Is this a bug in Tor or OpenSSH?

Support Core Tor
,
1

I have configured my server for SSH access through an Onion hidden service, but I’m encountering a strange issue where PuTTY is throwing an “Incoming packet was garbled on decryption” error.

To troubleshoot, I set PuTTY to connect using only the SSH-1 protocol. My server correctly rejected the SSH-1 handshake and sent a warning that SSH-2 must be used, which I did to verify that the handshake process was initiating correctly. The server responded as expected, mandating the use of the SSH-2 protocol. However, upon switching back to the SSH-2 protocol, PuTTY began to complain with the “Incoming packet was garbled on decryption” error.

Software Versions:

  • Server Tor version: 0.4.8.19 (Server OS: Debian 13)

  • Client Tor version: 0.4.8.19 (Client OS: Windows 11 25H2)

  • Server OpenSSH version: 1:10.2p1-1

  • Client SSH client version: PuTTY 0.83

The operation logs are as follows.

SSH-1 Mode

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2025.10.13 16:34:21 =~=~=~=~=~=~=~=~=~=~=~=

Event Log: Leaving host lookup to proxy of “.onion” (for SSH connection)

Event Log: Will use SOCKS 5 proxy at 127.0.0.1:9050 to connect to :22

Event Log: Looking up host “127.0.0.1” for proxy

Event Log: Connecting to SOCKS 5 proxy at 127.0.0.1 port 9050

Event Log: Connecting to 127.0.0.1 port 9050

Event Log: Connected to 127.0.0.1 (from 127.0.0.1:60998)

Event Log: Connected to remote host (from 127.0.0.1:60998)

Incoming raw data at 2025-10-13 16:34:22

00000000 53 53 48 2d 32 2e 30 2d 4f 70 65 6e 53 53 48 5f SSH-2.0-OpenSSH_

00000010 31 30 2e 30 70 32 20 44 65 62 69 61 6e 2d 37 0d 10.0p2 Debian-7.

00000020 0a 49 6e 76 61 6c 69 64 20 53 53 48 20 69 64 65 .Invalid SSH ide

00000030 6e 74 69 66 69 63 61 74 69 6f 6e 20 73 74 72 69 ntification stri

00000040 6e 67 2e 0d 0a ng…

Event Log: Remote version: SSH-2.0-OpenSSH_10.0p2 Debian-7

Event Log: SSH protocol version 1 required by our configuration but not provided by remote

SSH-2 Mode

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2025.10.13 16:33:17 =~=~=~=~=~=~=~=~=~=~=~=

Event Log: Leaving host lookup to proxy of “.onion” (for SSH connection)

Event Log: Will use SOCKS 5 proxy at 127.0.0.1:9050 to connect to .onion:22

Event Log: Looking up host “127.0.0.1” for proxy

Event Log: Connecting to SOCKS 5 proxy at 127.0.0.1 port 9050

Event Log: Connecting to 127.0.0.1 port 9050

Event Log: We claim version: SSH-2.0-PuTTY_Release_0.83

Event Log: Connected to 127.0.0.1 (from 127.0.0.1:53931)

Outgoing raw data at 2025-10-13 16:33:17

00000000 53 53 48 2d 32 2e 30 2d 50 75 54 54 59 5f 52 65 SSH-2.0-PuTTY_Re

00000010 6c 65 61 73 65 5f 30 2e 38 33 0d 0a lease_0.83..

Event Log: Connected to remote host (from 127.0.0.1:53931)

Incoming raw data at 2025-10-13 16:33:20

00000000 53 53 48 2d 32 2e 30 2d 4f 70 65 6e 53 53 48 5f SSH-2.0-OpenSSH_

00000010 31 30 2e 30 70 32 20 44 65 62 69 61 6e 2d 37 0d 10.0p2 Debian-7.

00000020 0a 49 6e 76 61 6c 69 64 20 53 53 48 20 69 64 65 .Invalid SSH ide

00000030 6e 74 69 66 69 63 61 74 69 6f 6e 20 73 74 72 69 ntification stri

00000040 6e 67 2e 0d 0a ng…

Event Log: Remote version: SSH-2.0-OpenSSH_10.0p2 Debian-7

Event Log: Using SSH protocol version 2

Event Log: No GSSAPI security context available

Outgoing packet #0x0, type 20 / 0x14 (SSH2_MSG_KEXINIT)

00000000 79 ad ab 2b 30 aa 91 9e b1 73 74 1b 27 a6 1e e1 y..+0…st.'…

00000010 00 00 02 51 63 75 72 76 65 34 34 38 2d 73 68 61 …Qcurve448-sha

00000020 35 31 32 2c 63 75 72 76 65 32 35 35 31 39 2d 73 512,curve25519-s

00000030 68 61 32 35 36 2c 63 75 72 76 65 32 35 35 31 39 ha256,curve25519

00000040 2d 73 68 61 32 35 36 40 6c 69 62 73 73 68 2e 6f -sha256@libssh.o

00000050 72 67 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 rg,ecdh-sha2-nis

00000060 74 70 32 35 36 2c 65 63 64 68 2d 73 68 61 32 2d tp256,ecdh-sha2-

00000070 6e 69 73 74 70 33 38 34 2c 65 63 64 68 2d 73 68 nistp384,ecdh-sh

00000080 61 32 2d 6e 69 73 74 70 35 32 31 2c 73 6e 74 72 a2-nistp521,sntr

00000090 75 70 37 36 31 78 32 35 35 31 39 2d 73 68 61 35 up761x25519-sha5

000000a0 31 32 2c 73 6e 74 72 75 70 37 36 31 78 32 35 35 12,sntrup761x255

000000b0 31 39 2d 73 68 61 35 31 32 40 6f 70 65 6e 73 73 19-sha512@openss

000000c0 68 2e 63 6f 6d 2c 6d 6c 6b 65 6d 37 36 38 78 32 h.com,mlkem768x2

000000d0 35 35 31 39 2d 73 68 61 32 35 36 2c 6d 6c 6b 65 5519-sha256,mlke

000000e0 6d 31 30 32 34 6e 69 73 74 70 33 38 34 2d 73 68 m1024nistp384-sh

000000f0 61 33 38 34 2c 6d 6c 6b 65 6d 37 36 38 6e 69 73 a384,mlkem768nis

00000100 74 70 32 35 36 2d 73 68 61 32 35 36 2c 64 69 66 tp256-sha256,dif

00000110 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 fie-hellman-grou

00000120 70 2d 65 78 63 68 61 6e 67 65 2d 73 68 61 32 35 p-exchange-sha25

00000130 36 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 6,diffie-hellman

00000140 2d 67 72 6f 75 70 2d 65 78 63 68 61 6e 67 65 2d -group-exchange-

00000150 73 68 61 31 2c 64 69 66 66 69 65 2d 68 65 6c 6c sha1,diffie-hell

00000160 6d 61 6e 2d 67 72 6f 75 70 31 38 2d 73 68 61 35 man-group18-sha5

00000170 31 32 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 12,diffie-hellma

00000180 6e 2d 67 72 6f 75 70 31 37 2d 73 68 61 35 31 32 n-group17-sha512

00000190 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d ,diffie-hellman-

000001a0 67 72 6f 75 70 31 36 2d 73 68 61 35 31 32 2c 64 group16-sha512,d

000001b0 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 iffie-hellman-gr

000001c0 6f 75 70 31 35 2d 73 68 61 35 31 32 2c 64 69 66 oup15-sha512,dif

000001d0 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 fie-hellman-grou

000001e0 70 31 34 2d 73 68 61 32 35 36 2c 64 69 66 66 69 p14-sha256,diffi

000001f0 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 e-hellman-group1

00000200 34 2d 73 68 61 31 2c 72 73 61 32 30 34 38 2d 73 4-sha1,rsa2048-s

00000210 68 61 32 35 36 2c 72 73 61 31 30 32 34 2d 73 68 ha256,rsa1024-sh

00000220 61 31 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 a1,diffie-hellma

00000230 6e 2d 67 72 6f 75 70 31 2d 73 68 61 31 2c 65 78 n-group1-sha1,ex

00000240 74 2d 69 6e 66 6f 2d 63 2c 6b 65 78 2d 73 74 72 t-info-c,kex-str

00000250 69 63 74 2d 63 2d 76 30 30 40 6f 70 65 6e 73 73 ict-c-v00@openss

00000260 68 2e 63 6f 6d 00 00 00 7b 73 73 68 2d 65 64 34 h.com…{ssh-ed4

00000270 34 38 2c 73 73 68 2d 65 64 32 35 35 31 39 2c 65 48,ssh-ed25519,e

00000280 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 32 cdsa-sha2-nistp2

00000290 35 36 2c 65 63 64 73 61 2d 73 68 61 32 2d 6e 69 56,ecdsa-sha2-ni

000002a0 73 74 70 33 38 34 2c 65 63 64 73 61 2d 73 68 61 stp384,ecdsa-sha

000002b0 32 2d 6e 69 73 74 70 35 32 31 2c 72 73 61 2d 73 2-nistp521,rsa-s

000002c0 68 61 32 2d 35 31 32 2c 72 73 61 2d 73 68 61 32 ha2-512,rsa-sha2

000002d0 2d 32 35 36 2c 73 73 68 2d 72 73 61 2c 73 73 68 -256,ssh-rsa,ssh

000002e0 2d 64 73 73 00 00 00 eb 61 65 73 31 32 38 2d 67 -dss…aes128-g

000002f0 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 cm@openssh.com,a

00000300 65 73 32 35 36 2d 67 63 6d 40 6f 70 65 6e 73 73 es256-gcm@openss

00000310 68 2e 63 6f 6d 2c 63 68 61 63 68 61 32 30 2d 70 h.com,chacha20-p

00000320 6f 6c 79 31 33 30 35 40 6f 70 65 6e 73 73 68 2e oly1305@openssh.

