HPE Community
Operating System - Tru64 Unix
1827855 Members
1469 Online
109969 Solutions
New Discussion

Re: "Protocol error" with ssh 3.2 tru64 V5.1B and TCP Wrapper 7.6

 
Baechi
New Member

‎09-11-2003 05:42 AM

‎09-11-2003 05:42 AM

"Protocol error" with ssh 3.2 tru64 V5.1B and TCP Wrapper 7.6

Tru64 V5.1B Patchkit 2
ssh 3.2
tcp wrapper 7.6

If I try to connect with ssh I get "'Bad packet length" error:
auth.log
Sep 11 09:39:38 ttcalpha1 sshd2[460745]: Starting daemon in inetd mode.
Sep 11 09:39:38 ttcalpha1 sshd2[460745]: connection from "172.20.65.21"
Sep 11 09:39:39 ttcalpha1 sshd2[460745]: Daemon is running.
Sep 11 09:39:45 ttcalpha1 sshd2[460745]: WARNING: ssh_user_validate_kerberos_password: uc not krb
Sep 11 09:39:45 ttcalpha1 sshd2[460745]: User root's local password accepted.
Sep 11 09:39:45 ttcalpha1 sshd2[460745]: Password authentication for user root accepted.
Sep 11 09:39:45 ttcalpha1 sshd2[460745]: User root, coming from lareunion.ttc.trivadis.com, authenticated.
Sep 11 09:39:45 ttcalpha1 sshd2[460745]: Remote host disconnected: Bad packet length 875620850.
Sep 11 09:39:45 ttcalpha1 sshd2[460745]: Protocol error in remote: 'Bad packet length 875620850.'

inetd.conf
ssh2 stream tcp nowait root /usr/sbin/tcpd sshd2 -i
ssh stream tcp nowait root /usr/sbin/tcpd sshd2 -i

hosts.allow
sshd2: ALL

tcpdchk and tcpdmatch report no error.
sshd-check-conf root@lareunion is ok.

Even if I start sshd2 from inetd.conf without tcpd (ssh2 stream tcp nowait root /usr/sbin/sshd2 sshd2 -i) I got the same error.
Do I miss some configuration parameters or is there a bug in ssh if running from inetd.conf?
ssh without inetd.conf works fine.

Any ideas?

Regards
Markus
0 Kudos
4 REPLIES 4
Ralf Puchner
Honored Contributor

‎09-11-2003 07:17 AM

‎09-11-2003 07:17 AM

Re: "Protocol error" with ssh 3.2 tru64 V5.1B and TCP Wrapper 7.6

The named errormessage is typically a version problem between client and server (e.g. OpenSSL is not 100% compatible with ssh2 and the first versions contains an bug leading to the above message).

Use sshd -d or ssh -v -v host for more debugging output.

If both versions are identical, try to disable "default compression" within the ssh2 config file.

Help() { FirstReadManual(urgently); Go_to_it;; }
0 Kudos
Al Licause
Trusted Contributor

‎09-11-2003 08:16 AM

‎09-11-2003 08:16 AM

Re: "Protocol error" with ssh 3.2 tru64 V5.1B and TCP Wrapper 7.6

Why are you forcing ssh to be started from inetd ?

I'm assuming to allow you to force it through tcpwrappers ?

Are you using the ssh that came with v5.1b or
an openssh kit ?

0 Kudos
Ralf Puchner
Honored Contributor

‎09-16-2003 11:14 PM

‎09-16-2003 11:14 PM

Re: "Protocol error" with ssh 3.2 tru64 V5.1B and TCP Wrapper 7.6

ssh 3.2 is the version included with 5.1B
Help() { FirstReadManual(urgently); Go_to_it;; }
0 Kudos
Paul Moore_3
Advisor

‎01-15-2004 06:13 AM

‎01-15-2004 06:13 AM

Re: "Protocol error" with ssh 3.2 tru64 V5.1B and TCP Wrapper 7.6

Hi Markus,

HP does not support using TCPWrappers with SSH. The supported method for doing similar restrictions is through the 'AllowHosts' and 'DenyHosts' options in '/etc/ssh2/sshd2_config'. Consult the documentation or man pages for more details. Also, we recommend you do not run SSH from inetd but from the provided init scripts.

Try disabling the TCPWrappers for SSH and running SSH through the init scripts and let us know if your problem persists.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.