[vox-tech] SSH Troubles

Marc Elliot Hall marc at hallmarc.net
Sat Jul 22 10:43:42 PDT 2006 

On Sat, Jul 22, 2006 at 06:37:46AM -0700, Ken Herron wrote:
> Marc Elliot Hall wrote:
> >On Fri, Jul 21, 2006 at 08:50:46AM -0700, Ken Herron wrote:
> >  
> >>Ken Herron wrote:
> >>Okay, see <http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html>, 
> >>in particular "Why PORT Poses Problems for Routing Devices" and 
> >>"Problems when the FTP Server is Listening on a Non-Standard Port 
> >>Number". Now imagine your netgear thinks it's dealing with FTP and is 
> >>doing that to your ssh sessions.
> >>    
> >Not that I'm disagreeing with you about the router's possible confusion,
> >but I'm not running an FTP server. ;-)
> 
> I never said you were. You're running ssh over port 21, which is 
> normally the ftp command channel port. So the router might be applying 
> its ftp forwarding support to your ssh traffic and scrambling it in the 
> process.
> 
> >I'll investigate further in this direction; however I don't think my 
> >appliance is nearly smart enough to rewrite packet headers. It just 
> >accepts inbound traffic on designated ports and passes it through 
> >unmodified to the same port on a specified host on my network. 
> 
> Netgear routers can  port-forward ftp. If you'd read the link above, 
> you'll see that dumb packet forwarding isn't sufficient to port-forward 
> ftp. So netgear routers almost certainly have logic to do the protocol 
> monitoring and packet rewriting described.

Thank you for the additional comments, Ken. I have read the link you
referenced, and agree that there is a possible relationship between the 
issue I'm experiencing and the Netgear WGT624's firmware thinking that 
if an incoming packet is hitting port 21, it must therefore be FTP -
not that that would be "normal" given my last 18-odd months of
successful ssh-ing with the same config. 

However, I have concluded that this broken behavior is indicative of a
hardware failure (Cosmic rays? Overheating? Whatever...), because 
while tinkering with various PuTTY settings while troubleshooting 
(frex, enabling and disabling single-DES in SSH-2, deleting the saved 
rsa key, etc.), I got this PuTTY Fatal Error:

++++++
Server sent disconnect message" 
type 2 (SSH_DISCONNECT_PROTOCOL_ERROR)
Corrupted MAC on input
++++++

and that led me here:

http://www.derkeiler.com/Newsgroups/comp.security.ssh/2005-03/0113.html

I'm going to attempt to update the firmware to 4.2.11; but if that
doesn't fix things, I'll have to get me a new device (OpenWrt doesn't
have a Free replacement available yet).


-- 
Marc Elliot Hall
www.hallmarc.net

More information about the vox-tech mailing list