00000330 63 6f 6d 2c 61 65 73 32 35 36 2d 63 74 72 2c 61 com,aes256-ctr,a

00000340 65 73 32 35 36 2d 63 62 63 2c 72 69 6a 6e 64 61 es256-cbc,rijnda

00000350 65 6c 2d 63 62 63 40 6c 79 73 61 74 6f 72 2e 6c el-cbc@lysator.l

00000360 69 75 2e 73 65 2c 61 65 73 31 39 32 2d 63 74 72 iu.se,aes192-ctr

00000370 2c 61 65 73 31 39 32 2d 63 62 63 2c 61 65 73 31 ,aes192-cbc,aes1

00000380 32 38 2d 63 74 72 2c 61 65 73 31 32 38 2d 63 62 28-ctr,aes128-cb

00000390 63 2c 33 64 65 73 2d 63 74 72 2c 33 64 65 73 2d c,3des-ctr,3des-

000003a0 63 62 63 2c 62 6c 6f 77 66 69 73 68 2d 63 74 72 cbc,blowfish-ctr

000003b0 2c 62 6c 6f 77 66 69 73 68 2d 63 62 63 2c 61 72 ,blowfish-cbc,ar

000003c0 63 66 6f 75 72 32 35 36 2c 61 72 63 66 6f 75 72 cfour256,arcfour

000003d0 31 32 38 00 00 00 eb 61 65 73 31 32 38 2d 67 63 128…aes128-gc

000003e0 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 m@openssh.com,ae

000003f0 73 32 35 36 2d 67 63 6d 40 6f 70 65 6e 73 73 68 s256-gcm@openssh

00000400 2e 63 6f 6d 2c 63 68 61 63 68 61 32 30 2d 70 6f .com,chacha20-po

00000410 6c 79 31 33 30 35 40 6f 70 65 6e 73 73 68 2e 63 ly1305@openssh.c

00000420 6f 6d 2c 61 65 73 32 35 36 2d 63 74 72 2c 61 65 om,aes256-ctr,ae

00000430 73 32 35 36 2d 63 62 63 2c 72 69 6a 6e 64 61 65 s256-cbc,rijndae

00000440 6c 2d 63 62 63 40 6c 79 73 61 74 6f 72 2e 6c 69 l-cbc@lysator.li

00000450 75 2e 73 65 2c 61 65 73 31 39 32 2d 63 74 72 2c u.se,aes192-ctr,

00000460 61 65 73 31 39 32 2d 63 62 63 2c 61 65 73 31 32 aes192-cbc,aes12

00000470 38 2d 63 74 72 2c 61 65 73 31 32 38 2d 63 62 63 8-ctr,aes128-cbc

00000480 2c 33 64 65 73 2d 63 74 72 2c 33 64 65 73 2d 63 ,3des-ctr,3des-c

00000490 62 63 2c 62 6c 6f 77 66 69 73 68 2d 63 74 72 2c bc,blowfish-ctr,

000004a0 62 6c 6f 77 66 69 73 68 2d 63 62 63 2c 61 72 63 blowfish-cbc,arc

000004b0 66 6f 75 72 32 35 36 2c 61 72 63 66 6f 75 72 31 four256,arcfour1

000004c0 32 38 00 00 00 c7 68 6d 61 63 2d 73 68 61 32 2d 28…hmac-sha2-

000004d0 32 35 36 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31 256,hmac-sha2-51

000004e0 32 2c 68 6d 61 63 2d 73 68 61 31 2c 68 6d 61 63 2,hmac-sha1,hmac

000004f0 2d 73 68 61 31 2d 39 36 2c 68 6d 61 63 2d 6d 64 -sha1-96,hmac-md

00000500 35 2c 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2d 5,hmac-sha2-256-

00000510 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c etm@openssh.com,

00000520 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 2d 65 74 hmac-sha2-512-et

00000530 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d m@openssh.com,hm

00000540 61 63 2d 73 68 61 31 2d 65 74 6d 40 6f 70 65 6e ac-sha1-etm@open

00000550 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 ssh.com,hmac-sha

00000560 31 2d 39 36 2d 65 74 6d 40 6f 70 65 6e 73 73 68 1-96-etm@openssh

00000570 2e 63 6f 6d 2c 68 6d 61 63 2d 6d 64 35 2d 65 74 .com,hmac-md5-et

00000580 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 00 00 00 m@openssh.com

