Packet Integrity error

Fri, 10 Feb 2006 10:29:36 -0800 

Hi all
We're developing a Ssh proxy/server and using the Openssh client for testing. Using the latest version of the client, we encounter packet integrity error quite often. 

"Packet integrity error (1 bytes remaining) at kexdhc.c:99"


Following is the partial trace output after turning on the compile flags 
of PACKET_DEBUG, DEBUG_KEX, DEBUG_KEXDH and DEBUG_PK and running with 
-vvv. The server host key algorithm being used is DSA. We've tried using 
older versions of the client (namely 4.2 and, 3.7) but get the same 
results. The error doesn't occur all the time but is reproducible in a 
few tries. We have done limited testing with other ssh clients, most 
notably the Tectia Ssh client (eval copy) and it hasnt' happened yet.



Any help/pointers will be deeply appreciated. I didn't want to post the 
complete trace here as its large but I can email it out to whomever 
wants to take a look at the packets.


Thanks in advance!


----------------------------------- Trace 
------------------------------------------

openssh-4.3p1 > ./ssh -vvv 192.168.3.52
OpenSSH_4.3p1, OpenSSL 0.9.7c 30 Sep 2003

debug1: Reading configuration data 
/home/cvora/workspace/openssh-4.3p1/etc/ssh_config

debug2: ssh_connect: needpriv 0
<snip...>
debug1: Enabling compatibility mode for protocol 2.0
<snip...>
49F8EAC613C515B8E201901BAD983623B98134C425BFFFC55ABACB31E3125D9778A20A4433E722D38A3E94B21C12BBC61B4820CC26C9059810D01D984CE1F03C94344CF5DFB46D3B002898E16E240B14AB571BADA7B7EB7C9313125B55B3A9521FD95F5C359AEA2B0BD2C7F9BDC5FC6A2246E987246E5F5161B16B7D02C8AFCF
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: packet_read()
debug1: input: packet len 648
debug1: partial packet 8, need 640, maclen 0
read_poll enc/full: 01b2 0000 0007 7373 682d 6473 7300 0000
8100 fd7f 5381 1d75 1229 52df 4a9c 2eec
e4e7 f611 b752 3cef 4400 c31e 3f80 b651
2669 455d 4022 51fb 593d 8d58 fabf c5f5
ba30 f6cb 9b55 6cd7 813b 801d 346f f266
60b7 6b99 50a5 a49f 9fe8 047b 1022 c24f
bba9 d7fe b7c6 1bf8 3b57 e7c6 a8a6 150f
04fb 83f6 d3c5 1ec3 0235 5413 5a16 9132
f675 f3ae 2b61 d72a eff2 2203 199d d148
01c7 0000 0015 0097 6050 8f15 230b ccb2
92b9 82a2 eb84 0bf0 581c f500 0000 8100
f7e1 a085 d69b 3dde cbbc ab5c 36b8 57b9
7994 afbb fa3a ea82 f957 4c0b 3d07 8267
5159 578e bad4 594f e671 0710 8180 b449
1671 23e8 4c28 1613 b7cf 0932 8cc8 a6e1
3c16 7a8b 547c 8d28 e0a3 ae1e 2bb3 a675
916e a37f 0bfa 2135 62f1 fb62 7a01 243b
cca4 f1be a851 9089 a883 dfe1 5ae5 9f06
928b 665e 807b 5525 6401 4c3b fecf 492a
0000 0080 5e8e 25f3 a3ca e097 85ee bffd
dcff f551 4c9e c660 ecfe 7122 070d 5a19
e433 0448 ed3a 99cb e43b df47 2970 38d2
b17e 576a c314 18c6 cebc 92e0 2731 d383
378f eaee 17b2 6ead 3d2f 1c08 01e2 6c27
9a48 7b16 4445 3a62 791b e256 1ae6 039f
a38c 0d2a 7199 57bc 791b 5b82 0b38 4a48
5751 4590 3d2e d2a8 c7b1 a34a 95e2 6599
085c 5ece 0000 0081 00b3 032f 8ac5 6ab4
d95e 791a 1c1d 2e1a d5a9 dd1f f49f 3d60
4a6b 2e61 610c 920f 3830 df97 dc53 c1f9
047b 42de 6652 cb6a f3f0 b060 e465 6adb
40a3 794f d401 5706 ef72 0da6 f2b2 fb1b
1a3b b156 278c 5328 01a8 4c17 29bf af8d
b5f1 a4ff dae7 2694 d142 6d47 81ef a67e
152c 1635 a6b4 5b1a c42d 88b6 b7c5 626d
8305 791f 3b45 2161 7300 0000 3700 0000
0773 7368 2d64 7373 0000 0028 5daf a3a9
df9b 4aa0 8dc8 5ef1 6eca 5049 48c3 c6d3
0084 074c e8da f64a 77e3 3de2 59f8 bb2f
5ace 072f 5400 0000 0000 0000 0000 0000

