Re: ssh corrupt packets with aes encryption

2013-05-13 Thread Joe Pfeiffer 
recovery...@gmail.com writes:

 On Sat, 11 May 2013 09:41:49 -0600
 Joe Pfeiffer pfeif...@cs.nmsu.edu wrote:

 So...  any idea where to go next?

 Hi.

 1) Try to unload kernel module  aes_x86_64 and it's dependants, restart sshd, 
 try once more.

 2) Boot from livecd, if possible, see if openssh works there.

Booted from debian-live-7.0.0-i386-standard.iso

Same problem.

 3) If possible, swap problem host's disk to another, see if changing hardware 
 help.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1bk3n3aqb7@snowball.wb.pfeifferfamily.net

Re: ssh corrupt packets with aes encryption

2013-05-13 Thread recoverym4n 
On Mon, 13 May 2013 08:48:44 -0600
Joe Pfeiffer pfeif...@cs.nmsu.edu wrote:

 recovery...@gmail.com writes:
 
  On Sat, 11 May 2013 09:41:49 -0600
  Joe Pfeiffer pfeif...@cs.nmsu.edu wrote:
 
  So...  any idea where to go next?
 
  Hi.
 
  1) Try to unload kernel module  aes_x86_64 and it's dependants, restart 
  sshd, try once more.

Ok. My idea was that in-kernel implementation of Intel's in-CPU AES 
instructions corrupts sshd connection.

Can you provide a result of
tcpdump -nn -s0 -i lo tcp port 22
?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130513214920.b4cb40bd6f4e63f13fd10...@gmail.com

Re: ssh corrupt packets with aes encryption

2013-05-13 Thread Joe Pfeiffer 
recovery...@gmail.com writes:

 Can you provide a result of
 tcpdump -nn -s0 -i lo tcp port 22
 ?

I don't have any experience with tcpdump, so I'm just blindly following
instructions here -- let me know if you need more!

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
13:02:57.605334 IP6 ::1.49493  ::1.22: Flags [S], seq 1578479483, win 32752, 
options [mss 16376,sackOK,TS val 3813274 ecr 0,nop,wscale 3], length 0
13:02:57.605380 IP6 ::1.22  ::1.49493: Flags [S.], seq 64267268, ack 
1578479484, win 32728, options [mss 16376,sackOK,TS val 3813274 ecr 
3813274,nop,wscale 3], length 0
13:02:57.605410 IP6 ::1.49493  ::1.22: Flags [.], ack 1, win 4094, options 
[nop,nop,TS val 3813274 ecr 3813274], length 0
13:02:57.622043 IP6 ::1.22  ::1.49493: Flags [P.], seq 1:33, ack 1, win 4091, 
options [nop,nop,TS val 3813278 ecr 3813274], length 32
13:02:57.622240 IP6 ::1.49493  ::1.22: Flags [.], ack 33, win 4091, options 
[nop,nop,TS val 3813278 ecr 3813278], length 0
13:02:57.622386 IP6 ::1.49493  ::1.22: Flags [P.], seq 1:33, ack 33, win 4091, 
options [nop,nop,TS val 3813278 ecr 3813278], length 32
13:02:57.622400 IP6 ::1.22  ::1.49493: Flags [.], ack 33, win 4091, options 
[nop,nop,TS val 3813278 ecr 3813278], length 0
13:02:57.625546 IP6 ::1.49493  ::1.22: Flags [P.], seq 33:1305, ack 33, win 
4091, options [nop,nop,TS val 3813279 ecr 3813278], length 1272
13:02:57.625602 IP6 ::1.22  ::1.49493: Flags [.], ack 1305, win 4091, options 
[nop,nop,TS val 3813279 ecr 3813279], length 0
13:02:57.627354 IP6 ::1.22  ::1.49493: Flags [P.], seq 33:1017, ack 1305, win 
4091, options [nop,nop,TS val 3813279 ecr 3813279], length 984
13:02:57.630548 IP6 ::1.49493  ::1.22: Flags [P.], seq 1305:1385, ack 1017, 
win 4091, options [nop,nop,TS val 3813280 ecr 3813279], length 80
13:02:57.641874 IP6 ::1.22  ::1.49493: Flags [P.], seq 1017:1329, ack 1385, 
win 4091, options [nop,nop,TS val 3813283 ecr 3813280], length 312
13:02:57.655780 IP6 ::1.49493  ::1.22: Flags [P.], seq 1385:1401, ack 1329, 
win 4091, options [nop,nop,TS val 3813286 ecr 3813283], length 16
13:02:57.692109 IP6 ::1.22  ::1.49493: Flags [.], ack 1401, win 4091, options 
[nop,nop,TS val 3813296 ecr 3813286], length 0
13:02:57.692134 IP6 ::1.49493  ::1.22: Flags [P.], seq 1401:1449, ack 1329, 
win 4091, options [nop,nop,TS val 3813296 ecr 3813296], length 48
13:02:57.692148 IP6 ::1.22  ::1.49493: Flags [.], ack 1449, win 4091, options 
[nop,nop,TS val 3813296 ecr 3813296], length 0
13:02:57.692284 IP6 ::1.22  ::1.49493: Flags [P.], seq 1329:1393, ack 1449, 
win 4091, options [nop,nop,TS val 3813296 ecr 3813296], length 64
13:02:57.692318 IP6 ::1.22  ::1.49493: Flags [F.], seq 1393, ack 1449, win 
4091, options [nop,nop,TS val 3813296 ecr 3813296], length 0
13:02:57.694612 IP6 ::1.49493  ::1.22: Flags [P.], seq 1449:1513, ack 1394, 
win 4091, options [nop,nop,TS val 3813296 ecr 3813296], length 64
13:02:57.694701 IP6 ::1.22  ::1.49493: Flags [R], seq 64268662, win 0, length 0

20 packets captured
40 packets received by filter
0 packets dropped by kernel


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1bli7ihf96@snowball.wb.pfeifferfamily.net

Re: ssh corrupt packets with aes encryption

2013-05-13 Thread recoverym4n 
On Mon, 13 May 2013 13:05:41 -0600
Joe Pfeiffer pfeif...@cs.nmsu.edu wrote:

 recovery...@gmail.com writes:
 
  Can you provide a result of
  tcpdump -nn -s0 -i lo tcp port 22
  ?
 
 I don't have any experience with tcpdump, so I'm just blindly following
 instructions here -- let me know if you need more!
 

Ok, good. I need three more things:

1) File /tmp/1.cap from: 
tcpdump -nn -s0 -i lo tcp port 22 -w /tmp/1.cap

Interrupt tcpdump with Ctrl+C once done with `ssh localhost` (I assume you've 
enabled aes back).

2) /var/log/kern.log, which should include info from last boot.
Any other kern.log.X will do, of course.

3) Output of /sbin/ifconfig -a


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130514002734.8eca28a6511b229740d0f...@gmail.com

Re: ssh corrupt packets with aes encryption

2013-05-11 Thread recoverym4n 
On Sat, 11 May 2013 09:41:49 -0600
Joe Pfeiffer pfeif...@cs.nmsu.edu wrote:

 So...  any idea where to go next?

Hi.

1) Try to unload kernel module  aes_x86_64 and it's dependants, restart sshd, 
try once more.

2) Boot from livecd, if possible, see if openssh works there.

3) If possible, swap problem host's disk to another, see if changing hardware 
help.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130511211524.a9e366b938b72f7039c8f...@gmail.com