Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Resolve SSH problems in 10.0.4 UNIX
I have seen some scattered reports of problems connecting to other systems using 10.0.4 (which includes OpenSSH 2.9p1, according to Apple's documentation). The connection begins, but then terminates with the message "Disconnecting: Bad packet length -898731090", or just fails to connect. To help debug the problem, you can try using SSH with a -v option, which is verbose mode and will show you the details of the connection attempt.

The X4U mailing lists have had some discussion on this topic, and have come up with three possible solutions:
  1. Try connecting with the 'blowfish' encryption scheme (ssh -c blowfish
  2. Compile and install OpenSSH 2.9p2 on your OS X box (there are instructions on StepWise)
  3. Upgrade the other machine (if you can) to OpenSSH 2.9p1 or later
  4. Try forcing SSH to use SSH1 instead of SSH2 (ssh -1 [noticed on MacFixit this morning]
  5. Regenerate your SSH keys (use ssh-keygen at the command line) [from the comments below]
Each of the above methods has worked for at least one user. Personally, SSH is working for me just as it did before the upgrade, but if you're having troubles, try one of the above solutions.
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)

Resolve SSH problems in 10.0.4 | 13 comments | Create New Account
Click here to return to the 'Resolve SSH problems in 10.0.4' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Can't connect to Linux Box
Authored by: DarrylTang on Jun 22, '01 09:23:58AM

Since upgrading to 10.0.4, I can't connect to my trusty Redhat Linux box.
It may or may not be the problem referred to in the post, but here's
the error messages I am getting:

bash-2.05$ ssh -l myname -v linuxbox
OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug1: Reading configuration data /etc/ssh_config
debug1: Seeded RNG with 22 bytes from programs
debug1: Seeded RNG with 3 bytes from system calls
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 501 anon 1
debug1: Trying again...
debug1: Trying again...
debug1: Trying again...
Secure connection to linuxbox refused.
debug1: writing PRNG seed to file /Users/myname/.ssh/prng_seed

I tried the option 1 fix (blowfish) listed in the post, to no avail.
Haven't tried the other two possible fixes yet. I don't think that
OSX is even communicating with the Linux Box, as nothing shows up
in the Linux Box's log files when I try to connect.

I'll post a solution when I find one.

[ Reply to This | # ]
Can't connect to Linux Box
Authored by: DarrylTang on Jun 22, '01 07:49:53PM

I haven't found a fix yet, but I have more insight into the problem.
If I use an IP address instead of an alphanumeric URL, everything works
fine. So, ssh -l myname works, but
ssh -l myname doesn't work. Strange.

I am using a /etc/hosts file, with OSX configured to use it.

I'll post again when I have more info.

[ Reply to This | # ]
Solution to this Problem
Authored by: Ian C on Sep 18, '01 06:35:52AM
I was having the same problem so I looked around and I found this then this.

To use his advice followthese instructions up to: " ... cd openssh-2.9p2" and then insert:

       cat >> confdefs.h 
into the file "configure*" using a tab before cat and then run continue with the stepwise instructions. Hope that helps someone.

[ Reply to This | # ]
Authored by: robg on Jun 22, '01 01:11:28PM

There's definitely something going on. I can connect out to my ISP, but I can't get from my work box (running OS 9 right now) to home. It doesn't generate the above error, it just doesn't connect. I read on one of the forums that I might have to edit the .ssh/known_hosts file, as the new install regenerates the public key. Guess I'll have to do some experimenting tonight.


[ Reply to This | # ]
Authored by: babbage on Jun 22, '01 06:38:50PM

Well, if all else fails, 10.0.0 didn't come with a copy of ssh, so anyone that wanted to
use it had to install it themselves. Worst case scenario, if the newly upgraded & mangled
version can't be kickstarted, would be to simply install your own copy again, either into
/Users/you/Applications or /usr/local (both of which should be immune to system changes).

Personally, I haven't hit any snags so far, but a lot of people have... *shrug*

[ Reply to This | # ]
And not just for Mac OS X?
Authored by: calroth on Jun 23, '01 07:42:14AM

I haven't updated to 10.0.4 (yet), but I could have sworn that I've seen that error before, when using the Solaris version of SSH (not sure which version) to connect to sites. So it could be something with OpenSSH.