debug1: input: padlen 11
debug1: input: len before de-compress 632
read/plain[31]:
0000 01b2 0000 0007 7373 682d 6473 7300
0000 8100 fd7f 5381 1d75 1229 52df 4a9c
2eec e4e7 f611 b752 3cef 4400 c31e 3f80
b651 2669 455d 4022 51fb 593d 8d58 fabf
c5f5 ba30 f6cb 9b55 6cd7 813b 801d 346f
f266 60b7 6b99 50a5 a49f 9fe8 047b 1022
c24f bba9 d7fe b7c6 1bf8 3b57 e7c6 a8a6
150f 04fb 83f6 d3c5 1ec3 0235 5413 5a16
9132 f675 f3ae 2b61 d72a eff2 2203 199d
d148 01c7 0000 0015 0097 6050 8f15 230b
ccb2 92b9 82a2 eb84 0bf0 581c f500 0000
8100 f7e1 a085 d69b 3dde cbbc ab5c 36b8
57b9 7994 afbb fa3a ea82 f957 4c0b 3d07
8267 5159 578e bad4 594f e671 0710 8180
b449 1671 23e8 4c28 1613 b7cf 0932 8cc8
a6e1 3c16 7a8b 547c 8d28 e0a3 ae1e 2bb3
a675 916e a37f 0bfa 2135 62f1 fb62 7a01
243b cca4 f1be a851 9089 a883 dfe1 5ae5
9f06 928b 665e 807b 5525 6401 4c3b fecf
492a 0000 0080 5e8e 25f3 a3ca e097 85ee
bffd dcff f551 4c9e c660 ecfe 7122 070d
5a19 e433 0448 ed3a 99cb e43b df47 2970
38d2 b17e 576a c314 18c6 cebc 92e0 2731
d383 378f eaee 17b2 6ead 3d2f 1c08 01e2
6c27 9a48 7b16 4445 3a62 791b e256 1ae6
039f a38c 0d2a 7199 57bc 791b 5b82 0b38
4a48 5751 4590 3d2e d2a8 c7b1 a34a 95e2
6599 085c 5ece 0000 0081 00b3 032f 8ac5
6ab4 d95e 791a 1c1d 2e1a d5a9 dd1f f49f
3d60 4a6b 2e61 610c 920f 3830 df97 dc53
c1f9 047b 42de 6652 cb6a f3f0 b060 e465
6adb 40a3 794f d401 5706 ef72 0da6 f2b2
fb1b 1a3b b156 278c 5328 01a8 4c17 29bf
af8d b5f1 a4ff dae7 2694 d142 6d47 81ef
a67e 152c 1635 a6b4 5b1a c42d 88b6 b7c5
626d 8305 791f 3b45 2161 7300 0000 3700
0000 0773 7368 2d64 7373 0000 0028 5daf
a3a9 df9b 4aa0 8dc8 5ef1 6eca 5049 48c3
c6d3 0084 074c e8da f64a 77e3 3de2 59f8
bb2f 5ace 072f 54
debug1: received packet type 31
AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIl
H7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fn
xqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAAAAFQCXYFCPFSMLzL
KSuYKi64QL8Fgc9QAAAIEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeO
utRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNW
Lx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACAXo4l86PK4JeF
7r/93P/1UUyexmDs/nEiBw1aGeQzBEjtOpnL5DvfRylwONKxfldqwxQYxs68kuAnMdODN4
/q7heybq09LxwIAeJsJ5pIexZERTpieRviVhrmA5+jjA0qcZlXvHkbW4ILOEpIV1FFkD0u
0qjHsaNKleJlmQhcXs4=
       pub:
           5e:8e:25:f3:a3:ca:e0:97:85:ee:bf:fd:dc:ff:f5:
           51:4c:9e:c6:60:ec:fe:71:22:07:0d:5a:19:e4:33:
           04:48:ed:3a:99:cb:e4:3b:df:47:29:70:38:d2:b1:
           7e:57:6a:c3:14:18:c6:ce:bc:92:e0:27:31:d3:83:
           37:8f:ea:ee:17:b2:6e:ad:3d:2f:1c:08:01:e2:6c:
           27:9a:48:7b:16:44:45:3a:62:79:1b:e2:56:1a:e6:
           03:9f:a3:8c:0d:2a:71:99:57:bc:79:1b:5b:82:0b:
           38:4a:48:57:51:45:90:3d:2e:d2:a8:c7:b1:a3:4a:
           95:e2:65:99:08:5c:5e:ce

