Re: Packet len too high during authentication

[Anne Zhang <meantobe997@xxxxxxxxxxx>]

Hi Aris,

I tried all the encryption algorithm available on Solaris x86:
*aes128-ctr,aes192-ctr,aes256-ctr,* but failed at the same place. I also
increase the verbose:

[2013/11/18 15:55:10.685952, 1] ssh_connect:  libssh 0.6.0 (c) 2003-2010
Aris Adamantiadis (aris@xxxxxxxxxxxx) Distributed under the LGPL, please
refer to COPYING file for information about your rights, using threading
threads_noop
[2013/11/18 15:55:10.688099, 2] ssh_socket_connect:  Nonblocking connection
socket: 7
[2013/11/18 15:55:10.688951, 2] ssh_connect:  Socket connecting, now
waiting for the callbacks to work
[2013/11/18 15:55:10.689704, 3] ssh_connect:  ssh_connect: Actual timeout :
10000
[2013/11/18 15:55:10.730204, 3] ssh_socket_pollcallback:  Received POLLOUT
in connecting state
[2013/11/18 15:55:10.731020, 1] socket_callback_connected:  Socket
connection callback: 1 (0)
[2013/11/18 15:55:10.773358, 3] callback_receive_banner:  Received banner:
SSH-2.0-Sun_SSH_2.0
[2013/11/18 15:55:10.774183, 1] ssh_client_connection_callback:  SSH server
banner: SSH-2.0-Sun_SSH_2.0
[2013/11/18 15:55:10.779641, 1] ssh_analyze_banner:  Analyzing banner:
SSH-2.0-Sun_SSH_2.0
[2013/11/18 15:55:10.780421, 3] ssh_socket_unbuffered_write:  Enabling
POLLOUT for socket
[2013/11/18 15:55:10.861191, 3] ssh_packet_socket_callback:  packet: read
type 20 [len=580,padding=6,comp=573,payload=573]
[2013/11/18 15:55:10.861917, 3] ssh_packet_process:  Dispatching handler
for packet type 20
[2013/11/18 15:55:10.864677, 3] ssh_socket_unbuffered_write:  Enabling
POLLOUT for socket
[2013/11/18 15:55:10.865624, 3] packet_send2:  packet: wrote
[len=204,padding=4,comp=199,payload=199]
[2013/11/18 15:55:10.867794, 3] packet_send2:  packet: wrote
[len=268,padding=5,comp=262,payload=262]
[2013/11/18 15:55:10.868684, 3] ssh_socket_unbuffered_write:  Enabling
POLLOUT for socket
[2013/11/18 15:55:10.968684, 3] ssh_packet_socket_callback:  packet: read
type 31 [len=828,padding=9,comp=818,payload=818]
[2013/11/18 15:55:10.969438, 3] ssh_packet_process:  Dispatching handler
for packet type 31
[2013/11/18 15:55:10.970022, 2] ssh_packet_dh_reply:  Received
SSH_KEXDH_REPLY
[2013/11/18 15:55:10.972619, 3] ssh_socket_unbuffered_write:  Enabling
POLLOUT for socket
[2013/11/18 15:55:10.973317, 3] packet_send2:  packet: wrote
[len=12,padding=10,comp=1,payload=1]
[2013/11/18 15:55:10.974083, 2] ssh_client_dh_reply:  SSH_MSG_NEWKEYS sent
[2013/11/18 15:55:10.974679, 3] ssh_packet_socket_callback:  Processing 16
bytes left in socket buffer
[2013/11/18 15:55:10.975276, 3] ssh_packet_socket_callback:  packet: read
type 21 [len=12,padding=10,comp=1,payload=1]
[2013/11/18 15:55:10.975895, 3] ssh_packet_process:  Dispatching handler
for packet type 21
[2013/11/18 15:55:10.976527, 2] ssh_packet_newkeys:  Received
SSH_MSG_NEWKEYS
[2013/11/18 15:55:10.977364, 3] crypt_set_algorithms2:  Set output
algorithm to aes128-ctr
[2013/11/18 15:55:10.977961, 3] crypt_set_algorithms2:  Set input algorithm
to aes128-ctr
[2013/11/18 15:55:10.979467, 2] ssh_packet_newkeys:  Signature verified and
valid
[2013/11/18 15:55:10.985355, 3] ssh_connect:  ssh_connect: Actual state : 7
[2013/11/18 15:55:10.986487, 3] packet_send2:  packet: wrote
[len=28,padding=10,comp=17,payload=17]
[2013/11/18 15:55:10.987108, 3] ssh_service_request:  Sent
SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
[2013/11/18 15:55:10.987842, 3] ssh_socket_unbuffered_write:  Enabling
POLLOUT for socket
[2013/11/18 15:55:11.170462, 1] ssh_packet_socket_callback:  read_packet():
Packet len too high(1000142574 3b9cf6ee)
[2013/11/18 15:55:11.170605, 1] ssh_userauth_request_service:  Failed to
request "ssh-userauth" service
Error authenticating with password: read_packet(): Packet len too
high(1000142574 3b9cf6ee)
[2013/11/18 15:55:11.171031, 3] ssh_socket_unbuffered_write:  Enabling
POLLOUT for socket
[2013/11/18 15:55:11.171119, 3] packet_send2:  packet: wrote
[len=28,padding=11,comp=16,payload=16]



I also tried earlier version of libssh, and attached verbose here:

[1] libssh 0.5.2 (c) 2003-2010 Aris Adamantiadis (aris@xxxxxxxxxxxx)
Distributed under the LGPL, please refer to COPYING file for information
about your rights, using threading threads_noop
[2] Nonblocking connection socket: 7
[2] Socket connecting, now waiting for the callbacks to work
[3] ssh_connect: Actual timeout : 10000
[3] Received POLLOUT in connecting state
[1] Socket connection callback: 1 (0)
[3] Received banner: SSH-2.0-Sun_SSH_2.0
[1] SSH server banner: SSH-2.0-Sun_SSH_2.0
[1] Analyzing banner: SSH-2.0-Sun_SSH_2.0
[3] Enabling POLLOUT for socket
[3] Packet size decrypted: 580 (0x244)
[3] Read a 580 bytes packet
[3] 6 bytes padding, 579 bytes left in buffer
[3] After padding, 573 bytes left in buffer
[3] Final size 573
[3] Type 20
[3] Dispatching handler for packet type 20
[3] Writing on the wire a packet having 141 bytes before
[3] 141 bytes after comp + 6 padding bytes = 148 bytes packet
[3] Enabling POLLOUT for socket
[3] Writing on the wire a packet having 133 bytes before
[3] 133 bytes after comp + 6 padding bytes = 140 bytes packet
[3] Enabling POLLOUT for socket
[3] Packet size decrypted: 700 (0x2bc)
[3] Read a 700 bytes packet
[3] 9 bytes padding, 699 bytes left in buffer
[3] After padding, 690 bytes left in buffer
[3] Final size 690
[3] Type 31
[3] Dispatching handler for packet type 31
[2] Received SSH_KEXDH_REPLY
[3] Writing on the wire a packet having 1 bytes before
[3] 1 bytes after comp + 10 padding bytes = 12 bytes packet
[3] Enabling POLLOUT for socket
[2] SSH_MSG_NEWKEYS sent
[3] Processing 16 bytes left in socket buffer
[3] Packet size decrypted: 12 (0xc)
[3] Read a 12 bytes packet
[3] 10 bytes padding, 11 bytes left in buffer
[3] After padding, 1 bytes left in buffer
[3] Final size 1
[3] Type 21
[3] Dispatching handler for packet type 21
[2] Received SSH_MSG_NEWKEYS
[3] Set output algorithm to aes256-ctr
[3] Set input algorithm to aes256-ctr
[3] ssh_connect: Actual state : 7
[3] Writing on the wire a packet having 17 bytes before
[3] 17 bytes after comp + 10 padding bytes = 28 bytes packet
[3] Encrypting packet with seq num: 3, len: 32
[3] Sent SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
[3] Enabling POLLOUT for socket
[3] Decrypting 16 bytes
[3] Packet size decrypted: 717271339 (0x2ac0b12b)
[1] Error : read_packet(): Packet len too high(717271339 2ac0b12b)
[1] Socket exception callback: 1 (0)
[1] Error : Socket error: Error 0

Any other suggestions?

