[Bug 1254085] Re: ssh fails to connect to VPN host - hangs at 'expecting SSH2_MSG_KEX_ECDH_REPLY'

Sat Nov 19 08:05:10 UTC 2016

There is a problem with 'OpenSSH' client not connecting while 'Putty'
client does work given the same network settings.  This was my finding
almost 3 years ago.

Given that another client does work - there is something OpenSSH Client
can do to resolve the issue.

Ubuntu distributes OpenSSH client in it's core distribution.  As such
this is a valid issue with Ubuntu and should remain open until one of
the following conditions are met:

1) The issue is fixed in OpenSSH client and connection succeeds as it
does in Putty and Ubuntu releases a package that resolves it.

2) The OpenSSH package inserts a sane timeout on 'expecting
SSH2_MSG_KEX_ECDH_REPLY' and issue's an error to the user instead of
hanging for a connection, leaving a poor user experience.  Inform the
user that the software is not adequate in its ability tolerate uncertain
MTU settings, and suggest a more robust client such as Putty.

3) Ubuntu removes OpenSSH client from its core distribution.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1254085

Title:
  ssh fails to connect to VPN host - hangs at 'expecting
  SSH2_MSG_KEX_ECDH_REPLY'

Status in openssh package in Ubuntu:
  Invalid

Bug description:
  ssh -vvv <host> is failing for me where <host> is a VPN system.

  VPN is configured and connected via network-manager. Last messages
  from ssh (hangs forever):

  debug2: kex_parse_kexinit: none,zlib at openssh.com
  debug2: kex_parse_kexinit: none,zlib at openssh.com
  debug2: kex_parse_kexinit: 
  debug2: kex_parse_kexinit: 
  debug2: kex_parse_kexinit: first_kex_follows 0 
  debug2: kex_parse_kexinit: reserved 0 
  debug2: mac_setup: found hmac-md5
  debug1: kex: server->client aes128-ctr hmac-md5 none
  debug2: mac_setup: found hmac-md5
  debug1: kex: client->server aes128-ctr hmac-md5 none
  debug1: sending SSH2_MSG_KEX_ECDH_INIT
  debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

  = Workaround =

  $ sudo apt-get install putty
  $ putty <host>

  This works perfectly.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: openssh-client 1:6.4p1-1
  ProcVersionSignature: Ubuntu 3.12.0-3.8-generic 3.12.0
  Uname: Linux 3.12.0-3-generic i686
  NonfreeKernelModules: nvidia
  ApportVersion: 2.12.7-0ubuntu1
  Architecture: i386
  CurrentDesktop: Unity
  Date: Fri Nov 22 15:37:18 2013
  InstallationDate: Installed on 2010-10-21 (1128 days ago)
  InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
  RelatedPackageVersions:
   ssh-askpass       1:1.2.4.1-9
   libpam-ssh        N/A
   keychain          2.7.1-1
   ssh-askpass-gnome 1:6.4p1-1
  SSHClientVersion: OpenSSH_6.4p1 Ubuntu-1, OpenSSL 1.0.1e 11 Feb 2013
  SourcePackage: openssh
  UpgradeStatus: Upgraded to trusty on 2013-11-01 (20 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1254085/+subscriptions