[Bug 1254085] Re: ssh fails to connect to VPN host - hangs at 'expecting SSH2_MSG_KEX_ECDH_REPLY'

Fri Nov 18 10:39:15 UTC 2016

Hi everybody,
this is coming up over and over again and not only on Ubuntu but on various Distributions.

As outlined before the error is an effect of broken path MTU discovery.
This could be Firewall, broken Router software, ... , bad local MTU config, ... many potential sources.

It is nothing that "openssh" nor Ubuntu's openssh packaging can really
fix.

The real "fix" is to fixup the network configuration wherever it is
broken for correct PMTU discovery (or fix the local net/mtu
configuration if that is the issue).

The mentioned workaround is nice - thank you bs for the mentioning - as
it gives user unable to configure the network a way to work around the
issue. The way it works is that it switches the MTU discovery to
different modes (https://www.kernel.org/doc/Documentation/networking/ip-
sysctl.txt).

That said one might argue why the default mode is disabled, but look at since when this is the default: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d424d5a674f782d0659a3b66d951f412901faee
That is a decade ago and never changed (these days namespacified, but still 0).
So I think this as default is set in stone as much as everything else that survives that long.

All that outlined I think we have to mark the bug invalid/incomplete as
it should be considered a local configuration issue IMHO. Please of you
object please set it back to confirmed and explain why you think so -
and if possible please also mention how you'd suggest to approach the
case.

** Changed in: openssh (Ubuntu)
       Status: Confirmed => Incomplete

** Changed in: openssh (Ubuntu)
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1254085

Title:
  ssh fails to connect to VPN host - hangs at 'expecting
  SSH2_MSG_KEX_ECDH_REPLY'

Status in openssh package in Ubuntu:
  Invalid

Bug description:
  ssh -vvv <host> is failing for me where <host> is a VPN system.

  VPN is configured and connected via network-manager. Last messages
  from ssh (hangs forever):

  debug2: kex_parse_kexinit: none,zlib at openssh.com
  debug2: kex_parse_kexinit: none,zlib at openssh.com
  debug2: kex_parse_kexinit: 
  debug2: kex_parse_kexinit: 
  debug2: kex_parse_kexinit: first_kex_follows 0 
  debug2: kex_parse_kexinit: reserved 0 
  debug2: mac_setup: found hmac-md5
  debug1: kex: server->client aes128-ctr hmac-md5 none
  debug2: mac_setup: found hmac-md5
  debug1: kex: client->server aes128-ctr hmac-md5 none
  debug1: sending SSH2_MSG_KEX_ECDH_INIT
  debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

  = Workaround =

  $ sudo apt-get install putty
  $ putty <host>

  This works perfectly.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: openssh-client 1:6.4p1-1
  ProcVersionSignature: Ubuntu 3.12.0-3.8-generic 3.12.0
  Uname: Linux 3.12.0-3-generic i686
  NonfreeKernelModules: nvidia
  ApportVersion: 2.12.7-0ubuntu1
  Architecture: i386
  CurrentDesktop: Unity
  Date: Fri Nov 22 15:37:18 2013
  InstallationDate: Installed on 2010-10-21 (1128 days ago)
  InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
  RelatedPackageVersions:
   ssh-askpass       1:1.2.4.1-9
   libpam-ssh        N/A
   keychain          2.7.1-1
   ssh-askpass-gnome 1:6.4p1-1
  SSHClientVersion: OpenSSH_6.4p1 Ubuntu-1, OpenSSL 1.0.1e 11 Feb 2013
  SourcePackage: openssh
  UpgradeStatus: Upgraded to trusty on 2013-11-01 (20 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1254085/+subscriptions