I am trying to troubleshoot an SSH connectivity problem (client v6.6.1p1, server v6.7p1) that also involves a custom packet forwarding service (so, it may not actually be an SSH problem). The issue is intermittent, and, when present, manifests itself with the client error message "Bad packet length 1397966893. Disconnecting: Packet corrupt." Based on my limited understanding of the SSH Transport Layer Protocol, I gathered that this essentially signifies that the first four bytes of the initial protocol identification packet ("SSH-") are being misinterpreted as the packet length header (per RFC 4253 section 6). When analyzing the traffic with Wireshark, I noticed that the SSH server (or the packet forwarder) combines the initial protocol identification and the Key Exchange Init message into a single TCP packet. For example, I captured a 991-byte packet that consisted of the 39-byte string "SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u1<CR><LF>", followed by what appears to be a 948-byte Key Exchange Init message with 4 bytes of padding, all in a single TCP packet. The client then sends a Key Exchange Init packet and an Elliptic Curve Diffie-Hellman Key Exchange Init packet in quick succession. However, now, instead of sending its own ECDH Key Exchange Init packet the server apparently starts over and resends another initial protocol identification packet. This packet is then interpreted by the client per RFC 4253 section 6, which, of course, makes no sense, and the client sends a disconnect. My main question is: does the SSH Transport Layer Protocol expect the various messages always to be sent as individual packets, or does it support stream-based connections where messages can be reframed into more or fewer packets? I looked at RFC 4253 for clues, but I couldn't find any definitive statement on the particular framing requirements of the protocol. Wireshark summary is below. Thanks for any pointers how to further troubleshoot this. Mirko No. Time srcport dstport Protocol Length Payload Info 4 0.000457 58438 23619 SSHv2 112 44 Client: Protocol (SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10) 6 0.323053 23619 58438 SSHv2 1059 991 Server: Protocol (SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u1), Key Exchange Init 8 0.325071 58438 23619 SSHv2 2036 1968 Client: Key Exchange Init 10 0.331070 58438 23619 SSHv2 116 48 Client: Elliptic Curve Diffie-Hellman Key Exchange Init 12 1.063073 23619 58438 TCP 107 39 23619 → 58438 [PSH, ACK] Seq=992 Ack=2061 Win=174720 Len=39 TSval=3778028126 TSecr=3778027943 [TCP segment of a reassembled PDU] 13 1.063248 58438 23619 SSHv2 108 40 Client: Disconnect _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev