Hi, A little more investigation has revealed a non-random way of reproducing this bug. I have discovered that the "random" disconnects were due to exim4 on the remote host trying to deliver large emails to a forwarded port. Attempting to deliver any one of these large emails triggers either the "Bad packet length" error or the fatal buffer_append_space error.
Downgrading to openssh-client 1:4.6p1-5 fixes the problem. I can readily reproduce the bug by upgrading to openssh-client 1:4.7p1-2. The server is running on 1:4.7p1-2 in both cases. (I didn't explicitly test downgrading both server and client, but presumably that works since that was what I have been running on before upgrading to 1:4.7p1-*.) Anyway, I've attached the output of 'ssh -vvv' of a session that aborted due to this bug (see badlength.LOCAL), as well as the corresponding snippet from the server's auth.log (in badlength.REMOTE). Hope this helps to locate the bug. If you need more info, please let me know, as I can now reliably reproduce this problem. Thanks! --T
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 2 win 2097152 max 32768 debug1: client_request_forwarded_tcpip: listen localhost port 2501, originator 127.0.0.1 port 56903 debug2: fd 9 setting O_NONBLOCK debug2: fd 9 setting TCP_NODELAY debug3: fd 9 is O_NONBLOCK debug3: fd 9 is O_NONBLOCK debug1: channel 3: new [127.0.0.1] debug1: confirm forwarded-tcpip debug3: channel 3: waiting for connection debug1: channel 3: connected Disconnecting: Bad packet length 434908. debug3: channel 0: close_fds r 4 w 4 e -1 c -1 debug3: channel 1: close_fds r 5 w 5 e -1 c -1 debug3: channel 2: close_fds r 6 w 7 e 8 c -1 debug3: channel 3: close_fds r 9 w 9 e -1 c -1 debug1: compress outgoing: raw data 764, compressed 589, factor 0.77 debug1: compress incoming: raw data 49924, compressed 36743, factor 0.74
Jan 14 20:37:11 eusebeia sshd[12112]: debug1: Connection to port 2501 forwarding to localhost port 0 requested. Jan 14 20:37:11 eusebeia sshd[12112]: debug2: fd 11 setting TCP_NODELAY Jan 14 20:37:11 eusebeia sshd[12112]: debug2: fd 11 setting O_NONBLOCK Jan 14 20:37:11 eusebeia sshd[12112]: debug3: fd 11 is O_NONBLOCK Jan 14 20:37:11 eusebeia sshd[12112]: debug1: channel 2: new [forwarded-tcpip] Jan 14 20:37:11 eusebeia sshd[12112]: debug2: channel 2: open confirm rwindow 2097152 rmax 2097152 Jan 14 20:37:12 eusebeia sshd[12112]: Received disconnect from 70.79.82.195: 2: Bad packet length 434908. Jan 14 20:37:12 eusebeia sshd[12112]: debug1: do_cleanup Jan 14 20:37:12 eusebeia sshd[12112]: debug1: PAM: cleanup Jan 14 20:37:12 eusebeia sshd[12112]: pam_env(ssh:setcred): Unable to open env file: /etc/environment: No such file or directory Jan 14 20:37:12 eusebeia sshd[12112]: pam_unix(ssh:session): session closed for user hsteoh Jan 14 20:37:12 eusebeia sshd[12112]: debug3: PAM: sshpam_thread_cleanup entering Jan 14 20:37:12 eusebeia sshd[12102]: debug1: do_cleanup Jan 14 20:37:12 eusebeia sshd[12102]: debug1: PAM: cleanup Jan 14 20:37:12 eusebeia sshd[12102]: debug3: PAM: sshpam_thread_cleanup entering Jan 14 20:37:12 eusebeia sshd[12102]: debug1: session_pty_cleanup: session 0 release /dev/pts/1
signature.asc
Description: Digital signature
