Saturday 3 February 2024

Bad packet length 1144391034. ssh_dispatch_run_fatal: Connection to x.x.x.x port 22: Connection corrupted

In the last few days, I've started getting this message when connecting with SSH from Ubuntu 22.04 to Oracle Linux 8 systems.  

Fix:    ssh -c user@host

Presumably either Ubuntu or Oracle Linux (and possibly RedHat) has messed up a patch for the default cipher (apparently for that combination of operating systems.  But selecting aes256-gcm works around the problem.

This probably relates to early fixes for the Terrapin vulnerabilities.

UPDATE... If I merely disable cipher then the two ends negotiate cipher: aes128-ctr with MAC: , and I get a different error:

Corrupted MAC on input. 
ssh_dispatch_run_fatal: Connection to x.x.x.x port 22: message authentication code incorrect

So for now perhaps the easiest thing is to enable just cipher in /etc/ssh/ssh_config whilst we wait for more mature fixes for Terrapin.  I'm reluctant to go forcing just one cipher on the server side, in case I lock myself out of a box.

No comments:

Post a Comment

Spammers: please stop wasting my time. All comments are moderated before publication.