[Bug 2052482] Re: Bad packet length 2424479189 Connection corrupted

Sergio Durigan Junior 2052482 at bugs.launchpad.net
Wed Feb 7 21:12:16 UTC 2024 

Thank you for taking the time to report a bug and make Ubuntu better.

I tried reproducing the bug locally using an Oracle 8 container and an
Ubuntu container.  Here are the versions of the packages:

Oracle:
# rpm -qa | grep ssh
openssh-server-8.0p1-19.el8_8.x86_64
openssh-8.0p1-19.el8_8.x86_64
openssh-clients-8.0p1-19.el8_8.x86_64
libssh-config-0.9.6-13.el8_9.noarch
libssh-0.9.6-13.el8_9.x86_64

Ubuntu:
# dpkg -l | grep ssh
ii  openssh-client              1:8.9p1-3ubuntu0.6                      amd64        secure shell (SSH) client, for secure access to remote machines

Everything worked as expected and I was able to ssh into the Oracle
container.

After some research, I found that this specific error you're getting
might be related to CVE-2023-48795 (Terrapin attack).  More
specifically, it has to do with the cipher suites being chosen by the
client/server at the time of the login:

https://superuser.com/questions/1828501/how-to-solve-ssh-connection-corrupted-error
https://unix.stackexchange.com/questions/765347/how-do-you-mitigate-the-terrapin-ssh-attack

Even when I explicitly disable the use of CHACHA20 on the server, I
still can login successfully and I see that another cipher has been
chosen during the key exchange:

...
debug1: kex: algorithm: curve25519-sha256                                                                
debug1: kex: host key algorithm: ssh-ed25519                                                             
debug1: kex: server->client cipher: aes128-ctr MAC: umac-128 at openssh.com compression: none               
debug1: kex: client->server cipher: aes128-ctr MAC: umac-128 at openssh.com compression: none
...

This leads me to believe that there might be some local configuration on
your system that's affecting the choice of a suitable cipher.  Another
option would be some bogus configuration on the server side, I think.

Could you please tell us more details about your environment?  Did you
explicitly configure your ssh client to require CHACHA20 when connecting
to this specific server?

I'm going to mark this bug as Incomplete for to reflect the fact that
we're waiting on more details from you.  Please set it back to New when
you provide the requested information.  Thanks.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-48795

** Changed in: openssh (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2052482

Title:
  Bad packet length 2424479189 Connection corrupted

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  ssh-clent:
  uname -a :5.15.0-48-generic #54-Ubuntu
  ```
  Ubuntu 22.04.3 LTS
  OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
  ```

