sshd / tcp packet corruption ?

Wed Jun 23 21:40:51 UTC 2010

Martin Minkus <martin.minkus at punz.co.nz> writes:

> It seems this issue I reported below may actually be related to some
> kind of TCP packet corruption ?

Possible.  Or memory errors.  Hard to say much at this point, when you
don't even know which side is actually causing the errors.

> Still same box. I’ve noticed my SSH connections into the box will die
> randomly, with errors.
>
>  
>
> Sshd logs the following on the box itself:
>
>  
>
> Jun 18 11:15:32 kinetic sshd[1406]: Received disconnect from
> 10.64.10.251: 2: Invalid packet header.  This probably indicates a
> problem with key exchange or encryption. 
>

You might find more useful information by getting verbose messages from
the other end.  

I don't have time to check this in detail, but if I recall correctly,
that message means that the other side closed the connection based on an
apparent invalid header type in a packet that 'kinetic' received.
Random corruption isn't likely in that case, because the error is always
in the same place in the packet.  Check the 'netstat -i' numbers to see
if the drivers are picking up any packet errors.

It's hard to debug network problems in ssh, though, because (obviously)
you can't tell in general whether packet data is corrupt.  If you can
set up a test case with, say, UDP echo, that would be easier to see the
damage to the packets if they are, in fact, being corrupted.  

Unfortunately, I'm so used to having sophisticated test equipment in the
lab to look at these kinds of problems that I'm probably missing what
would be obvious to someone who deals with problems "in the field."
Hope I've been somewhat helpful anyway.