Ubuntu
openssh package

Bad packet length 2424479189 Connection corrupted

Bug #2052482 reported by fan liangfu

This bug report will be marked for expiration in 11 days if no further activity occurs. (find out why)

6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Incomplete
Undecided
Unassigned

Bug Description

ssh-clent:
uname -a :5.15.0-48-generic #54-Ubuntu
```
Ubuntu 22.04.3 LTS
OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
```

ssh-server:
```
OracleLinux 8.9
OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021
```

```
userxxx@userxxx-H3C-X7-030s-0274:~$ ssh 192.168.xxx.xxx -vvv
OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.xxx.xxx is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/userxxx/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/userxxx/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.xxx.xxx [192.168.xxx.xxx] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/userxxx/.ssh/id_rsa type 0
debug1: identity file /home/userxxx/.ssh/id_rsa-cert type -1
debug1: identity file /home/userxxx/.ssh/id_ecdsa type 2
debug1: identity file /home/userxxx/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/userxxx/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/userxxx/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/userxxx/.ssh/id_ed25519 type -1
debug1: identity file /home/userxxx/.ssh/id_ed25519-cert type -1
debug1: identity file /home/userxxx/.ssh/id_ed25519_sk type -1
debug1: identity file /home/userxxx/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/userxxx/.ssh/id_xmss type -1
debug1: identity file /home/userxxx/.ssh/id_xmss-cert type -1
debug1: identity file /home/userxxx/.ssh/id_dsa type -1
debug1: identity file /home/userxxx/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: compat_banner: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.xxx.xxx:22 as 'userxxx'
debug3: record_hostkey: found key type ED25519 in file /home/userxxx/.ssh/known_hosts:20
debug3: load_hostkeys_file: loaded 1 keys from 192.168.xxx.xxx
debug1: load_hostkeys: fopen /home/userxxx/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type <email address hidden>, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,<email address hidden>,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,<email address hidden>,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,<email address hidden>
debug2: host key algorithms: <email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,<email address hidden>,<email address hidden>,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: <email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr,<email address hidden>,<email address hidden>
debug2: ciphers stoc: <email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr,<email address hidden>,<email address hidden>
debug2: MACs ctos: <email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: <email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,<email address hidden>,zlib
debug2: compression stoc: none,<email address hidden>,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,<email address hidden>,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: <email address hidden>,<email address hidden>,aes256-ctr,aes256-cbc,<email address hidden>,aes128-ctr,aes128-cbc
debug2: ciphers stoc: <email address hidden>,<email address hidden>,aes256-ctr,aes256-cbc,<email address hidden>,aes128-ctr,aes128-cbc
debug2: MACs ctos: <email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,hmac-sha2-256,hmac-sha1,<email address hidden>,hmac-sha2-512
debug2: MACs stoc: <email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,hmac-sha2-256,hmac-sha1,<email address hidden>,hmac-sha2-512
debug2: compression ctos: none,<email address hidden>
debug2: compression stoc: none,<email address hidden>
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: <email address hidden> MAC: <implicit> compression: none
debug1: kex: client->server cipher: <email address hidden> MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:RmBQWHDJL5Q02oxK/CmfUYLcFMhGdaR888EUDlenLlY
debug3: record_hostkey: found key type ED25519 in file /home/userxxx/.ssh/known_hosts:20
debug3: load_hostkeys_file: loaded 1 keys from 192.168.xxx.xxx
debug1: load_hostkeys: fopen /home/userxxx/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.xxx.xxx' is known and matches the ED25519 host key.
debug1: Found key in /home/userxxx/.ssh/known_hosts:20
debug3: send packet: type 21
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 2 keys
debug1: Will attempt key: /home/userxxx/.ssh/id_rsa RSA SHA256:8/LUiKki9kVQBQgKvBlVs67wsC834tokLw04csky8d4 agent
debug1: Will attempt key: /home/userxxx/.ssh/id_ecdsa ECDSA SHA256:wfU6LbhyFJZ4EE5af/vaBMBxRo/xOf2DrVLKZJxGCqQ agent
debug1: Will attempt key: /home/userxxx/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/userxxx/.ssh/id_ed25519
debug1: Will attempt key: /home/userxxx/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/userxxx/.ssh/id_xmss
debug1: Will attempt key: /home/userxxx/.ssh/id_dsa
debug2: pubkey_prepare: done
debug3: send packet: type 5
Bad packet length 2424479189.
debug2: sshpkt_disconnect: sending SSH2_MSG_DISCONNECT: Packet corrupt
debug3: send packet: type 1
ssh_dispatch_run_fatal: Connection to 192.168.xxx.xxx port 22: Connection corrupted
```

See original description

CVE References

fan liangfu (badrecover123)
description: updated
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thank you for taking the time to report a bug and make Ubuntu better.

I tried reproducing the bug locally using an Oracle 8 container and an Ubuntu container. Here are the versions of the packages:

Oracle:
# rpm -qa | grep ssh
openssh-server-8.0p1-19.el8_8.x86_64
openssh-8.0p1-19.el8_8.x86_64
openssh-clients-8.0p1-19.el8_8.x86_64
libssh-config-0.9.6-13.el8_9.noarch
libssh-0.9.6-13.el8_9.x86_64

Ubuntu:
# dpkg -l | grep ssh
ii openssh-client 1:8.9p1-3ubuntu0.6 amd64 secure shell (SSH) client, for secure access to remote machines

Everything worked as expected and I was able to ssh into the Oracle container.

After some research, I found that this specific error you're getting might be related to CVE-2023-48795 (Terrapin attack). More specifically, it has to do with the cipher suites being chosen by the client/server at the time of the login:

https://superuser.com/questions/1828501/how-to-solve-ssh-connection-corrupted-error
https://unix.stackexchange.com/questions/765347/how-do-you-mitigate-the-terrapin-ssh-attack

Even when I explicitly disable the use of CHACHA20 on the server, I still can login successfully and I see that another cipher has been chosen during the key exchange:

...
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes128-ctr MAC: <email address hidden> compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: <email address hidden> compression: none
...

This leads me to believe that there might be some local configuration on your system that's affecting the choice of a suitable cipher. Another option would be some bogus configuration on the server side, I think.

Could you please tell us more details about your environment? Did you explicitly configure your ssh client to require CHACHA20 when connecting to this specific server?

I'm going to mark this bug as Incomplete for to reflect the fact that we're waiting on more details from you. Please set it back to New when you provide the requested information. Thanks.

Changed in openssh (Ubuntu):
status: New → Incomplete
Revision history for this message
fan liangfu (badrecover123) wrote :

Thanks for your reply!
The faulty server package version numbers are as follows:
[root@gp-seg02 ~]# rpm -qa|grep openssh
openssh-8.0p1-19.el8_9.2.x86_64
openssh-clients-8.0p1-19.el8_9.2.x86_64
openssh-server-8.0p1-19.el8_9.2.x86_64

sshd_config:
[root@gp-seg02 ssh]# cat sshd_config|grep -v ^#|grep -v ^$
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
PermitRootLogin yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp /usr/libexec/openssh/sftp-server

Revision history for this message
fan liangfu (badrecover123) wrote :

[fanlf@gp-seg02 .ssh]$ rpm -qa|grep ssh
openssh-8.0p1-19.el8_9.2.x86_64
libssh-config-0.9.6-13.el8_9.noarch
libssh-0.9.6-13.el8_9.x86_64
openssh-clients-8.0p1-19.el8_9.2.x86_64
openssh-server-8.0p1-19.el8_9.2.x86_64

Revision history for this message
Paride Legovini (paride) wrote :

Thanks for the additional information. By reading the pages Sergio linked to I found one user writing:

  Downgrading openssh-server to version 8.0p1-19.el8_8 will
  revert the update and SSH will work again, although this
  probably not advisable.

That's definitely not advisable, but I think it's worth checking that the older version actually works. This will help figuring out where the problem is.

Then from https://linux.oracle.com/errata/ELSA-2024-12164.html I see that newer openssh versions are available. Those are quite recent (2024-02-14). Could you please test those and report your findings?

Thanks!

Revision history for this message
fan liangfu (badrecover123) wrote :

Downgrading openssh-server to version 8.0p1-19.el8_8 will is work fine

xxxx:~$ ssh x.x.x.101
Last login: Mon Feb 5 14:22:04 2024 from x.x.x.x
[xxx@gp-seg01 ~]$ rpm -qa|grep openssh
openssh-server-8.0p1-19.el8_8.x86_64
openssh-clients-8.0p1-19.el8_8.x86_64
openssh-8.0p1-19.el8_8.x86_64
[xxx@gp-seg01 ~]$

Revision history for this message
fan liangfu (badrecover123) wrote :

[root@gp-seg02 ~]# rpm -qi openssh-server-8.0p1-19.0.1.el8_9.2.x86_64
Name : openssh-server
Version : 8.0p1
Release : 19.0.1.el8_9.2
Architecture: x86_64
Install Date: Wed 06 Mar 2024 05:21:21 PM CST
Group : System Environment/Daemons
Size : 1047392
License : BSD
Signature : RSA/SHA256, Wed 14 Feb 2024 11:09:22 PM CST, Key ID 82562ea9ad986da3
Source RPM : openssh-8.0p1-19.0.1.el8_9.2.src.rpm
Build Date : Wed 14 Feb 2024 11:01:38 PM CST
Build Host : build-ol8-x86_64.oracle.com
Relocations : (not relocatable)
Vendor : Oracle America
URL : http://www.openssh.com/portable.html
Summary : An open source SSH server daemon
Description :
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
securely connect to your SSH server.
[root@gp-seg02 ~]#

Revision history for this message
Paride Legovini (paride) wrote :

I am not sure I fully understand the latest comment. Does it mean that 8.0p1-19.0.1 just works? What about 8.0p1-19.0.1.2, mentioned in [1]?

[1] https://linux.oracle.com/errata/ELSA-2024-12164.html

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.