One of the following recent revisions has caused a regression: 383675, 383618, or 383616. I am no longer able to connect to a server running the current version of the port. I get the following error on the client end: Bad packet length 678327660. Disconnecting: Packet corrupt Here is the log entry on the server end: sshd: error: Received disconnect from 192.168.x.x: 2: Packet corrupt [preauth]
What client are you using? Can you please run your sshd with -Ddddd and show me the debugging output from the server? If possible also run the client with -vvv and show the results.
debug2: load_server_config: filename /usr/local/etc/ssh/sshd_config debug2: load_server_config: done config len = 242 debug2: parse_server_config: config /usr/local/etc/ssh/sshd_config len 242 debug3: /usr/local/etc/ssh/sshd_config:30 setting HostKey /usr/local/etc/ssh/ssh_host_ed25519_key debug3: /usr/local/etc/ssh/sshd_config:128 setting Subsystem sftp /usr/local/libexec/sftp-server debug1: sshd version OpenSSH_6.8, OpenSSL 1.0.2a 19 Mar 2015 debug1: private host key #0: ssh-ed25519 SHA256:<redacted> debug1: rexec_argv[0]='/usr/local/sbin/sshd' debug1: rexec_argv[1]='-Ddddd' debug2: fd 3 setting O_NONBLOCK debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY debug1: Bind to port 22 on ::. Server listening on :: port 22. debug2: fd 4 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: fd 5 clearing O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 8 config len 242 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 debug1: res_init() Connection from 192.168.56.1 port 53173 on 192.168.56.51 port 22 debug1: Client protocol version 2.0; client software version OpenSSH_6.7 debug1: match: OpenSSH_6.7 pat OpenSSH* compat 0x04000000 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.8 FreeBSD-openssh-portable-6.8.p1_4,1 debug2: fd 3 setting O_NONBLOCK debug3: ssh_sandbox_init: preparing capsicum sandbox debug2: Network child is on pid 772 debug3: preauth child monitor started debug3: privsep user:group 22:22 [preauth] debug1: permanently_set_uid: 22/22 [preauth] debug1: list_hostkey_types: ssh-ed25519 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 [preauth] debug2: kex_parse_kexinit: ssh-ed25519 [preauth] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth] debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth] debug2: kex_parse_kexinit: [preauth] debug2: kex_parse_kexinit: [preauth] debug2: kex_parse_kexinit: first_kex_follows 0 [preauth] debug2: kex_parse_kexinit: reserved 0 [preauth] debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth] debug2: kex_parse_kexinit: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss [preauth] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth] debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth] debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth] debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth] debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth] debug2: kex_parse_kexinit: [preauth] debug2: kex_parse_kexinit: [preauth] debug2: kex_parse_kexinit: first_kex_follows 0 [preauth] debug2: kex_parse_kexinit: reserved 0 [preauth] debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none [preauth] debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none [preauth] debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] Received disconnect from 192.168.56.1: 2: Packet corrupt [preauth] Disconnected from 192.168.56.1 [preauth] debug1: do_cleanup [preauth] debug3: PAM: sshpam_thread_cleanup entering [preauth] debug1: monitor_read_log: child log fd closed debug3: mm_request_receive entering debug1: do_cleanup debug3: PAM: sshpam_thread_cleanup entering debug1: Killing privsep child 772
This is the client output. I'm using the vanilla client from MacOS X Homebrew. $ ssh -vvv redacted OpenSSH_6.7p1, OpenSSL 1.0.2a 19 Mar 2015 debug1: Reading configuration data /Users/username/.ssh/config debug1: /Users/username/.ssh/config line 3: Applying options for redacted debug1: Reading configuration data /usr/local/etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to redacted [192.168.x.x] port 22. debug1: Connection established. debug1: identity file /Users/username/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/username/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/username/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/username/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/username/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/username/.ssh/id_ecdsa-cert type -1 debug1: identity file /Users/username/.ssh/id_ed25519 type 4 debug1: key_load_public: No such file or directory debug1: identity file /Users/username/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.8 FreeBSD-openssh-portable-6.8.p1_4,1 debug1: match: OpenSSH_6.8 FreeBSD-openssh-portable-6.8.p1_4,1 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host "redacted" from file "/Users/username/.ssh/known_hosts" debug3: load_hostkeys: found key type ED25519 in file /Users/username/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 debug1: SSH2_MSG_KEXINIT sent Bad packet length 678327660.
Can you show me your 'make pretty-print-config' output too please?
-BSM +HPN -KERB_GSSAPI +LDNS +LIBEDIT -NONECIPHER -OVERWRITE_BASE +PAM -SCTP +TCP_WRAPPERS -X509 KERBEROS( -MIT -HEIMDAL -HEIMDAL_BASE )
I don't see how those patches would cause this. I just tried from Yosemite and was able to connect fine using /usr/bin/ssh (which is OpenSSH 6.2). Can you try using /usr/bin/ssh instead of the homebrew one? It would at least tell us if there is something odd with your homebrew one or possibly the server/network.
I connected using the OSX client and the same problem. I am going to try removing the package and rebuilding it and also try it on a fresh install to see if something is different there.
I am having the same problem after doing a portupgrade on 8.4-RELEASE-p18 amd64 system.
(In reply to mdhughes_us from comment #8) > I am having the same problem after doing a portupgrade on 8.4-RELEASE-p18 > amd64 system. Can you be more descriptive please? I am unable to reproduce any problems. Please be sure you run 'make clean' in the directory before building. Then build and install it again. It would be very helpful to know which options you are using from 'make pretty-print-config' and to have some debug output from ssh and sshd.
(In reply to Bryan Drewery from comment #9) After updating to the latest openssh-portable I'm not able to ssh to the system. I have rebuild the port twice now with no change. The output from the make pretty-print-config -BSM -HPN -KERB_GSSAPI +LDNS +LIBEDIT +NONECIPHER -OVERWRITE_BASE -PAM -SCTP -TCP_WRAPPERS -X509 KERBEROS( -MIT -HEIMDAL -HEIMDAL_BASE ) If I do a ssh localhost I get the following error: Bad packet length 16777219. ssh_dispatch_run_fatal: message authentication code incorrect Here is output with -vvv: OpenSSH_6.8p1, OpenSSL 1.0.2a 19 Mar 2015 debug1: Reading configuration data /usr/local/etc/ssh/ssh_config debug1: /usr/local/etc/ssh/ssh_config line 20: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.8 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.8 FreeBSD-openssh-portable-6.8.p1_5,1 debug1: match: OpenSSH_6.8 FreeBSD-openssh-portable-6.8.p1_5,1 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:10 debug3: load_hostkeys: loaded 1 keys from localhost debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug1: SSH2_MSG_KEXINIT sent Bad packet length 16777219. ssh_dispatch_run_fatal: message authentication code incorrect If I tire it from another system running 8.3-RELESE-p4 I get the following: ssh newlogcabin Bad packet length 16777219. Disconnecting: Packet corrupt I also have tried ssh'ing from my wife's Windows 7 box using putty and it give a packet corrupt error also. Debug output from /usr/local/sbin/sshd -Ddddd: debug2: load_server_config: filename /usr/local/etc/ssh/sshd_config debug2: load_server_config: done config len = 225 debug2: parse_server_config: config /usr/local/etc/ssh/sshd_config len 225 debug3: /usr/local/etc/ssh/sshd_config:19 setting Protocol 2 debug3: /usr/local/etc/ssh/sshd_config:65 setting ChallengeResponseAuthentication no debug3: /usr/local/etc/ssh/sshd_config:110 setting Banner /etc/motd debug3: /usr/local/etc/ssh/sshd_config:113 setting Subsystem sftp /usr/local/libexec/sftp-server debug1: sshd version OpenSSH_6.8, OpenSSL 1.0.2a 19 Mar 2015 debug1: private host key #0: ssh-rsa SHA256:r+nxO3l07AuEaVPixPuScRchNxp7ckVZ1dEcxOradwY debug1: private host key #1: ssh-dss SHA256:/UjNdqPf5kC9lomfQbpYXo+ltlV+RbRxGmG3H2QN31g debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:heOMFzyZZ1oYOaF4p/zPVt7Mf2n+Frw23Zito+idZNQ debug1: private host key #3: ssh-ed25519 SHA256:HRQZfA6TQRTh9ivzykkGr8svh/RFdh4uj+Da4sl+axE debug1: rexec_argv[0]='/usr/local/sbin/sshd' debug1: rexec_argv[1]='-Ddddd' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: fd 4 clearing O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 7 config len 225 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 debug1: inetd sockets after dupping: 3, 3 debug1: res_init() Connection from 127.0.0.1 port 38472 on 127.0.0.1 port 22 debug1: Client protocol version 2.0; client software version OpenSSH_6.8 debug1: match: OpenSSH_6.8 pat OpenSSH* compat 0x04000000 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.8 FreeBSD-openssh-portable-6.8.p1_5,1 debug2: fd 3 setting O_NONBLOCK debug3: ssh_sandbox_init: preparing rlimit sandbox debug2: Network child is on pid 59224 debug3: preauth child monitor started debug3: privsep user:group 22:22 [preauth] debug1: permanently_set_uid: 22/22 [preauth] debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: AUTH STATE IS 0 [preauth] debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 [preauth] debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth] debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth] debug2: kex_parse_kexinit: [preauth] debug2: kex_parse_kexinit: [preauth] debug2: kex_parse_kexinit: first_kex_follows 0 [preauth] debug2: kex_parse_kexinit: reserved 0 [preauth] debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth] debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss [preauth] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth] debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth] debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth] debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth] debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth] debug2: kex_parse_kexinit: [preauth] debug2: kex_parse_kexinit: [preauth] debug2: kex_parse_kexinit: first_kex_follows 0 [preauth] debug2: kex_parse_kexinit: reserved 0 [preauth] debug1: REQUESTED ENC.NAME is 'aes128-ctr' [preauth] debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none [preauth] debug1: REQUESTED ENC.NAME is 'aes128-ctr' [preauth] debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none [preauth] debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] Connection closed by 127.0.0.1 [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug3: mm_request_receive entering debug1: do_cleanup debug1: Killing privsep child 59224 Let me know if you need anything else from me.
(In reply to mdhughes_us from comment #10) > (In reply to Bryan Drewery from comment #9) > Let me know if you need anything else from me. Can you show me: grep Privi /usr/local/etc/ssh/sshd_config
(In reply to Bryan Drewery from comment #11) > (In reply to mdhughes_us from comment #10) > > (In reply to Bryan Drewery from comment #9) > > Let me know if you need anything else from me. > > Can you show me: grep Privi /usr/local/etc/ssh/sshd_config Can you also try building without NONECIPHER?
(In reply to Bryan Drewery from comment #11) grep Privi /usr/local/etc/ssh/sshd_config #UsePrivilegeSeparation yes I did a make config and unmarked NONECIPHER. Did a make clean. Then a make;make deinstall;make reinstall. Did a /usr/local/etc/rc.d/openssh restart and I was able to ssh to localhost. I was also able to ssh from my 8.3-RELEASE-p4 system. Hope this helps figure this out. Thanks for working on this so quickly!
Both of your debug output shows "OpenSSL 1.0.2a" which means you're using the port OpenSSL. Please show me the output of 'ldd /usr/local/lib/libldns.so'. If it is linked against the base then it may be causing a conflict. You may also be having problems due to compiling security/openssl with ASM. I suggest disabling that option. See also Bug #198788
ldd /usr/local/lib/libldns.so /usr/local/lib/libldns.so: libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800c00000) libc.so.7 => /lib/libc.so.7 (0x800648000) libthr.so.3 => /lib/libthr.so.3 (0x800ed8000)
I just checked and I don't have ASM X'ed in the config of openssl.
Are these servers behind NAT or other firewalls or proxies?
I figured out the issue. With the NONECIPHER option selected, but not HPN, the patch improperly places a NULL byte "(null)" in the server banner. You can see this with 'telnet host 22' and there will be a (null) on the 2nd line. A fix will be committed shortly.
A commit references this bug: Author: bdrewery Date: Wed May 6 18:39:42 UTC 2015 New revision: 385541 URL: https://svnweb.freebsd.org/changeset/ports/385541 Log: Fix clients getting 'Bad packet length' and 'Disconnecting: Packet corrupt' when the NONECIPHER option is selected but not the HPN option. The server banner was improperly sending a NULL byte after the newline causing confusion on the client. This was an error in my own modifications to the HPN patch in r383231. This may have occurred with stale builds as well, such as running 'make configure' then 'portsnap update' and then 'make build'. Pointyhat to: bdrewery Reported by: many PR: 199352 Changes: head/security/openssh-portable/Makefile head/security/openssh-portable/files/extra-patch-hpn
Please test 6.8.p1_6,1 and let me know if this resolves the issues.
I updated the port and did a make config to add NONECIPHER. Did a make install, /usr/local/etc/rc.d/openssh restart. Went to my 8.3-RELEASE-p4 and was able to ssh to my main system. Thanks for finding this so quickly!
Received 2 success reports so far. Closing.