信息安全 - 什么可能导致 sshd 出现“错误的数据包长度”？ - 吾爱随笔录

什么可能导致 sshd 出现“错误的数据包长度”？

信息安全 SSH

2021-09-01 13:46:50

我通过一个特定的 IP 地址收到很多失败的 ssh 登录尝试，并出现一个奇怪的错误。我无法理解通过谷歌找到的信息，所以我想这可能是一种新的攻击形式？？

基本上每 25 秒我会在我的日志日志中得到以下两行（数据包长度每次都不同）：

Jun 01 08:35:14 k002271d sshd[10615]: Bad packet length 516882381. [preauth]
Jun 01 08:35:25 k002271d sshd[10540]: Connection closed by 62.210.XXX.XXX [preauth]

我使用密钥登录没有问题，我使用的是最新的 OpenSSH ( OpenSSH_6.7p1 Debian-5+deb8u2, OpenSSL 1.0.1k 8 Jan 2015)，但我启用了一些额外的密码，以使用此处建议的字符串启用来自旧服务器的连接：

Ciphers 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

2016 年 6 月 21 日更新：

正如@Castaglia 所建议的那样，我删除了diffie-hellman-group1和diffie-hellman-group14密钥交换方法（在libssh-0.7.3 发行说明中提到）导致这个字符串：

