Openssh Packet Integrity error - SSH

This is a discussion on Openssh Packet Integrity error - SSH ; Hi all We're developing a Ssh proxy/server and using the Openssh client for testing. Using the latest version of the client, we encounter packet integrity error quite often. "Packet integrity error (1 bytes remaining) at kexdhc.c:99" Following is the partial ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Openssh Packet Integrity error

  1. Openssh Packet Integrity error

    Hi all

    We're developing a Ssh proxy/server and using the Openssh client for
    testing. Using the latest version of the client, we encounter packet
    integrity error quite often.

    "Packet integrity error (1 bytes remaining) at kexdhc.c:99"

    Following is the partial trace output after turning on the compile
    flags of PACKET_DEBUG, DEBUG_KEX, DEBUG_KEXDH and DEBUG_PK and running
    with -vvv. The server host key algorithm being used is DSA. We've tried
    using older versions of the client (namely 4.2 and, 3.7) but get the
    same results. The error doesn't occur all the time but is reproducible
    in a few tries. We have done limited testing with other ssh clients,
    most notably the Tectia Ssh client (eval copy) and it hasnt' happened
    yet.

    Any help/pointers will be deeply appreciated. I didn't want to post the
    complete trace here as its large but I can email it out to whomever
    wants to take a look at the packets.

    Thanks in advance!

    ----------------------------------- Trace
    ------------------------------------------
    openssh-4.3p1 > ./ssh -vvv 192.168.3.52
    OpenSSH_4.3p1, OpenSSL 0.9.7c 30 Sep 2003
    debug1: Reading configuration data
    /home/xxx/workspace/openssh-4.3p1/etc/ssh_config
    debug2: ssh_connect: needpriv 0

    debug1: Enabling compatibility mode for protocol 2.0

    49F8EAC613C515B8E201901BAD983623B98134C425BFFFC55A BACB31E3125D9778A20A4433E722D38A3E94B21C12BBC61B48 20CC26C9059810D01D984CE1F03C94344CF5DFB46D3B002898 E16E240B14AB571BADA7B7EB7C9313125B55B3A9521FD95F5C 359AEA2B0BD2C7F9BDC5FC6A2246E987246E5F5161B16B7D02 C8AFCF
    debug1: expecting SSH2_MSG_KEXDH_REPLY
    debug1: packet_read()
    debug1: input: packet len 648
    debug1: partial packet 8, need 640, maclen 0
    read_poll enc/full: 01b2 0000 0007 7373 682d 6473 7300 0000
    8100 fd7f 5381 1d75 1229 52df 4a9c 2eec
    e4e7 f611 b752 3cef 4400 c31e 3f80 b651
    2669 455d 4022 51fb 593d 8d58 fabf c5f5
    ba30 f6cb 9b55 6cd7 813b 801d 346f f266
    60b7 6b99 50a5 a49f 9fe8 047b 1022 c24f
    bba9 d7fe b7c6 1bf8 3b57 e7c6 a8a6 150f
    04fb 83f6 d3c5 1ec3 0235 5413 5a16 9132
    f675 f3ae 2b61 d72a eff2 2203 199d d148
    01c7 0000 0015 0097 6050 8f15 230b ccb2
    92b9 82a2 eb84 0bf0 581c f500 0000 8100
    f7e1 a085 d69b 3dde cbbc ab5c 36b8 57b9
    7994 afbb fa3a ea82 f957 4c0b 3d07 8267
    5159 578e bad4 594f e671 0710 8180 b449
    1671 23e8 4c28 1613 b7cf 0932 8cc8 a6e1
    3c16 7a8b 547c 8d28 e0a3 ae1e 2bb3 a675
    916e a37f 0bfa 2135 62f1 fb62 7a01 243b
    cca4 f1be a851 9089 a883 dfe1 5ae5 9f06
    928b 665e 807b 5525 6401 4c3b fecf 492a
    0000 0080 5e8e 25f3 a3ca e097 85ee bffd
    dcff f551 4c9e c660 ecfe 7122 070d 5a19
    e433 0448 ed3a 99cb e43b df47 2970 38d2
    b17e 576a c314 18c6 cebc 92e0 2731 d383
    378f eaee 17b2 6ead 3d2f 1c08 01e2 6c27
    9a48 7b16 4445 3a62 791b e256 1ae6 039f
    a38c 0d2a 7199 57bc 791b 5b82 0b38 4a48
    5751 4590 3d2e d2a8 c7b1 a34a 95e2 6599
    085c 5ece 0000 0081 00b3 032f 8ac5 6ab4
    d95e 791a 1c1d 2e1a d5a9 dd1f f49f 3d60
    4a6b 2e61 610c 920f 3830 df97 dc53 c1f9
    047b 42de 6652 cb6a f3f0 b060 e465 6adb
    40a3 794f d401 5706 ef72 0da6 f2b2 fb1b
    1a3b b156 278c 5328 01a8 4c17 29bf af8d
    b5f1 a4ff dae7 2694 d142 6d47 81ef a67e
    152c 1635 a6b4 5b1a c42d 88b6 b7c5 626d
    8305 791f 3b45 2161 7300 0000 3700 0000
    0773 7368 2d64 7373 0000 0028 5daf a3a9
    df9b 4aa0 8dc8 5ef1 6eca 5049 48c3 c6d3
    0084 074c e8da f64a 77e3 3de2 59f8 bb2f
    5ace 072f 5400 0000 0000 0000 0000 0000

    debug1: input: padlen 11
    debug1: input: len before de-compress 632
    read/plain[31]:
    0000 01b2 0000 0007 7373 682d 6473 7300
    0000 8100 fd7f 5381 1d75 1229 52df 4a9c
    2eec e4e7 f611 b752 3cef 4400 c31e 3f80
    b651 2669 455d 4022 51fb 593d 8d58 fabf
    c5f5 ba30 f6cb 9b55 6cd7 813b 801d 346f
    f266 60b7 6b99 50a5 a49f 9fe8 047b 1022
    c24f bba9 d7fe b7c6 1bf8 3b57 e7c6 a8a6
    150f 04fb 83f6 d3c5 1ec3 0235 5413 5a16
    9132 f675 f3ae 2b61 d72a eff2 2203 199d
    d148 01c7 0000 0015 0097 6050 8f15 230b
    ccb2 92b9 82a2 eb84 0bf0 581c f500 0000
    8100 f7e1 a085 d69b 3dde cbbc ab5c 36b8
    57b9 7994 afbb fa3a ea82 f957 4c0b 3d07
    8267 5159 578e bad4 594f e671 0710 8180
    b449 1671 23e8 4c28 1613 b7cf 0932 8cc8
    a6e1 3c16 7a8b 547c 8d28 e0a3 ae1e 2bb3
    a675 916e a37f 0bfa 2135 62f1 fb62 7a01
    243b cca4 f1be a851 9089 a883 dfe1 5ae5
    9f06 928b 665e 807b 5525 6401 4c3b fecf
    492a 0000 0080 5e8e 25f3 a3ca e097 85ee
    bffd dcff f551 4c9e c660 ecfe 7122 070d
    5a19 e433 0448 ed3a 99cb e43b df47 2970
    38d2 b17e 576a c314 18c6 cebc 92e0 2731
    d383 378f eaee 17b2 6ead 3d2f 1c08 01e2
    6c27 9a48 7b16 4445 3a62 791b e256 1ae6
    039f a38c 0d2a 7199 57bc 791b 5b82 0b38
    4a48 5751 4590 3d2e d2a8 c7b1 a34a 95e2
    6599 085c 5ece 0000 0081 00b3 032f 8ac5
    6ab4 d95e 791a 1c1d 2e1a d5a9 dd1f f49f
    3d60 4a6b 2e61 610c 920f 3830 df97 dc53
    c1f9 047b 42de 6652 cb6a f3f0 b060 e465
    6adb 40a3 794f d401 5706 ef72 0da6 f2b2
    fb1b 1a3b b156 278c 5328 01a8 4c17 29bf
    af8d b5f1 a4ff dae7 2694 d142 6d47 81ef
    a67e 152c 1635 a6b4 5b1a c42d 88b6 b7c5
    626d 8305 791f 3b45 2161 7300 0000 3700
    0000 0773 7368 2d64 7373 0000 0028 5daf
    a3a9 df9b 4aa0 8dc8 5ef1 6eca 5049 48c3
    c6d3 0084 074c e8da f64a 77e3 3de2 59f8
    bb2f 5ace 072f 54
    debug1: received packet type 31
    AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIl
    H7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fn
    xqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSA HHAAAAFQCXYFCPFSMLzL
    KSuYKi64QL8Fgc9QAAAIEA9+GghdabPd7LvKtcNrhXuXmUr7v6 OuqC+VdMCz0HgmdRWVeO
    utRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4K OuHiuzpnWRbqN/C/ohNW
    Lx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACAXo4l86PK4JeF
    7r/93P/1UUyexmDs/nEiBw1aGeQzBEjtOpnL5DvfRylwONKxfldqwxQYxs68kuAnMdO DN4
    /q7heybq09LxwIAeJsJ5pIexZERTpieRviVhrmA5+jjA0qcZlXv HkbW4ILOEpIV1FFkD0u
    0qjHsaNKleJlmQhcXs4=
    pub:
    5e:8e:25:f3:a3:ca:e0:97:85:ee:bf:fd:dc:ff:f5:
    51:4c:9e:c6:60:ec:fe:71:22:07:0d:5a:19:e4:33:
    04:48:ed:3a:99:cb:e4:3b:df:47:29:70:38:d2:b1:
    7e:57:6a:c3:14:18:c6:ce:bc:92:e0:27:31:d3:83:
    37:8f:ea:ee:17:b2:6e:ad:3d:2f:1c:08:01:e2:6c:
    27:9a:48:7b:16:44:45:3a:62:79:1b:e2:56:1a:e6:
    03:9f:a3:8c:0d:2a:71:99:57:bc:79:1b:5b:82:0b:
    38:4a:48:57:51:45:90:3d:2e:d2:a8:c7:b1:a3:4a:
    95:e2:65:99:08:5c:5e:ce
    P: 00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
    e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
    51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
    c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
