sshd: Corrupted MAC on input.
May 2013
Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  
About
This site is an effort to share some of the base knowledge I have gathered through all this years working with Linux, FreeBSD, OpenBSD, Python or Zope, among others. So, take a look around and I hope you will find the contents useful.
Recent Entries
Hey there!(05/07 16:23)
Arduino Barcamp 2011, Ordes(11/06 23:48)
How to install a patched uwsgi package in FreeBSD(08/18 18:31)
How to get more followers in twitter during this summer(07/25 11:56)
Change by popular demand(07/20 10:27)
We've a new website at Codigo23(07/18 10:10)
Arduino, first contact(07/17 13:13)
7-J, el día que perdí a un ser querido(06/07 23:55)
Using SSL to connect to freenode in weechat(05/17 00:14)
OpenSSH port-forwarding only account(05/13 13:11)
Recent Comments
Re: Why I don't have nor a Twitter neither a Facebook account(ben : 05/22 02:53)
Re: Hey there!(r0sk : 05/08 00:45)
Re: Hey there!(Juanjo : 05/07 18:44)
(sharmila : 02/01 10:17)
Re: Restoring your Desktop folder in Ubuntu(sharmila : 01/31 11:46)
Re: PostgreSQL database migration, the SQL_ASCII to UTF8 problem(P.V.Anthony : 10/23 08:18)
Re: Changing GTK themes in OSx(Harjoven : 10/10 02:33)
Re: PostgreSQL database migration, the SQL_ASCII to UTF8 problem(Kingsley : 09/19 04:17)
Re: PostgreSQL database migration, the SQL_ASCII to UTF8 problem(Kingsley : 09/19 04:13)
Re: Why I don't have nor a Twitter neither a Facebook account(Johnny : 09/11 02:03)
Recent Trackbacks
Aprender Python en Lugo(10/27 19:09)
Categories
OpenBSD (8 items)
BSD (0 items)
FreeBSD (18 items)
Linux (3 items)
Security (3 items)
Python (18 items)
Zope (13 items)
Daily (138 items)
e-shell (9 items)
Hacks (13 items)
PostgreSQL (3 items)
OSX (7 items)
Nintendo DS (0 items)
enlightenment (0 items)
Apache (3 items)
Nintendo Wii (1 items)
Django (23 items)
Music (12 items)
Plone (7 items)
Varnish (0 items)
Lugo (2 items)
Sendmail (0 items)
europython (7 items)
Cherokee (1 items)
self (1 items)
Nature (1 items)
Hiking (0 items)
uwsgi (0 items)
nginx (0 items)
Archives
May 2013
November 2011
August 2011
July 2011
June 2011
May 2011
April 2011
January 2011
December 2010
November 2010

Syndicate this site (XML)

RSS/RDF 0.91

24 septiembre
2010

sshd: Corrupted MAC on input.

rsync + Received disconnect from xxx.xxx.xxx.xxx: 2: Packet corrupt
[Hacks]  [OpenBSD]  [BSD]  [FreeBSD]  [Linux]  [OSX] 

Quite a strange error, don't you think?

It took me some time to realized what was happening, so I hope sharing this information with the rest of the world could help somebody in the future.

Some days ago I was syncing some data between two FreeBSD 8.x servers using rsync when I found that the data transmission just stopped suddenly and I could see in the origin server:

/home/ficheros/201001261403000.pdf
Received disconnect from xxx.xxx.xxx.xxx: 2: Packet corrupt
rsync: writefd_unbuffered failed to write 4 bytes to socket [sender]: Broken pipe (32)
rsync: connection unexpectedly closed (14093 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(601) [sender=3.0.7]

(I've replaced the current host ip address with xxx.xxx.xxx.xxx)

At first I thought it should have been some network error, so I tried again but, after a while, I found that the error was apppearing randomly.

Next thing I did was to check the logs in the destination server, and I found some interesting lines in /var/log/auth.log:

Sep 21 07:59:12 mangosta sshd[48978]: Corrupted MAC on input.
Sep 21 07:59:12 mangosta sshd[48978]: Disconnecting: Packet corrupt

(being mangosta the hostname of the destination server)

Wow, Corrupted MAC on input ¿? Could it be that someone was doing something nasty with my servers?

Short answer: NO.

The problem was that the origin server had some big load on it, the server was running out of memory and it was swaping a lot (extracted from the top command):

Swap: 1024M Total, 577M Used, 447M Free, 56% Inuse

As soon as I stopped some services in that server, the load went down a little and there was plenty of memory for rsync to eat, it works nicely (as usually).

So, this is one of those cases where the error messages are totally useless. Probably it was all rsync's fault, because it usually needs a lot of memory to doing that kind of syncs (-vza) so, as soon as the system was running out of memory, rsync wasn't able to send data over the wire properly. In the other end, as soon as sshd receives some malformed data from the origin server, it probably cut the connection with the Packet Corrupt message.

Perhaps using wireshark or tcpdump to gather some more information could be helpful in this kind of scenario.

Posted by wu at 19:01 | Comments (5) | Trackbacks (0)
<< Repair a damaged XFS filesystem within a LVM2 setup | Main | Bad : modifier in $ (:). >>
Comments
Re: sshd: Corrupted MAC on input.

Thanks for posting this information. I'm have the same issue using scp to download a database export. My hosting provider tried to blame it on the network... but given prior experience on my shared server, I know it's a lack of resources as you've explained. Thanks for writing this explanation up. I'm going to share it with my hosting provider and see if they have a solution for me as a result.

Posted by: John Erck at febrero 23,2012 18:01
Re: sshd: Corrupted MAC on input.

I'd like to express my thanks as well. I have a small embedded device being backed up nightly by Dirvish (using rsync) and have had the corrupted MAC error the last 3 nights. Worked well for quite a while, system update recently has knocked something out of whack. Amongst other things it runs rtorrent 24/7, occasionally getting up to 70% load, though most of the time it's below 30%. Really don't know why rtorrent does that, have tweaked on it quite extensively. Anyhow, I'll just try putting in a cron job to suspend the rtorrent to give it some breathing room during the backup.

Posted by: Mike J. at abril 09,2012 06:56
Re: sshd: Corrupted MAC on input.

An update on my problem for future searchers of this bizarre problem.
I placed my embedded computer in a less accessible place and had only been doing soft resets after OS updates. Today I did a hard reset (power off, on) and it solved the problem. The load in my case had nothing to do with it, even with a starting load of close to 0.00 it swings up to 1.7, even 2.5 briefly from a very busy rsync. Yet works fine.
Hope you are as fortunate.

Posted by: Mike J. at abril 12,2012 06:43
Re: sshd: Corrupted MAC on input.

Should have added that is the load on the embedded computer being backed up, which is where my problem was occurring.
Sorry for the repeat post, no editing option.

Posted by: Mike J. at abril 12,2012 07:01
Re: sshd: Corrupted MAC on input.

Thanks for posting this information!

I came across the same problem recently on some crappy hardware and would have taken it for another hardware problem. Thanks to this page, I found out this one at least was a software bug, so I could go on and copy the data another way.

FWIW, killing most other processes let rsync get a little further, but not enough in my case. rsync version (and everything else) was Debian squeeze.

Posted by: Frank Heckenbach at mayo 26,2012 01:14
Trackbacks
Please send trackback to:http://blog.e-shell.org/270/tbping
There are no trackbacks.
Post a comment