[Touch-packages] [Bug 2052482] Re: Bad packet length 2424479189 Connection corrupted

Wed, 07 Feb 2024 13:21:36 -0800 

Thank you for taking the time to report a bug and make Ubuntu better.

I tried reproducing the bug locally using an Oracle 8 container and an
Ubuntu container.  Here are the versions of the packages:

Oracle:
# rpm -qa | grep ssh
openssh-server-8.0p1-19.el8_8.x86_64
openssh-8.0p1-19.el8_8.x86_64
openssh-clients-8.0p1-19.el8_8.x86_64
libssh-config-0.9.6-13.el8_9.noarch
libssh-0.9.6-13.el8_9.x86_64

Ubuntu:
# dpkg -l | grep ssh
ii  openssh-client              1:8.9p1-3ubuntu0.6                      amd64   
     secure shell (SSH) client, for secure access to remote machines

Everything worked as expected and I was able to ssh into the Oracle
container.

After some research, I found that this specific error you're getting
might be related to CVE-2023-48795 (Terrapin attack).  More
specifically, it has to do with the cipher suites being chosen by the
client/server at the time of the login:

https://superuser.com/questions/1828501/how-to-solve-ssh-connection-corrupted-error
https://unix.stackexchange.com/questions/765347/how-do-you-mitigate-the-terrapin-ssh-attack

Even when I explicitly disable the use of CHACHA20 on the server, I
still can login successfully and I see that another cipher has been
chosen during the key exchange:

...
debug1: kex: algorithm: curve25519-sha256                                       
                         
debug1: kex: host key algorithm: ssh-ed25519                                    
                         
debug1: kex: server->client cipher: aes128-ctr MAC: umac-...@openssh.com 
compression: none               
debug1: kex: client->server cipher: aes128-ctr MAC: umac-...@openssh.com 
compression: none
...

This leads me to believe that there might be some local configuration on
your system that's affecting the choice of a suitable cipher.  Another
option would be some bogus configuration on the server side, I think.

Could you please tell us more details about your environment?  Did you
explicitly configure your ssh client to require CHACHA20 when connecting
to this specific server?

I'm going to mark this bug as Incomplete for to reflect the fact that
we're waiting on more details from you.  Please set it back to New when
you provide the requested information.  Thanks.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-48795

** Changed in: openssh (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2052482

Title:
  Bad packet length 2424479189 Connection corrupted

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  ssh-clent:
  uname -a :5.15.0-48-generic #54-Ubuntu
  ```
  Ubuntu 22.04.3 LTS
  OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
  ```