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1

错误消息停止显示，但我仍然不能 100% 确定这是解决方案，因为错误很少发生。现在我没有回答这个问题。

2016 年 6 月 6 日更新：

终于在将近一周后，我能够检测到相同的攻击并LogLevel DEBUG3按照 Jakuje 的建议进行记录。以下日志显示了与第一次不同的服务器连续两次尝试：

Jun 06 07:16:29 server sshd[565]: debug3: fd 5 is not O_NONBLOCK
Jun 06 07:16:29 server sshd[565]: debug1: Forked child 15573.
Jun 06 07:16:29 server sshd[565]: debug3: send_rexec_state: entering fd = 10 config len 1263
Jun 06 07:16:29 server sshd[565]: debug3: ssh_msg_send: type 0
Jun 06 07:16:29 server sshd[565]: debug3: send_rexec_state: done
Jun 06 07:16:29 server sshd[15573]: debug3: oom_adjust_restore
Jun 06 07:16:29 server sshd[15573]: Set /proc/self/oom_score_adj to 0
Jun 06 07:16:29 server sshd[15573]: debug1: rexec start in 5 out 5 newsock 5 pipe 9 sock 10
Jun 06 07:16:29 server sshd[15573]: debug1: inetd sockets after dupping: 3, 3
Jun 06 07:16:29 server sshd[15573]: Connection from 125.212.XXX.XXX port 46328 on XXX.XXX.XXX.XXX port 22
Jun 06 07:16:29 server sshd[15573]: debug1: Client protocol version 2.0; client software version libssh-0.2
Jun 06 07:16:29 server sshd[15573]: debug1: no match: libssh-0.2
Jun 06 07:16:29 server sshd[15573]: debug1: Enabling compatibility mode for protocol 2.0
Jun 06 07:16:29 server sshd[15573]: debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2
Jun 06 07:16:29 server sshd[15573]: debug2: fd 3 setting O_NONBLOCK
Jun 06 07:16:29 server sshd[15573]: debug2: Network child is on pid 15574
Jun 06 07:16:29 server sshd[15573]: debug3: preauth child monitor started
Jun 06 07:16:29 server sshd[15573]: debug3: privsep user:group 104:65534 [preauth]
Jun 06 07:16:29 server sshd[15573]: debug1: permanently_set_uid: 104/65534 [preauth]
Jun 06 07:16:29 server sshd[15573]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jun 06 07:16:29 server sshd[15573]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Jun 06 07:16:29 server sshd[15573]: debug1: SSH2_MSG_KEXINIT received [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit:  [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit:  [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: reserved 0  [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: diffie-hellman-group1-sha1 [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: ssh-rsa [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: 3des-cbc [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: 3des-cbc [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: hmac-sha1 [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: hmac-sha1 [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: none [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: none [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit:  [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit:  [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: kex_parse_kexinit: reserved 0  [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: mac_setup: setup hmac-sha1 [preauth]
Jun 06 07:16:29 server sshd[15573]: debug1: kex: client->server 3des-cbc hmac-sha1 none [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: mac_setup: setup hmac-sha1 [preauth]
Jun 06 07:16:29 server sshd[15573]: debug1: kex: server->client 3des-cbc hmac-sha1 none [preauth]
Jun 06 07:16:29 server sshd[15573]: debug2: bits set: 505/1024 [preauth]
Jun 06 07:16:29 server sshd[15573]: debug1: expecting SSH2_MSG_KEXDH_INIT [preauth]
Jun 06 07:16:30 server sshd[15573]: debug2: bits set: 506/1024 [preauth]
Jun 06 07:16:30 server sshd[15573]: debug3: mm_key_sign entering [preauth]
Jun 06 07:16:30 server sshd[15573]: debug3: mm_request_send entering: type 6 [preauth]
Jun 06 07:16:30 server sshd[15573]: debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
Jun 06 07:16:30 server sshd[15573]: debug3: mm_request_receive_expect entering: type 7 [preauth]
Jun 06 07:16:30 server sshd[15573]: debug3: mm_request_receive entering [preauth]
Jun 06 07:16:30 server sshd[15573]: debug3: mm_request_receive entering
Jun 06 07:16:30 server sshd[15573]: debug3: monitor_read: checking request 6
Jun 06 07:16:30 server sshd[15573]: debug3: mm_answer_sign
Jun 06 07:16:30 server sshd[15573]: debug3: mm_answer_sign: signature 0x7ff127ec8ce0(271)
Jun 06 07:16:30 server sshd[15573]: debug3: mm_request_send entering: type 7
Jun 06 07:16:30 server sshd[15573]: debug2: monitor_read: 6 used once, disabling now
Jun 06 07:16:30 server sshd[15573]: debug2: kex_derive_keys [preauth]
Jun 06 07:16:30 server sshd[15573]: debug2: set_newkeys: mode 1 [preauth]
Jun 06 07:16:30 server sshd[15573]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Jun 06 07:16:30 server sshd[15573]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Jun 06 07:16:30 server sshd[15573]: debug2: set_newkeys: mode 0 [preauth]
Jun 06 07:16:30 server sshd[15573]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Jun 06 07:16:30 server sshd[15573]: debug1: KEX done [preauth]
Jun 06 07:16:30 server sshd[15573]: Bad packet length 2295582317. [preauth]
Jun 06 07:16:34 server sshd[15498]: Connection closed by 125.212.XXX.XXX [preauth]
Jun 06 07:16:34 server sshd[15498]: debug1: do_cleanup [preauth]
Jun 06 07:16:34 server sshd[15498]: debug3: PAM: sshpam_thread_cleanup entering [preauth]
Jun 06 07:16:34 server sshd[15498]: debug1: monitor_read_log: child log fd closed
Jun 06 07:16:34 server sshd[15498]: debug3: mm_request_receive entering
Jun 06 07:16:34 server sshd[15498]: debug1: do_cleanup
Jun 06 07:16:34 server sshd[15498]: debug3: PAM: sshpam_thread_cleanup entering
