Received message too long error in sftp

When I try to use sftp or scp2, I get a message like this:

Received message too long (or "Bad packet length") 1416586337

and the connection fails. What's wrong?

In order for this to work, the SSH session must be "clean" — that is, it must have on it only information transmitted by the programs at either end. What often happens, though, is that there are statements in either the system or per-user shell startup files on the server (.bashrc, .profile, /etc/csh.cshrc, .login, etc.) which output text messages on login, intended to be read by humans (like fortune, echo "Hi there!", etc.). Such code should only produce output on interactive logins, when there is a tty attached to standard input. If it does not make this test, it will insert these text messages where they don't belong: in this case, polluting the protocol stream between scp2/sftp and sftp-server. The first four bytes of the text gets interpreted as a 32-bit packet length, which will usually be a wildly large number, provoking the error message above. Notice that:

1416586337 decimal = 546F6461 hex = "Toda" ASCII

suggesting a string beginning "Today..." (or maybe "Thank-you" in transliterated Hebrew).

The reason the shell startup files are relevant at all, is that sshd employs the user's shell when starting any programs on the user's behalf (using e.g. /bin/sh -c "command"). This is a Unix tradition, and has advantages:

• The user's usual setup (command aliases, environment variables, umask, etc.) are in effect when remote commands are run.
• The common practice of setting an account's shell to /bin/false to disable it will prevent the owner from running any commands, should authentication still accidentally succeed for some reason.