Home |
Licence |
FAQ |
Docs |
Download |
Keys |
Links
Mirrors |
Updates |
Feedback |
Changes |
Wishlist |
Team
Connecting to a Foundry router fails:
> 2007-01-29 09:37:53 Server version: SSH-2.0-RomSShell_4.31 [...] > 2007-01-29 09:37:53 Initialised triple-DES CBC client->server encryption > 2007-01-29 09:37:53 Initialised HMAC-SHA1 client->server MAC algorithm > 2007-01-29 09:37:53 Initialised triple-DES CBC server->client encryption > 2007-01-29 09:37:53 Initialised HMAC-SHA1 server->client MAC algorithm > 2007-01-29 09:37:53 Received disconnect message (protocol error) > 2007-01-29 09:37:53 Disconnection message text: Bad packet content
More detail from an SSH packet log of a different session (same RomSShell version string; "Foundry BigIron16 running 2.3.0aT145"):
Outgoing packet type 21 / 0x15 (SSH2_MSG_NEWKEYS) Event Log: Initialised triple-DES CBC client->server encryption Event Log: Initialised HMAC-SHA1 client->server MAC algorithm Incoming packet type 21 / 0x15 (SSH2_MSG_NEWKEYS) Event Log: Initialised triple-DES CBC server->client encryption Event Log: Initialised HMAC-SHA1 server->client MAC algorithm Outgoing packet type 2 / 0x02 (SSH2_MSG_IGNORE) Outgoing packet type 5 / 0x05 (SSH2_MSG_SERVICE_REQUEST) 00000000 00 00 00 0c 73 73 68 2d 75 73 65 72 61 75 74 68 ....ssh-userauth Incoming packet type 1 / 0x01 (SSH2_MSG_DISCONNECT) 00000000 00 00 00 02 00 00 00 12 42 61 64 20 70 61 63 6b ........Bad pack 00000010 65 74 20 63 6f 6e 74 65 6e 74 00 00 00 00 et content....
It would appear that RomSShell is having problems with the empty SSH_MSG_IGNORE that we send before each packet in CBC mode (since it's complaining after seeing the first of these). This is perfectly reasonable, since SSH_MSG_IGNORE packets are meant to contain strings, which need four length bytes at the start. As of r7236, PuTTY sends packets containing empty strings instead, which should help. cryptlib complains about this bug as well, probably returning CRYPT_ERROR_BADDATA and (in the next release) the message "Bad message payload length 0 for packet type 2".
Refs: 000601c743cd$ff7e6a60$9823650a@DRMCKAY, 2AB5541EB33172459EE430FFB66B1EE901C0F465@BN-EXCH01.nuance.com, E1HVpbz-0002Zv-00@medusa01.cs.auckland.ac.nz
Audit trail for this bug.