Thanks very much.



Anne 张舒菁
----
Vice Minister of UMJI Career Department 上海交大密西根学院 事业部
Finance of Microsoft Technology Club 上海交大微软俱乐部 财务
OutGoing Exchange Manager 出境交流部
AIESEC Shanghai (SJTU)
Mainland of China
----
Mobile: +86 139 1629 1208
Email: anneshujing@xxxxxxxxx
MSN: meantobe997@xxxxxxxxxxx
Skype: luvinganne


On Thu, Nov 14, 2013 at 12:18 AM, Aris Adamantiadis <aris@xxxxxxxxxxxx>wrote:

> Hi,
>
> I do not have solaris 11 x86 to test. Could you increase the verbosity
> and maybe provide some output from the SSH server ?
>
> If you don't have more information, could you do a tcpdump trace and
> post it on http://www.cloudshark.org/ ?
>
> What happens if you change the encryption algorithm to aes128-cbc or
> 3des-cbc ? I believe some encryption algorithm may be broken on solaris.
> Thanks,
>
> Aris
>
> Le 13/11/13 23:14, ZhangAnne a écrit :
> > Hi,
> >
> > I am using the user authentication code
> > from http://api.libssh.org/stable/libssh_tutor_guided_tour.html on
> > Solaris 11 x86. And I came across following problem during password
> > authentication:
> >
> > [2013/11/13 14:35:57.099342, 1] ssh_connect:  libssh 0.6.0 (c) 2003-2010
> > Aris Adamantiadis (aris@xxxxxxxxxxxx) Distributed under the LGPL, please
> > refer to COPYING file for information about your rights, using threading
> > threads_noop
> > [2013/11/13 14:35:57.116739, 2] ssh_socket_connect:  Nonblocking
> > connection socket: 7
> > [2013/11/13 14:35:57.116802, 2] ssh_connect:  Socket connecting, now
> > waiting for the callbacks to work
> > [2013/11/13 14:35:57.117023, 1] socket_callback_connected:  Socket
> > connection callback: 1 (0)
> > [2013/11/13 14:35:57.118896, 1] ssh_client_connection_callback:  SSH
> > server banner: SSH-2.0-Sun_SSH_1.5
> > [2013/11/13 14:35:57.118948, 1] ssh_analyze_banner:  Analyzing banner:
> > SSH-2.0-Sun_SSH_1.5
> > [2013/11/13 14:35:57.159941, 2] ssh_packet_dh_reply:  Received
> > SSH_KEXDH_REPLY
> > [2013/11/13 14:35:57.160361, 2] ssh_client_dh_reply:  SSH_MSG_NEWKEYS
> sent
> > [2013/11/13 14:35:57.160392, 2] ssh_packet_newkeys:  Received
> > SSH_MSG_NEWKEYS
> > [2013/11/13 14:35:57.160785, 2] ssh_packet_newkeys:  Signature verified
> > and valid
> > unknown server.[2013/11/13 14:35:57.246178, 1]
> > ssh_packet_socket_callback:  read_packet(): Packet len too high(62115112
> > 3b3cd28)
> > [2013/11/13 14:35:57.246233, 1] ssh_userauth_request_service:  Failed to
> > request "ssh-userauth" service
> > Error authenticating with password: read_packet(): Packet len too
> > high(62115112 3b3cd28)
> >
> > It's using socket 7, and I tried to use other socket number
> > with ssh_options_set(session, SSH_OPTIONS_FD, NULL); but it says
> > connection time out.
> >
> > Any idea packet length is too high while we are doing authentication?
> >
> > I can connect to the ssh server on other machines.
> >
> > Thanks very much!
>
>