From owner-freebsd-hackers Thu Dec 16 10: 9:38 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from cx587235-a.chnd1.az.home.com (cx587235-a.chnd1.az.home.com [24.11.88.170]) by hub.freebsd.org (Postfix) with ESMTP id A44F114EEB for ; Thu, 16 Dec 1999 10:09:35 -0800 (PST) (envelope-from jjreynold@home.com) Received: from whale.home-net (whale [192.168.1.2]) by cx587235-a.chnd1.az.home.com (8.9.3/8.9.3) with ESMTP id LAA40339 for ; Thu, 16 Dec 1999 11:09:34 -0700 (MST) (envelope-from jjreynold@home.com) Received: (from jjreynold@localhost) by whale.home-net (8.9.3/8.9.3) id LAA68945; Thu, 16 Dec 1999 11:09:34 -0700 (MST) (envelope-from jjreynold@home.com) From: John and Jennifer Reynolds MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14425.10973.878258.39420@whale.home-net> Date: Thu, 16 Dec 1999 11:09:33 -0700 (MST) To: freebsd-hackers@freebsd.org Subject: anybody using tn-gw-nav to tunnel ssh through a proxy? X-Mailer: VM 6.73 under Emacs 20.4.1 Cc: Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG hello hackers, I have a rather bizzare problem and I'm hoping that somebody here can help me find the solution or at least other places to go look. At work, we use the tn-gw software to allow users to telnet out to hosts outside our firewall when necessary. There is some software called tn-gw-nav available at ftp://ftp.nlc.net.au/pub/unix/tn-gw-nav/index.html that claims to be able to allow a user to use ssh over the telnet gateway. A co-worker who has the exact same cable-modem setup that I have has gotten this working with his Linux box. He can ssh directly to his box from work. When I tried setting this software up on my end here, I ran into strange problems we can't duplicate with his Linux box. I modified /etc/services and /etc/inetd.conf like the above URL instructs (I'm not running TCP wrappers, yet). I can telnet to my "high" port and see that ssh is "answering" Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. SSH-1.5-OpenSSH-1.2 but upon trying to ssh from work to my box I get this error message: Local: Corrupted check bytes on input. If I run just the "ssh" port instead of openssh, I get the following in my messages file each time the connection fails: Dec 16 09:41:00 dolphin sshd[30368]: fatal: Local: Bad packet length 4267834977. Both of these error messages seem to be coming from sshd (grepping for strings in the binary). A "verbose" output from ssh trying to connect to my machine shows: hip186 [~]<471>% ssh -v dolphin SSH Version 1.2.20 [hppa1.1-hp-hpux10.20], protocol version 1.5. Standard version. Does not use RSAREF. hip186: Reading configuration data /eng/eng9/jreynold/.ssh/config hip186: Applying options for dolphin hip186: ssh_connect: getuid 25155 geteuid 25155 anon 1 hip186: Executing proxy command: exec tn-gw-nav -i -h proxy.domain.com hostname.home.com 3456 hip186: Remote protocol version 1.5, remote software version 1.2.27 hip186: Waiting for server public key. hip186: Received server public key (768 bits) and host key (1024 bits). hip186: Host 'hostname.home.com' is known and matches the host key. hip186: Initializing random; seed file /eng/eng9/jreynold/.ssh/random_seed hip186: Encryption type: idea hip186: Sent encrypted session key. Local: Corrupted check bytes on input. I have tried everything I can think of to get around this problem. I've tried: o using the OpenSSH port o using the linux binary for tn-gw-nav from my co-worker's Linux box o compiling tn-gw-nav with no optimization Nothing seems to work. Does anybody have any clues as to what *might* be going on here? The 4267834977 in the "bad packet length" seems awfully large, yes? With everything else being "identical" on my co-worker's Linux box (same port used, same version of OpenSSH and ssh1, same version of tn-gw-nav, and same version of ssh used here at work) it appears that something FreeBSD-related is causing me the grief. I am perfectly willing to debug this to the eye teeth (because I *really* want this functionality), but I need some pointers as to where to look. I will begin with the sshd source, but with any good debugging problem, I have to rule out FreeBSD's network code and possibly the "ed" driver as "suspects." I have searched the archives for these particular error messages but came up dry. Thank you for any "tips" as to where to look next. -Jr -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= John Reynolds jjreynold@home.com FreeBSD 3.3-STABLE. FreeBSD: The Power to Serve. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message