       P:  
           00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:

           e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
           51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
           c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
           6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
           10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
           c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
           54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
           f2:22:03:19:9d:d1:48:01:c7

       Q:  
           00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:

           84:0b:f0:58:1c:f5

       G:  
           00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:

           57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
           07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
           81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
           32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
           ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
           f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
           a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
           25:64:01:4c:3b:fe:cf:49:2a
debug3: check_host_in_hostfile: filename /home/cvora/.ssh/known_hosts

debug3: check_host_in_hostfile: filename 
/home/cvora/workspace/openssh-4.3p1/etc/ssh_known_hosts

debug3: check_host_in_hostfile: filename /home/cvora/.ssh/known_hosts

debug3: check_host_in_hostfile: filename 
/home/cvora/workspace/openssh-4.3p1/etc/ssh_known_hosts

debug2: no key of type 0 for host 192.168.3.52
debug3: check_host_in_hostfile: filename /home/cvora/.ssh/known_hosts2

debug3: check_host_in_hostfile: filename 
/home/cvora/workspace/openssh-4.3p1/etc/ssh_known_hosts2

debug3: check_host_in_hostfile: filename /home/cvora/.ssh/known_hosts

debug3: check_host_in_hostfile: filename 
/home/cvora/workspace/openssh-4.3p1/etc/ssh_known_hosts

debug2: no key of type 1 for host 192.168.3.52
The authenticity of host '192.168.3.52 (192.168.3.52)' can't be established.
DSA key fingerprint is dd:27:18:32:4f:7f:8d:0b:e6:14:3d:a1:85:3c:8d:56.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.3.52' (DSA) to the list of known hosts.

dh_server_pub= 
B3032F8AC56AB4D95E791A1C1D2E1AD5A9DD1FF49F3D604A6B2E61610C920F3830DF97DC53C1F9047B42DE6652CB6AF3F0B060E4656ADB40A3794FD4015706EF720DA6F2B2FB1B1A3BB156278C532801A84C1729BFAF8DB5F1A4FFDAE72694D1426D4781EFA67E152C1635A6B45B1AC42D88B6B7C5626D8305791F3B45216173

debug1: bits 1024
Packet integrity error (1 bytes remaining) at kexdhc.c:99
Disconnecting: Packet integrity error.
debug1: packet_start[1]
plain:     0000 0000 0001 0000 0002 0000 0017 5061
636b 6574 2069 6e74 6567 7269 7479 2065
7272 6f72 2e00 0000 00
debug1: send: len 48 (includes padlen 7)
encrypted: 0000 002c 0701 0000 0002 0000 0017 5061
636b 6574 2069 6e74 6567 7269 7479 2065
7272 6f72 2e00 0000 0000 0000 0000 0000

debug1: packet_send done















    











					Reply via email to