((@))
home
users
pictures
movies
motorcycles
role playing games
other resources
the downward spiral

Solving SSH problems in Mac OS 10.0.4

SSH broke? Here's how to fix it.

(revision 1)

Houston, we have a problem...

After updating to 10.0.4, I could no longer connect to a number of servers. Errors were unusual:

	[alita:~] rmohns% ssh remote-server-name
	6e7a 015d 86b4 a9a3 8a76 efc4 d906 2c53

	Disconnecting: Bad packet length 1853489501.

I checked, and the .0.4 update included OpenSSH 2.9p1. I checked the remote server. It also was running OpenSSH 2.9p1! I tried some other servers. Errors varied a little, but there was only one server I could get to, running OpenSSH 2.3.0, and only intermittently -- sometimes it refused the connection! Odd. When I connected to those remote machines (via NiftyTelnet SSH!), I was unable to ssh back to my mac -- same errors.

Two members of the 'X-Unix' list at themacintoshguy.com are also experiencing this; one confirms he's definitely not.

After futzing for a bit, I backed up the 10.0.4 ssh client and daemon binaries, then used Scott Anguish's instructions at StepWise to compile OpenSSH 2.9p2. Works great. (Thanks Scott!)

http://www.stepwise.com/Articles/Workbench/2001-05-02.03.html

A Workaround: use the Blowfish cipher

Here's alternative, thanks to Steven O'Toole of the X-Unix list:

	> Yes exactly the same thing.
	>
	> I searched google for "ssh bad packet length" and found numerous
	> messages about a bug in OpenSSH 2.5.2p2.
	>
	> One of them suggested using blowfish.  So I tried:
	>
	> ssh -c blowfish xxx.xxx.xxx.xxx
	>
	> and it worked.

This doesn't explain why an openssh distribution which thinks it is 2.9p1 is exhibiting an old, documented bug. Either the bug wasn't fully quashed, or it snuck back into Apple's distribution.

Which should I do: compile a new SSH or use the workaround?

  • Less experienced users, or those who use ssh only intermittantly, may wish to use the blowfish cipher workaround as described by Steven (ssh -c blowfish destination-server). Since the StepWise instructions are pretty simple, though, this might be a good chance to become an experienced user! :-)
  • More experienced users, or users who use ssh in scripts or frequently, probably want to install SSH version 2.9p2 using StepWise's easy-to-use instructions.

Good luck, and let's hope Apple catches this with a 10.0.5 update!

Oh... and let Apple know there's a problem, since it appears to have slipped past their QA!

If you have this SSH problem, let Apple know by using their Mac OS X feedback form or by contacting technical support to report the problem.

downwardspiral.net © 2001–2007 robert mohns