Jun 06 07:16:34 server sshd[15498]: debug1: Killing privsep child 15499
Jun 06 07:16:57 server sshd[565]: debug3: fd 5 is not O_NONBLOCK
Jun 06 07:16:57 server sshd[565]: debug1: Forked child 15611.
Jun 06 07:16:57 server sshd[565]: debug3: send_rexec_state: entering fd = 10 config len 1263
Jun 06 07:16:57 server sshd[565]: debug3: ssh_msg_send: type 0
Jun 06 07:16:57 server sshd[565]: debug3: send_rexec_state: done
Jun 06 07:16:57 server sshd[15611]: debug3: oom_adjust_restore
Jun 06 07:16:57 server sshd[15611]: Set /proc/self/oom_score_adj to 0
Jun 06 07:16:57 server sshd[15611]: debug1: rexec start in 5 out 5 newsock 5 pipe 9 sock 10
Jun 06 07:16:57 server sshd[15611]: debug1: inetd sockets after dupping: 3, 3
Jun 06 07:16:57 server sshd[15611]: Connection from 125.212.XXX.XXX port 49390 on XXX.XXX.XXX.XXX port 22
Jun 06 07:16:57 server sshd[15611]: debug1: Client protocol version 2.0; client software version libssh-0.2
Jun 06 07:16:57 server sshd[15611]: debug1: no match: libssh-0.2
Jun 06 07:16:57 server sshd[15611]: debug1: Enabling compatibility mode for protocol 2.0
Jun 06 07:16:57 server sshd[15611]: debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2
Jun 06 07:16:57 server sshd[15611]: debug2: fd 3 setting O_NONBLOCK
Jun 06 07:16:57 server sshd[15611]: debug2: Network child is on pid 15612
Jun 06 07:16:57 server sshd[15611]: debug3: preauth child monitor started
Jun 06 07:16:57 server sshd[15611]: debug3: privsep user:group 104:65534 [preauth]
Jun 06 07:16:57 server sshd[15611]: debug1: permanently_set_uid: 104/65534 [preauth]
Jun 06 07:16:57 server sshd[15611]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jun 06 07:16:57 server sshd[15611]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Jun 06 07:16:57 server sshd[15611]: debug1: SSH2_MSG_KEXINIT received [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit:  [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit:  [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: reserved 0  [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: diffie-hellman-group1-sha1 [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: ssh-rsa [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: 3des-cbc [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: 3des-cbc [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: hmac-sha1 [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: hmac-sha1 [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: none [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: none [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit:  [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit:  [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: kex_parse_kexinit: reserved 0  [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: mac_setup: setup hmac-sha1 [preauth]
Jun 06 07:16:57 server sshd[15611]: debug1: kex: client->server 3des-cbc hmac-sha1 none [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: mac_setup: setup hmac-sha1 [preauth]
Jun 06 07:16:57 server sshd[15611]: debug1: kex: server->client 3des-cbc hmac-sha1 none [preauth]
Jun 06 07:16:57 server sshd[15611]: debug2: bits set: 511/1024 [preauth]
Jun 06 07:16:57 server sshd[15611]: debug1: expecting SSH2_MSG_KEXDH_INIT [preauth]
Jun 06 07:16:58 server sshd[15611]: debug2: bits set: 516/1024 [preauth]
Jun 06 07:16:58 server sshd[15611]: debug3: mm_key_sign entering [preauth]
Jun 06 07:16:58 server sshd[15611]: debug3: mm_request_send entering: type 6 [preauth]
Jun 06 07:16:58 server sshd[15611]: debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
Jun 06 07:16:58 server sshd[15611]: debug3: mm_request_receive_expect entering: type 7 [preauth]
Jun 06 07:16:58 server sshd[15611]: debug3: mm_request_receive entering [preauth]
Jun 06 07:16:58 server sshd[15611]: debug3: mm_request_receive entering
Jun 06 07:16:58 server sshd[15611]: debug3: monitor_read: checking request 6
Jun 06 07:16:58 server sshd[15611]: debug3: mm_answer_sign
Jun 06 07:16:58 server sshd[15611]: debug3: mm_answer_sign: signature 0x7fb75f3b5690(271)
Jun 06 07:16:58 server sshd[15611]: debug3: mm_request_send entering: type 7
Jun 06 07:16:58 server sshd[15611]: debug2: monitor_read: 6 used once, disabling now
Jun 06 07:16:58 server sshd[15611]: debug2: kex_derive_keys [preauth]
Jun 06 07:16:58 server sshd[15611]: debug2: set_newkeys: mode 1 [preauth]
Jun 06 07:16:58 server sshd[15611]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Jun 06 07:16:58 server sshd[15611]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Jun 06 07:16:58 server sshd[15611]: debug2: set_newkeys: mode 0 [preauth]
Jun 06 07:16:58 server sshd[15611]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Jun 06 07:16:58 server sshd[15611]: debug1: KEX done [preauth]
Jun 06 07:16:58 server sshd[15611]: Bad packet length 1877023791. [preauth]
Jun 06 07:17:02 server sshd[15535]: Connection closed by 125.212.XXX.XXX [preauth]
Jun 06 07:17:02 server sshd[15535]: debug1: do_cleanup [preauth]
Jun 06 07:17:02 server sshd[15535]: debug3: PAM: sshpam_thread_cleanup entering [preauth]
Jun 06 07:17:02 server sshd[15535]: debug1: monitor_read_log: child log fd closed
Jun 06 07:17:02 server sshd[15535]: debug3: mm_request_receive entering
Jun 06 07:17:02 server sshd[15535]: debug1: do_cleanup
Jun 06 07:17:02 server sshd[15535]: debug3: PAM: sshpam_thread_cleanup entering
Jun 06 07:17:02 server sshd[15535]: debug1: Killing privsep child 15536

2个回答

这已被广泛解释，但这里是摘要：

当任何一方解密 SSH 数据包的第一个密码块并检查数据包长度时，就会发生此问题。显然，数据包长度必须至少为 5 个字节。RFC 4253 规定任何实现都必须支持整个数据包的长度至少为 35000 字节。无论如何，SSH 实现通常允许更长的数据包。OpenSSH/SunSSH 接受长度字段最大为 256KB (256 * 1024)。因此，这必须是正确的，否则我们的数据包长度会很差：

5 <= length <= 256 * 1024 “Bad packet length”的可能原因

此错误消息通常只有一个原因 - 加密或解密错误。在这种情况下，对等方解密第一个密码块并在这 4 个字节中得到一些垃圾。垃圾符合正确数据包长度的概率为 (256 * 1024)/2\^32。这大约是 0.006%，这意味着 100000 个中的 6 个处理不当的密码块将通过初始长度测试。即使在那之后，在最常用的密码 - AES 的情况下，只有 16 个成功；总而言之，平均而言，100 万个随机密码块中只有 4 个通过了初始数据包长度字段测试 (1/2\^18)。稍后我们将对此进行更多讨论。

这可能只是电线上的腐败吗？可能是在 SSH TCP 连接期间第一次发生在那些特定的 4 个字节中的机会也很小。请注意，如果在初始密钥交换期间发生损坏，则连接将被关闭 - 协议受到保护，不会出现这种情况。因此，如果问题是加密或解密，它通常发生在发送第一条加密消息 SSH_MSG_SERVICE_REQUEST 时的密钥交换之后。

显然，这可能是 SSH 实现本身的错误，但通常情况并非如此，在这里它可能会工作或不工作。

我还不能发表评论，因为大多数与安全相关的答案都在逆向工程 stackexhange 上。com。

听起来好像有人试图暴力破解您的 ssh 服务器（去年从 TK、RU 和 CN 到我的亚马逊 EC2 实例发生了很多事情）。就像 munkeyoto 所说，如果攻击者的 MTU 设置得太高，它可能会导致runts，这意味着数据包对于中间跃点（路由器）来说太大了，因此它们必须截断数据包并将其拆分成更小的数据包。

它通常是由线路上的高噪声信号比（衰减）、具有不同 MTU 的中间节点（路由器）会截断数据包、不对称路由等引起的。

其它你可能感兴趣的问题

上一篇UEFI 固件完整性测量下一篇鉴于 glibc DNS 漏洞，为什么 Linux 发行版不更新安装映像？