00000590 c7 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2c 68 .hmac-sha2-256,h

000005a0 6d 61 63 2d 73 68 61 32 2d 35 31 32 2c 68 6d 61 mac-sha2-512,hma

000005b0 63 2d 73 68 61 31 2c 68 6d 61 63 2d 73 68 61 31 c-sha1,hmac-sha1

000005c0 2d 39 36 2c 68 6d 61 63 2d 6d 64 35 2c 68 6d 61 -96,hmac-md5,hma

000005d0 63 2d 73 68 61 32 2d 32 35 36 2d 65 74 6d 40 6f c-sha2-256-etm@o

000005e0 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d penssh.com,hmac-

000005f0 73 68 61 32 2d 35 31 32 2d 65 74 6d 40 6f 70 65 sha2-512-etm@ope

00000600 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 nssh.com,hmac-sh

00000610 61 31 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 a1-etm@openssh.c

00000620 6f 6d 2c 68 6d 61 63 2d 73 68 61 31 2d 39 36 2d om,hmac-sha1-96-

00000630 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c etm@openssh.com,

00000640 68 6d 61 63 2d 6d 64 35 2d 65 74 6d 40 6f 70 65 hmac-md5-etm@ope

00000650 6e 73 73 68 2e 63 6f 6d 00 00 00 1a 7a 6c 69 62 nssh.com…zlib

00000660 2c 7a 6c 69 62 40 6f 70 65 6e 73 73 68 2e 63 6f ,zlib@openssh.co

00000670 6d 2c 6e 6f 6e 65 00 00 00 1a 7a 6c 69 62 2c 7a m,none…zlib,z

00000680 6c 69 62 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c lib@openssh.com,

00000690 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 00 00 none…

000006a0 00 .

Event Log: Incoming packet was garbled on decryption

2

Just tested setting up a SSH hidden service on Tails 7.0 (based on Debian 13) and everything seems fine to me? I can just connect to the OpenSSH server with either putty or OpenSSH client just fine.

Server: OpenSSH 10.0p1-7, Tor 0.4.8.19-1~d13.trixie+1, Tails 7.0/Debian 13.1
Client: OpenSSH 10.0p1-7, Tor 0.4.8.19-1~d13.trixie+1, Tails 7.0/Debian 13.1
Client 2: putty 0.83, Tor 0.4.8.19-1~d13.trixie+1, Tails 7.0/Debian 13.1

Update: Checked and Debian OpenSSH server + Windows putty client seems to work, too.
Server: OpenSSH 10.0p1-7, Tor 0.4.8.16-1, Debian 13.0
Client: putty 0.83, Tor 0.4.8.19, Windows 10

Screenshot of successful Debian server and Windows putty client combination during experiment
Screenshot of successful Debian server and Windows putty client combination during experiment1799×880 139 KB

1 Like
3

I’ve regained access to my server through the rescue mode provided by my server host. After that, I ran some tests and discovered that this error occurs when the anti-Denial-of-Service features are enabled.

Here is my server’s anti-DoS configuration (I have obfuscated the parameter values to hide the specifics from potential attackers):

HiddenServiceNumIntroductionPoints []
HiddenServiceExportCircuitID haproxy
HiddenServiceEnableIntroDoSDefense 1
HiddenServiceEnableIntroDoSBurstPerSec []
HiddenServiceEnableIntroDoSRatePerSec []
HiddenServicePoWDefensesEnabled 1
HiddenServicePoWQueueRate []
HiddenServicePoWQueueBurst []
CompiledProofOfWorkHash 1
HiddenServiceMaxStreams []
HiddenServiceMaxStreamsCloseCircuit 1

Since my server also functions as an Onion website, I cannot disable these anti-DoS measures, as it would leave my server in a vulnerable position.

4

I see. The problem is, you used HiddenServiceExportCircuitID haproxy in your torrc file. That option is applied globally to every hidden service, Though it worked for web servers, for SSH clients adding a header line in front of every messages breaks the SSH protocol.

This is what I got when I enabled HiddenServiceExportCircuitID on a hidden ssh server and tries to connect:

$ torsocks ssh user@[some-hs-addr].onion
...
Bad packet length 1231976033.
ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 9050: message authentication code incorrect
$

You can either run multiple tor instances and configure the hidden SSH server in another daemon with this option disabled, or you can just disable this HiddenServiceExportCircuitID feature, if you don’t really use this feature to help yourself terminate specific circuits.

Multiple Instances feature is available on Debian:

1 Like
5

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.