touch-packages team mailing list archive

Thread
Date

[Bug 1254085] Re: ssh fails to connect to VPN host - hangs at 'expecting SSH2_MSG_KEX_ECDH_REPLY'

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Luke J Militello <kilahurtz@xxxxxxxxx>
Date: Thu, 24 Sep 2015 18:49:25 -0000
Reply-to: Bug 1254085 <1254085@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Since the DF bit is set and PMTUD is being disobeyed, I discovered that
MSS is obeyed.  Therefore, I resolved my problems by doing the overhead
math and setting the MSS adjust parameter on the LAN facing interfaces
of my routers.  This workaround is definitely more scalable than
changing the system MTU on all my machines.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1254085

Title:
  ssh fails to connect to VPN host - hangs at 'expecting
  SSH2_MSG_KEX_ECDH_REPLY'

Status in openssh package in Ubuntu:
  Confirmed

Bug description:
  ssh -vvv <host> is failing for me where <host> is a VPN system.

  VPN is configured and connected via network-manager. Last messages
  from ssh (hangs forever):

  debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
  debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
  debug2: kex_parse_kexinit: 
  debug2: kex_parse_kexinit: 
  debug2: kex_parse_kexinit: first_kex_follows 0 
  debug2: kex_parse_kexinit: reserved 0 
  debug2: mac_setup: found hmac-md5
  debug1: kex: server->client aes128-ctr hmac-md5 none
  debug2: mac_setup: found hmac-md5
  debug1: kex: client->server aes128-ctr hmac-md5 none
  debug1: sending SSH2_MSG_KEX_ECDH_INIT
  debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

  
  = Workaround =

  $ sudo apt-get install putty
  $ putty <host>

  This works perfectly.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: openssh-client 1:6.4p1-1
  ProcVersionSignature: Ubuntu 3.12.0-3.8-generic 3.12.0
  Uname: Linux 3.12.0-3-generic i686
  NonfreeKernelModules: nvidia
  ApportVersion: 2.12.7-0ubuntu1
  Architecture: i386
  CurrentDesktop: Unity
  Date: Fri Nov 22 15:37:18 2013
  InstallationDate: Installed on 2010-10-21 (1128 days ago)
  InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
  RelatedPackageVersions:
   ssh-askpass       1:1.2.4.1-9
   libpam-ssh        N/A
   keychain          2.7.1-1
   ssh-askpass-gnome 1:6.4p1-1
  SSHClientVersion: OpenSSH_6.4p1 Ubuntu-1, OpenSSL 1.0.1e 11 Feb 2013
  SourcePackage: openssh
  UpgradeStatus: Upgraded to trusty on 2013-11-01 (20 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1254085/+subscriptions