10-03-2007, 04:18 AM
|
| Junior Member | | Join Date: Sep 2009
Posts: 0
| |
 Re: Putty 0.60 OpenSSH_4.5p1 problem
On 2007-06-14, NPG wrote:
> We have servers running openssh 4.3.p2 - 4.5p1
> From our workstations we used putty 0.58 to access them.
>
> Recently we upgraded our putty installations to 0.60 and were unable to
> access the servers running openssh 4.5p1.
>
> when we try putty throws up a fatal error saying
> "Incoming packet was garbled on decryption"
You're using OpenSSL 0.9.8e on the server, right? If so, it has a bug
in it which causes it to report the wrong key length for variable-length
ciphers when used with non-default key lengths.
Assuming that's the case, you can:
a) patch openssl (the best fix). Will need to recompile openssh if it's
statically linked against openssl:
http://marc.info/?l=openssh-unix-dev...9202122302&w=2
b) upgrade to OpenSSH 4.6p1 which has a workaround for some (but not all)
of the cases that are affected. AES counter mode (which is what you
appear to be using) did get the workaround.
c) tell putty to use a different cipher. 128-bit AES will probably be ok.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
 |