on this mailing list. > > Basically we are facing two problems (both client and servers > run on SX):- > > 1) If the we use the default encryption algorithm aes128-cbc > then we get a Bad Packet length problem on server side.when does this happen exactly? please turn on all debugging and include the error messages. you could also recompile packet.c with debugging enabled.
On Mon, 6 Jan 2003, Manish Kumar Srivastava, Noida wrote:> Both the problems are posted on the mailing list and both > recur with the latest version of openssh i.e. 3.5p1 with > openssl 0.9.6b. Kindly suggest something. We want to fix > the problems.openssl 0.9.6b is quite old. Do you still have problems if you use openssl 0.9.6h ? -- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net
Hi, Thanks a lot for your responses. The "bad packet length" problem occurs when we try to connect to an SX machine using ssh from any other machine (including the same SX machine on which sshd is running). We immediately get the "Bad Packet Length" message. From our logs we could identify that the bad packet is recognized first at server side. Probably our logs sent in previous posts would be helpful in recognizing the place. But we had a break thru today when we tried different versions of openssl at our side with openssh-3.1p1 openssl-0.9.6b - aes128-cbc fails (Bad Packet length problem) openssl-0.9.6h - aes128-cbc fails (Bad packet length problem) openssl-0.9.7 - PASSES (no bad packet length problem) In the openssl-0.9.7 changelog, it was written that the crypto/rijndael is moved to crypto/aes but we couldn't find the implementation of rijndael in openssl-0.9.6[bh]. I think this may not be the appropriate place to ask a question about openssl, still... And our second problem of sftp hanging on exit, is *still* there with all versions of openssl and openssh (we have tried 3.1p1 and 3.5p1). I am attaching two log files one for sftp client side debug output and another with sftp server side debug output, both having PACKET_DEBUG defined. I hope the lists accepts attachments. Please suggest.> > SX-6 is the NEC machine followon to the SX-5. SuperUX is the OS. > Cray Inc currently provides support for some of these machines in the > US and i have a openssh port of 3.4p1 that runs on one. > we haven't run into this particular problem, so our port must be more > complete than manish's. > > be a bit patient and i'll update it to 3.5 and provide our > patches for manish to try.Thanks a lot for this information. We would be eagerly waiting for the patches. Regards Manish> > > Ben Lindstrom wrote: > > > > > On Mon, 6 Jan 2003, Manish Kumar Srivastava, Noida wrote: > > > > > >>Hello, > >> > >>We are porting openssh-3.1p1 onto SX-6 running on SuperUX. > >>We landed into problem when we started running sshd with > >>the default encryption settings. As you would have already > >>seen on this mailing list. > >> > > > > First off.. I have no clue what SX-6 is.. Nor what hardware > it runs on. > > Nor how old it may be. So it would be nice to be clued in > on that. Maybe > > even what branch of the UNIX tree it was formed from. > > > > > >>Basically we are facing two problems (both client and servers > >>run on SX):- > >> > >>1) If the we use the default encryption algorithm aes128-cbc > >> then we get a Bad Packet length problem on server side. > >> > >> > > > > Don't know. Most of the time I've seen 'Bad Packet length' it was a > > broken OpenSSL. IIRC in the OpenSSL tree there is a 'make > test' that > > allows you to see if everything passes. > > > > > > > >>2) If we run the sshd after setting encryption algorithm > >> to say 3des-cbc or aes192-cbc, then everything works fine > >> except for sftp. When we exit from sftp then it hangs in > >> select() called from server_loop2(). > >> > >> > > > > My tired and befuddled brain wants to say scream out 'race > condition', but > > even after skimming your last emails. I really am not sure > off hand. I > > know AIX has oddities under some releases for select(). > > > > > >>Both the problems are posted on the mailing list and both > >>recur with the latest version of openssh i.e. 3.5p1 with > >>openssl 0.9.6b. Kindly suggest something. We want to fix > >>the problems. > >> > >> > > > > I wish I could give you more direct help, but at this > point. I'm not sure > > what to even suggest for a starting point. > > > > - Ben > > > > _______________________________________________ > > openssh-unix-dev at mindrot.org mailing list > > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev > > > > > -- > wendy palm > Cray OS Sustaining Engineering, Cray Inc. > wendyp at cray.com, 651-605-9154 >-------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: sftp_output.txt Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030107/82f3507a/attachment.txt -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: sftp_sshd_output.txt Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030107/82f3507a/attachment-0001.txt
In continuation to my previous mail, I am attaching the debug outputs of trying to connect an SX machine using ssh. We experienced "Bad packet length" problem in this case with openssh-3.1p1 and openssl-0.9.6b. packet.c was recompiled with PACKET_DEBUG defined and during execution debug level was 3. Regards Manish> -----Original Message----- > From: Markus Friedl [mailto:markus at openbsd.org] > Sent: Monday, January 06, 2003 9:26 PM > To: Manish Kumar Srivastava, Noida > Cc: openssh-unix-dev at mindrot.org; Ajit Yashwant Vaishampayan, Noida > Subject: Re: ssh 3.1p1 problems on SX-6... > > > On Mon, Jan 06, 2003 at 07:33:33PM +0530, Manish Kumar > Srivastava, Noida wrote: > > Hello, > > > > We are porting openssh-3.1p1 onto SX-6 running on SuperUX. > > We landed into problem when we started running sshd with > > the default encryption settings. As you would have already > > seen on this mailing list. > > > > Basically we are facing two problems (both client and servers > > run on SX):- > > > > 1) If the we use the default encryption algorithm aes128-cbc > > then we get a Bad Packet length problem on server side. > > when does this happen exactly? please turn on all > debugging and include the error messages. you could > also recompile packet.c with debugging enabled. >-------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: sshd_output.txt Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030107/e7b1d305/attachment.txt -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ssh_output.txt Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030107/e7b1d305/attachment-0001.txt
On Tue, Jan 07, 2003 at 06:03:25PM +0530, Manish Kumar Srivastava, Noida wrote:> In the openssl-0.9.7 changelog, it was written that the crypto/rijndael > is moved to crypto/aes but we couldn't find the implementation of > rijndael in openssl-0.9.6[bh]. I think this may not be the appropriate > place to ask a question about openssl, still...openssl 0.9.6* does not contain AES, so we use our own implementation of AES. for 0.9.7 we use openssl's AES. the way we integrate AES into openssl 0.9.6 might be broken. you could probably check ciphers.c