ssh corrupt packets with aes encryption

To: debian-user@lists.debian.org
Subject: ssh corrupt packets with aes encryption
From: Joe Pfeiffer <pfeiffer@cs.nmsu.edu>
Date: Sat, 11 May 2013 09:41:49 -0600
Message-id: <[🔎] 1bppwxo75u.fsf@snowball.wb.pfeifferfamily.net>

On a fresh install, I can neither ssh in to nor out of one of my machines
using aes encryption -- I get the error

lcct@projections:~$ ssh localhost
Bad packet length 3783539029.
Disconnecting: Packet corrupt

If I delete the known_hosts file turn on some debugging, I get

lcct@projections:~$ ssh -vvv localhost
OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
<lots of stuff deleted here>
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 88:25:9c:43:b5:a9:2d:b4:e6:9a:7e:95:f1:96:d8:60
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is 88:25:9c:43:b5:a9:2d:b4:e6:9a:7e:95:f1:96:d8:60.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
Bad packet length 1285007677.
Disconnecting: Packet corrupt

Web searches on corrupt ssh packets give a lot of ideas about bad cables
and routers; as you can see, this machine can't even ssh to itself, so
those aren't possible problems.  Stranger, it turns out I have problems
with every AES cipher available, and no other ciphers; I've gone through
each of the ciphers listed in /etc/ssh/ssh_config, and every aes cipher
gives either a disconnect or hangs, while every other cipher is
successful.

I've checked the md5sums of the ssh_config and sshd_config files of this
machine versus all the other machines in my house, and they match.  I've
checked the md5sums of /usr/bin/ssh, /usr/sbin/sshd, and
/usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 against another
32-bit machine in my house, and again they match.  I have purged and
reinstalled task-ssh-server, which made no difference.

So...  any idea where to go next?

Reply to:

Follow-Ups:
- Re: ssh corrupt packets with aes encryption
  - From: recoverym4n@gmail.com

Prev by Date: Re: Warnings when doing a chroot.
Next by Date: SOLVED Re: google earth ia32-libs-gtk on wheezy:
Previous by thread: Re: Warnings when doing a chroot.
Next by thread: Re: ssh corrupt packets with aes encryption
Index(es):
- Date
- Thread