    6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
    10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
    c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
    54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
    f2:22:03:19:9d:d1:48:01:c7
    Q: 00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
    84:0b:f0:58:1c:f5
    G: 00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
    57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
    07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
    81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
    32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
    ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
    f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
    a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
    25:64:01:4c:3b:fe:cf:49:2a
    debug3: check_host_in_hostfile: filename /home/xxx/.ssh/known_hosts
    debug3: check_host_in_hostfile: filename
    /home/xxx/workspace/openssh-4.3p1/etc/ssh_known_hosts
    debug3: check_host_in_hostfile: filename /home/xxx/.ssh/known_hosts
    debug3: check_host_in_hostfile: filename
    /home/xxx/workspace/openssh-4.3p1/etc/ssh_known_hosts
    debug2: no key of type 0 for host 192.168.3.52
    debug3: check_host_in_hostfile: filename /home/xxx/.ssh/known_hosts2
    debug3: check_host_in_hostfile: filename
    /home/xxx/workspace/openssh-4.3p1/etc/ssh_known_hosts2
    debug3: check_host_in_hostfile: filename /home/xxx/.ssh/known_hosts
    debug3: check_host_in_hostfile: filename
    /home/xxx/workspace/openssh-4.3p1/etc/ssh_known_hosts
    debug2: no key of type 1 for host 192.168.3.52
    The authenticity of host '192.168.3.52 (192.168.3.52)' can't be
    established.
    DSA key fingerprint is dd:27:18:32:4f:7f:8d:0b:e6:14:3d:a1:85:3c:8d:56.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.3.52' (DSA) to the list of known
    hosts.
    dh_server_pub=
    B3032F8AC56AB4D95E791A1C1D2E1AD5A9DD1FF49F3D604A6B 2E61610C920F3830DF97DC53C1F9047B42DE6652CB6AF3F0B0 60E4656ADB40A3794FD4015706EF720DA6F2B2FB1B1A3BB156 278C532801A84C1729BFAF8DB5F1A4FFDAE72694D1426D4781 EFA67E152C1635A6B45B1AC42D88B6B7C5626D8305791F3B45 216173
    debug1: bits 1024
    Packet integrity error (1 bytes remaining) at kexdhc.c:99
    Disconnecting: Packet integrity error.
    debug1: packet_start[1]
    plain: 0000 0000 0001 0000 0002 0000 0017 5061
    636b 6574 2069 6e74 6567 7269 7479 2065
    7272 6f72 2e00 0000 00
    debug1: send: len 48 (includes padlen 7)
    encrypted: 0000 002c 0701 0000 0002 0000 0017 5061
    636b 6574 2069 6e74 6567 7269 7479 2065
    7272 6f72 2e00 0000 0000 0000 0000 0000

    debug1: packet_send done


  2. Re: Openssh Packet Integrity error

    All,

    This was a bug in our proxy in the DH key exchange. When sending the
    DSS signature blob, according to section 6.6 of the Transport spec, the
    blob is encoded as a string containing "two 160 bit" integers.
    Sometimes they had a leading 0 and after normalizing the integers to 20
    bytes, the problem seems to be gone now.

    Thanks.


+ Reply to Thread