  ssh-server:
  ```
  OracleLinux 8.9
  OpenSSH_8.0p1, OpenSSL 1.1.1k  FIPS 25 Mar 2021
  ```

  ```
  userxxx@userxxx-H3C-X7-030s-0274:~$ ssh 192.168.xxx.xxx -vvv
  OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf 
matched no files
  debug1: /etc/ssh/ssh_config line 21: Applying options for *
  debug2: resolve_canonicalize: hostname 192.168.xxx.xxx is address
  debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> 
'/home/userxxx/.ssh/known_hosts'
  debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> 
'/home/userxxx/.ssh/known_hosts2'
  debug3: ssh_connect_direct: entering
  debug1: Connecting to 192.168.xxx.xxx [192.168.xxx.xxx] port 22.
  debug3: set_sock_tos: set socket 3 IP_TOS 0x10
  debug1: Connection established.
  debug1: identity file /home/userxxx/.ssh/id_rsa type 0
  debug1: identity file /home/userxxx/.ssh/id_rsa-cert type -1
  debug1: identity file /home/userxxx/.ssh/id_ecdsa type 2
  debug1: identity file /home/userxxx/.ssh/id_ecdsa-cert type -1
  debug1: identity file /home/userxxx/.ssh/id_ecdsa_sk type -1
  debug1: identity file /home/userxxx/.ssh/id_ecdsa_sk-cert type -1
  debug1: identity file /home/userxxx/.ssh/id_ed25519 type -1
  debug1: identity file /home/userxxx/.ssh/id_ed25519-cert type -1
  debug1: identity file /home/userxxx/.ssh/id_ed25519_sk type -1
  debug1: identity file /home/userxxx/.ssh/id_ed25519_sk-cert type -1
  debug1: identity file /home/userxxx/.ssh/id_xmss type -1
  debug1: identity file /home/userxxx/.ssh/id_xmss-cert type -1
  debug1: identity file /home/userxxx/.ssh/id_dsa type -1
  debug1: identity file /home/userxxx/.ssh/id_dsa-cert type -1
  debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
  debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
  debug1: compat_banner: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
  debug2: fd 3 setting O_NONBLOCK
  debug1: Authenticating to 192.168.xxx.xxx:22 as 'userxxx'
  debug3: record_hostkey: found key type ED25519 in file 
/home/userxxx/.ssh/known_hosts:20
  debug3: load_hostkeys_file: loaded 1 keys from 192.168.xxx.xxx
  debug1: load_hostkeys: fopen /home/userxxx/.ssh/known_hosts2: No such file or 
directory
  debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or 
directory
  debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or 
directory
  debug3: order_hostkeyalgs: have matching best-preference key type 
ssh-ed25519-cert-...@openssh.com, using HostkeyAlgorithms verbatim
  debug3: send packet: type 20
  debug1: SSH2_MSG_KEXINIT sent
  debug3: receive packet: type 20
  debug1: SSH2_MSG_KEXINIT received
  debug2: local client KEXINIT proposal
  debug2: KEX algorithms: 
curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha...@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-...@openssh.com
  debug2: host key algorithms: 
ssh-ed25519-cert-...@openssh.com,ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,sk-ssh-ed25519-cert-...@openssh.com,sk-ecdsa-sha2-nistp256-cert-...@openssh.com,rsa-sha2-512-cert-...@openssh.com,rsa-sha2-256-cert-...@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25...@openssh.com,sk-ecdsa-sha2-nistp...@openssh.com,rsa-sha2-512,rsa-sha2-256
  debug2: ciphers ctos: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
  debug2: ciphers stoc: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
  debug2: MACs ctos: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  debug2: MACs stoc: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  debug2: compression ctos: none,z...@openssh.com,zlib
  debug2: compression stoc: none,z...@openssh.com,zlib
  debug2: languages ctos:
  debug2: languages stoc:
  debug2: first_kex_follows 0
  debug2: reserved 0
  debug2: peer server KEXINIT proposal
  debug2: KEX algorithms: 
curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
  debug2: host key algorithms: 
rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
  debug2: ciphers ctos: 
aes256-...@openssh.com,chacha20-poly1...@openssh.com,aes256-ctr,aes256-cbc,aes128-...@openssh.com,aes128-ctr,aes128-cbc
  debug2: ciphers stoc: 
aes256-...@openssh.com,chacha20-poly1...@openssh.com,aes256-ctr,aes256-cbc,aes128-...@openssh.com,aes128-ctr,aes128-cbc
  debug2: MACs ctos: 
hmac-sha2-256-...@openssh.com,hmac-sha1-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha2-256,hmac-sha1,umac-...@openssh.com,hmac-sha2-512
  debug2: MACs stoc: 
hmac-sha2-256-...@openssh.com,hmac-sha1-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha2-256,hmac-sha1,umac-...@openssh.com,hmac-sha2-512
  debug2: compression ctos: none,z...@openssh.com
  debug2: compression stoc: none,z...@openssh.com
  debug2: languages ctos:
  debug2: languages stoc:
  debug2: first_kex_follows 0
  debug2: reserved 0
  debug1: kex: algorithm: curve25519-sha256
  debug1: kex: host key algorithm: ssh-ed25519
  debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: 
<implicit> compression: none
  debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: 
<implicit> compression: none
  debug3: send packet: type 30
  debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
  debug3: receive packet: type 31
  debug1: SSH2_MSG_KEX_ECDH_REPLY received
  debug1: Server host key: ssh-ed25519 
SHA256:RmBQWHDJL5Q02oxK/CmfUYLcFMhGdaR888EUDlenLlY
  debug3: record_hostkey: found key type ED25519 in file 
/home/userxxx/.ssh/known_hosts:20
  debug3: load_hostkeys_file: loaded 1 keys from 192.168.xxx.xxx
  debug1: load_hostkeys: fopen /home/userxxx/.ssh/known_hosts2: No such file or 
directory
  debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or 
directory
  debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or 
directory
  debug1: Host '192.168.xxx.xxx' is known and matches the ED25519 host key.
  debug1: Found key in /home/userxxx/.ssh/known_hosts:20
  debug3: send packet: type 21
  debug2: ssh_set_newkeys: mode 1
  debug1: rekey out after 134217728 blocks
  debug1: SSH2_MSG_NEWKEYS sent
  debug1: expecting SSH2_MSG_NEWKEYS
  debug3: receive packet: type 21
  debug1: SSH2_MSG_NEWKEYS received
  debug2: ssh_set_newkeys: mode 0
  debug1: rekey in after 134217728 blocks
  debug1: get_agent_identities: bound agent to hostkey
  debug1: get_agent_identities: agent returned 2 keys
  debug1: Will attempt key: /home/userxxx/.ssh/id_rsa RSA 
SHA256:8/LUiKki9kVQBQgKvBlVs67wsC834tokLw04csky8d4 agent
  debug1: Will attempt key: /home/userxxx/.ssh/id_ecdsa ECDSA 
SHA256:wfU6LbhyFJZ4EE5af/vaBMBxRo/xOf2DrVLKZJxGCqQ agent
  debug1: Will attempt key: /home/userxxx/.ssh/id_ecdsa_sk
  debug1: Will attempt key: /home/userxxx/.ssh/id_ed25519
  debug1: Will attempt key: /home/userxxx/.ssh/id_ed25519_sk
  debug1: Will attempt key: /home/userxxx/.ssh/id_xmss
  debug1: Will attempt key: /home/userxxx/.ssh/id_dsa
  debug2: pubkey_prepare: done
  debug3: send packet: type 5
  Bad packet length 2424479189.
  debug2: sshpkt_disconnect: sending SSH2_MSG_DISCONNECT: Packet corrupt
  debug3: send packet: type 1
  ssh_dispatch_run_fatal: Connection to 192.168.xxx.xxx port 22: Connection 
corrupted
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2052482/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to