  ssh-server:
  ```
  OracleLinux 8.9
  OpenSSH_8.0p1, OpenSSL 1.1.1k  FIPS 25 Mar 2021
  ```

  ```
  userxxx at userxxx-H3C-X7-030s-0274:~$ ssh 192.168.xxx.xxx -vvv
  OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
  debug1: /etc/ssh/ssh_config line 21: Applying options for *
  debug2: resolve_canonicalize: hostname 192.168.xxx.xxx is address
  debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/userxxx/.ssh/known_hosts'
  debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/userxxx/.ssh/known_hosts2'
  debug3: ssh_connect_direct: entering
  debug1: Connecting to 192.168.xxx.xxx [192.168.xxx.xxx] port 22.
  debug3: set_sock_tos: set socket 3 IP_TOS 0x10
  debug1: Connection established.
  debug1: identity file /home/userxxx/.ssh/id_rsa type 0
  debug1: identity file /home/userxxx/.ssh/id_rsa-cert type -1
  debug1: identity file /home/userxxx/.ssh/id_ecdsa type 2
  debug1: identity file /home/userxxx/.ssh/id_ecdsa-cert type -1
  debug1: identity file /home/userxxx/.ssh/id_ecdsa_sk type -1
  debug1: identity file /home/userxxx/.ssh/id_ecdsa_sk-cert type -1
  debug1: identity file /home/userxxx/.ssh/id_ed25519 type -1
  debug1: identity file /home/userxxx/.ssh/id_ed25519-cert type -1
  debug1: identity file /home/userxxx/.ssh/id_ed25519_sk type -1
  debug1: identity file /home/userxxx/.ssh/id_ed25519_sk-cert type -1
  debug1: identity file /home/userxxx/.ssh/id_xmss type -1
  debug1: identity file /home/userxxx/.ssh/id_xmss-cert type -1
  debug1: identity file /home/userxxx/.ssh/id_dsa type -1
  debug1: identity file /home/userxxx/.ssh/id_dsa-cert type -1
  debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
  debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
  debug1: compat_banner: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
  debug2: fd 3 setting O_NONBLOCK
  debug1: Authenticating to 192.168.xxx.xxx:22 as 'userxxx'
  debug3: record_hostkey: found key type ED25519 in file /home/userxxx/.ssh/known_hosts:20
  debug3: load_hostkeys_file: loaded 1 keys from 192.168.xxx.xxx
  debug1: load_hostkeys: fopen /home/userxxx/.ssh/known_hosts2: No such file or directory
  debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
  debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
  debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01 at openssh.com, using HostkeyAlgorithms verbatim
  debug3: send packet: type 20
  debug1: SSH2_MSG_KEXINIT sent
  debug3: receive packet: type 20
  debug1: SSH2_MSG_KEXINIT received
  debug2: local client KEXINIT proposal
  debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512 at openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00 at openssh.com
  debug2: host key algorithms: ssh-ed25519-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,rsa-sha2-512,rsa-sha2-256
  debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
  debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
  debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  debug2: compression ctos: none,zlib at openssh.com,zlib
  debug2: compression stoc: none,zlib at openssh.com,zlib
  debug2: languages ctos:
  debug2: languages stoc:
  debug2: first_kex_follows 0
  debug2: reserved 0
  debug2: peer server KEXINIT proposal
  debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
  debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
  debug2: ciphers ctos: aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes256-ctr,aes256-cbc,aes128-gcm at openssh.com,aes128-ctr,aes128-cbc
  debug2: ciphers stoc: aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes256-ctr,aes256-cbc,aes128-gcm at openssh.com,aes128-ctr,aes128-cbc
  debug2: MACs ctos: hmac-sha2-256-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha1,umac-128 at openssh.com,hmac-sha2-512
  debug2: MACs stoc: hmac-sha2-256-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha1,umac-128 at openssh.com,hmac-sha2-512
  debug2: compression ctos: none,zlib at openssh.com
  debug2: compression stoc: none,zlib at openssh.com
  debug2: languages ctos:
  debug2: languages stoc:
  debug2: first_kex_follows 0
  debug2: reserved 0
  debug1: kex: algorithm: curve25519-sha256
  debug1: kex: host key algorithm: ssh-ed25519
  debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
  debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
  debug3: send packet: type 30
  debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
  debug3: receive packet: type 31
  debug1: SSH2_MSG_KEX_ECDH_REPLY received
  debug1: Server host key: ssh-ed25519 SHA256:RmBQWHDJL5Q02oxK/CmfUYLcFMhGdaR888EUDlenLlY
  debug3: record_hostkey: found key type ED25519 in file /home/userxxx/.ssh/known_hosts:20
  debug3: load_hostkeys_file: loaded 1 keys from 192.168.xxx.xxx
  debug1: load_hostkeys: fopen /home/userxxx/.ssh/known_hosts2: No such file or directory
  debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
  debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
  debug1: Host '192.168.xxx.xxx' is known and matches the ED25519 host key.
  debug1: Found key in /home/userxxx/.ssh/known_hosts:20
  debug3: send packet: type 21
  debug2: ssh_set_newkeys: mode 1
  debug1: rekey out after 134217728 blocks
  debug1: SSH2_MSG_NEWKEYS sent
  debug1: expecting SSH2_MSG_NEWKEYS
  debug3: receive packet: type 21
  debug1: SSH2_MSG_NEWKEYS received
  debug2: ssh_set_newkeys: mode 0
  debug1: rekey in after 134217728 blocks
  debug1: get_agent_identities: bound agent to hostkey
  debug1: get_agent_identities: agent returned 2 keys
  debug1: Will attempt key: /home/userxxx/.ssh/id_rsa RSA SHA256:8/LUiKki9kVQBQgKvBlVs67wsC834tokLw04csky8d4 agent
  debug1: Will attempt key: /home/userxxx/.ssh/id_ecdsa ECDSA SHA256:wfU6LbhyFJZ4EE5af/vaBMBxRo/xOf2DrVLKZJxGCqQ agent
  debug1: Will attempt key: /home/userxxx/.ssh/id_ecdsa_sk
  debug1: Will attempt key: /home/userxxx/.ssh/id_ed25519
  debug1: Will attempt key: /home/userxxx/.ssh/id_ed25519_sk
  debug1: Will attempt key: /home/userxxx/.ssh/id_xmss
  debug1: Will attempt key: /home/userxxx/.ssh/id_dsa
  debug2: pubkey_prepare: done
  debug3: send packet: type 5
  Bad packet length 2424479189.
  debug2: sshpkt_disconnect: sending SSH2_MSG_DISCONNECT: Packet corrupt
  debug3: send packet: type 1
  ssh_dispatch_run_fatal: Connection to 192.168.xxx.xxx port 22: Connection corrupted
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2052482/+subscriptions

More information about the foundations-bugs mailing list