[Bug 1254085] Re: ssh fails to connect to VPN host - hangs at 'expecting SSH2_MSG_KEX_ECDH_REPLY'
ChristianEhrhardt
1254085 at bugs.launchpad.net
Fri Nov 18 10:39:15 UTC 2016
Hi everybody,
this is coming up over and over again and not only on Ubuntu but on various Distributions.
As outlined before the error is an effect of broken path MTU discovery.
This could be Firewall, broken Router software, ... , bad local MTU config, ... many potential sources.
It is nothing that "openssh" nor Ubuntu's openssh packaging can really
fix.
The real "fix" is to fixup the network configuration wherever it is
broken for correct PMTU discovery (or fix the local net/mtu
configuration if that is the issue).
The mentioned workaround is nice - thank you bs for the mentioning - as
it gives user unable to configure the network a way to work around the
issue. The way it works is that it switches the MTU discovery to
different modes (https://www.kernel.org/doc/Documentation/networking/ip-
sysctl.txt).
That said one might argue why the default mode is disabled, but look at since when this is the default: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d424d5a674f782d0659a3b66d951f412901faee
That is a decade ago and never changed (these days namespacified, but still 0).
So I think this as default is set in stone as much as everything else that survives that long.
All that outlined I think we have to mark the bug invalid/incomplete as
it should be considered a local configuration issue IMHO. Please of you
object please set it back to confirmed and explain why you think so -
and if possible please also mention how you'd suggest to approach the
case.
** Changed in: openssh (Ubuntu)
Status: Confirmed => Incomplete
** Changed in: openssh (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1254085
Title:
ssh fails to connect to VPN host - hangs at 'expecting
SSH2_MSG_KEX_ECDH_REPLY'
Status in openssh package in Ubuntu:
Invalid
Bug description:
ssh -vvv <host> is failing for me where <host> is a VPN system.
VPN is configured and connected via network-manager. Last messages
from ssh (hangs forever):
debug2: kex_parse_kexinit: none,zlib at openssh.com
debug2: kex_parse_kexinit: none,zlib at openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
= Workaround =
$ sudo apt-get install putty
$ putty <host>
This works perfectly.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: openssh-client 1:6.4p1-1
ProcVersionSignature: Ubuntu 3.12.0-3.8-generic 3.12.0
Uname: Linux 3.12.0-3-generic i686
NonfreeKernelModules: nvidia
ApportVersion: 2.12.7-0ubuntu1
Architecture: i386
CurrentDesktop: Unity
Date: Fri Nov 22 15:37:18 2013
InstallationDate: Installed on 2010-10-21 (1128 days ago)
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
RelatedPackageVersions:
ssh-askpass 1:1.2.4.1-9
libpam-ssh N/A
keychain 2.7.1-1
ssh-askpass-gnome 1:6.4p1-1
SSHClientVersion: OpenSSH_6.4p1 Ubuntu-1, OpenSSL 1.0.1e 11 Feb 2013
SourcePackage: openssh
UpgradeStatus: Upgraded to trusty on 2013-11-01 (20 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1254085/+subscriptions
More information about the foundations-bugs
mailing list