[ Reply to This | # ]
upgrade to 2.9p2
Authored by: j|m on Jun 23, '01 07:58:49PM

this seemed to be the solution for me; I was also having problems with not being able to login to a linux box, and sure enough, the upgrade solved it.

the other "solutions", it seems, are really only workarounds, anyway.

[ Reply to This | # ]
upgrade to 2.9p2
Authored by: edljedi on Jun 29, '01 01:17:26AM

I had two OS X boxes that were compiled with 2.9p1. I then setup a new OS X machine and followed the same instructions on Stepwise. But they had changed. They had been updated to use 2.9p2 instead of 2.9p1. When I tried to connect to that machine, I would get the bad packet length error. I hadn't realized I had different versions until I read here that there was a p+1 update. I don't know what's different but there seems to be at least a problem with intermixing these two versions and connecting over ssh2. Connecting using ssh1 (ssh -1 seems to work just fine. I've tried connecting from p1 to p2, no luck and p2 to p1, no luck.

Perhaps someone can fill everyone in to what has changed between p1 and p2 and connecting using ssh2.

[ Reply to This | # ]
Try regenrating the Keys
Authored by: jimr on Jun 24, '01 09:23:57PM

I am not sure as I was really trying to get connected at the time so

I don't have a definite answer.

I have Redhat 6.1 and another machine is redhat 6.2
Both local servers refused connect from my OSX machine
all machines are running the same version of ssh
[Linux xxx]$ ssh -V
OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f

[OSX:/etc] xxx# ssh -V
OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f

I am not certain of the version which 10.04 introduced as the updater has checking which will prevent it from stomping on a higher version.

When I noticed the problem first I looked manually at the config files and determined that they were changed.

Then, I opened SSH config from gideon software and reset my settings and restarted the server.
--This did not help.
Frustrated, I returned to my Openssh source folder and typed "make install".

--Still it didn't work...though, this method does not regenerate keys or rewrite the configs.

I regenerated the keys manually.

It started working.

Seems that the trick is to regenerate the keys. !?!?!?!?!

[ Reply to This | # ]
Worked for me!
Authored by: robg on Jun 26, '01 10:54:36AM
I regenerated my keys (ssh-keygen in the terminal) and SSH is now working again for connections from outside my home network. Hooray!


[ Reply to This | # ]
Use IP number instead of name?
Authored by: redfreda on Jun 29, '01 10:56:15AM

I tried all the suggestions and none worked for me. I was getting the same error as Darryl when trying to ssh to a BSD box. So I tried the server's IP number and that worked. Does anyone know why?

[ Reply to This | # ]
Use IP number instead of name?
Authored by: David Baker on Jun 29, '01 03:33:18PM

This is what I see as well: names do not work for SSH, IP addresses do work. Ping always works.

But to further complicate it: I have this problem at home over wireless on my Airport NAT'ed DSL connection, but NOT on my work ethernet (NAT'd through a Linux firewall). I also cannot send mail (mail -v at the shell) when I have this problem. I've noticed some DNS errors: one of these must be related, right?
Jun 29 00:50:25 clam lookupd[360]: _lookup_all(query) failed
Jun 29 00:50:53 clam lookupd[360]: DNSAgent: dns_send_query_server - timeout for
Jun 29 00:51:13 clam lookupd[360]: DNSAgent: dns_fqdn_query_server - query failed for
Jun 29 00:55:47 clam lookupd[360]: DNSAgent: dns_read_reply - wrong XID in reply (expected 59191 got 23890)

And somehow, sometime, some other app that I run is able to resolve the name to address and it must be cached because at some point, this problem goes away.

[ Reply to This | # ]
ip address
Authored by: alakran on Jul 08, '01 04:28:36PM

i concure. ping works fine and ssh will work with an ip address.
i had the verbose output as above. i'm sure upgrading openssh
will work also, but i didn't need to go that far.

[ Reply to This | # ]