Thank you for taking the time to report a bug and make Ubuntu better. I tried reproducing the bug locally using an Oracle 8 container and an Ubuntu container. Here are the versions of the packages:
Oracle: # rpm -qa | grep ssh openssh-server-8.0p1-19.el8_8.x86_64 openssh-8.0p1-19.el8_8.x86_64 openssh-clients-8.0p1-19.el8_8.x86_64 libssh-config-0.9.6-13.el8_9.noarch libssh-0.9.6-13.el8_9.x86_64 Ubuntu: # dpkg -l | grep ssh ii openssh-client 1:8.9p1-3ubuntu0.6 amd64 secure shell (SSH) client, for secure access to remote machines Everything worked as expected and I was able to ssh into the Oracle container. After some research, I found that this specific error you're getting might be related to CVE-2023-48795 (Terrapin attack). More specifically, it has to do with the cipher suites being chosen by the client/server at the time of the login: https://superuser.com/questions/1828501/how-to-solve-ssh-connection-corrupted-error https://unix.stackexchange.com/questions/765347/how-do-you-mitigate-the-terrapin-ssh-attack Even when I explicitly disable the use of CHACHA20 on the server, I still can login successfully and I see that another cipher has been chosen during the key exchange: ... debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: aes128-ctr MAC: umac-...@openssh.com compression: none debug1: kex: client->server cipher: aes128-ctr MAC: umac-...@openssh.com compression: none ... This leads me to believe that there might be some local configuration on your system that's affecting the choice of a suitable cipher. Another option would be some bogus configuration on the server side, I think. Could you please tell us more details about your environment? Did you explicitly configure your ssh client to require CHACHA20 when connecting to this specific server? I'm going to mark this bug as Incomplete for to reflect the fact that we're waiting on more details from you. Please set it back to New when you provide the requested information. Thanks. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-48795 ** Changed in: openssh (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2052482 Title: Bad packet length 2424479189 Connection corrupted Status in openssh package in Ubuntu: Incomplete Bug description: ssh-clent: uname -a :5.15.0-48-generic #54-Ubuntu ``` Ubuntu 22.04.3 LTS OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022 ``` ssh-server: ``` OracleLinux 8.9 OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021 ``` ``` userxxx@userxxx-H3C-X7-030s-0274:~$ ssh 192.168.xxx.xxx -vvv OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for * debug2: resolve_canonicalize: hostname 192.168.xxx.xxx is address debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/userxxx/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/userxxx/.ssh/known_hosts2' debug3: ssh_connect_direct: entering debug1: Connecting to 192.168.xxx.xxx [192.168.xxx.xxx] port 22. debug3: set_sock_tos: set socket 3 IP_TOS 0x10 debug1: Connection established. debug1: identity file /home/userxxx/.ssh/id_rsa type 0 debug1: identity file /home/userxxx/.ssh/id_rsa-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ecdsa type 2 debug1: identity file /home/userxxx/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/userxxx/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519 type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519_sk type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/userxxx/.ssh/id_xmss type -1 debug1: identity file /home/userxxx/.ssh/id_xmss-cert type -1 debug1: identity file /home/userxxx/.ssh/id_dsa type -1 debug1: identity file /home/userxxx/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0 debug1: compat_banner: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 192.168.xxx.xxx:22 as 'userxxx' debug3: record_hostkey: found key type ED25519 in file /home/userxxx/.ssh/known_hosts:20 debug3: load_hostkeys_file: loaded 1 keys from 192.168.xxx.xxx debug1: load_hostkeys: fopen /home/userxxx/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-...@openssh.com, using HostkeyAlgorithms verbatim debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha...@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-...@openssh.com debug2: host key algorithms: ssh-ed25519-cert-...@openssh.com,ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,sk-ssh-ed25519-cert-...@openssh.com,sk-ecdsa-sha2-nistp256-cert-...@openssh.com,rsa-sha2-512-cert-...@openssh.com,rsa-sha2-256-cert-...@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25...@openssh.com,sk-ecdsa-sha2-nistp...@openssh.com,rsa-sha2-512,rsa-sha2-256 debug2: ciphers ctos: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com debug2: ciphers stoc: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com debug2: MACs ctos: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,z...@openssh.com,zlib debug2: compression stoc: none,z...@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: aes256-...@openssh.com,chacha20-poly1...@openssh.com,aes256-ctr,aes256-cbc,aes128-...@openssh.com,aes128-ctr,aes128-cbc debug2: ciphers stoc: aes256-...@openssh.com,chacha20-poly1...@openssh.com,aes256-ctr,aes256-cbc,aes128-...@openssh.com,aes128-ctr,aes128-cbc debug2: MACs ctos: hmac-sha2-256-...@openssh.com,hmac-sha1-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha2-256,hmac-sha1,umac-...@openssh.com,hmac-sha2-512 debug2: MACs stoc: hmac-sha2-256-...@openssh.com,hmac-sha1-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha2-256,hmac-sha1,umac-...@openssh.com,hmac-sha2-512 debug2: compression ctos: none,z...@openssh.com debug2: compression stoc: none,z...@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: <implicit> compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: SSH2_MSG_KEX_ECDH_REPLY received debug1: Server host key: ssh-ed25519 SHA256:RmBQWHDJL5Q02oxK/CmfUYLcFMhGdaR888EUDlenLlY debug3: record_hostkey: found key type ED25519 in file /home/userxxx/.ssh/known_hosts:20 debug3: load_hostkeys_file: loaded 1 keys from 192.168.xxx.xxx debug1: load_hostkeys: fopen /home/userxxx/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: Host '192.168.xxx.xxx' is known and matches the ED25519 host key. debug1: Found key in /home/userxxx/.ssh/known_hosts:20 debug3: send packet: type 21 debug2: ssh_set_newkeys: mode 1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: ssh_set_newkeys: mode 0 debug1: rekey in after 134217728 blocks debug1: get_agent_identities: bound agent to hostkey debug1: get_agent_identities: agent returned 2 keys debug1: Will attempt key: /home/userxxx/.ssh/id_rsa RSA SHA256:8/LUiKki9kVQBQgKvBlVs67wsC834tokLw04csky8d4 agent debug1: Will attempt key: /home/userxxx/.ssh/id_ecdsa ECDSA SHA256:wfU6LbhyFJZ4EE5af/vaBMBxRo/xOf2DrVLKZJxGCqQ agent debug1: Will attempt key: /home/userxxx/.ssh/id_ecdsa_sk debug1: Will attempt key: /home/userxxx/.ssh/id_ed25519 debug1: Will attempt key: /home/userxxx/.ssh/id_ed25519_sk debug1: Will attempt key: /home/userxxx/.ssh/id_xmss debug1: Will attempt key: /home/userxxx/.ssh/id_dsa debug2: pubkey_prepare: done debug3: send packet: type 5 Bad packet length 2424479189. debug2: sshpkt_disconnect: sending SSH2_MSG_DISCONNECT: Packet corrupt debug3: send packet: type 1 ssh_dispatch_run_fatal: Connection to 192.168.xxx.xxx port 22: Connection corrupted ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2052482/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp