failure during key exchange?

Chris Rapier rapier at psc.edu
Sat Aug 13 03:21:36 EST 2005 

I have been contacted by some people who are having a problem with
transfer files using OpenSSH 4.1p1 with the HPN patch. I've taken a look
at their problem and I don't think its a problem with the HPN code so I
thought I would bounce it over here to see if anyone here has some insight.

In brief the connection is dying without spitting out an error message
during the key exchange. Of course its not consistant because that would
be too damn easy. I've narrowed it down to a section of code in keygexc.c.

Their hardware setup is (and I quote):
- Tests using the "new" scp were run between a V880 and a Sunfire 6800
domain.  3GB, 5GB, and 10GB files were transferred from a remote file
system striped across 6 disks and mounted on the 6800, to a similar but
separate file system mounted on the V880.

- Tests using the "traditional" scp were done from /tmp to /tmp (before
the remote file systems became available to us).

- In between was a Cisco 6509 Layer 3 switch, with a 1000Base-sx
connection to each server.

- Between the Cisco and the V880 was a PacketStorm WAN emulator, which
we used to inject latency into the network.

A typical debug looks like

debug2: channel 0: window 2607104 sent adjust 2621440
debug2: channel 0: window 2590720 sent adjust 2629632
test10g                                        39% 4088MB  14.1MB/s 
07:15 ETAdebug2: channel 0: window 2615296 sent adjust 2614272
debug1: SSH2_MSG_KEXINIT received
debug1: SSH2_MSG_KEXINIT sent
debug2: kex_parse_kexinit: 
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: 
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,none
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,none
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client none hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server none hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
lost connection
c9d1#

Which makes me think it could be some problem with atomicio during the 
keyexchange. I just don't know. Anyone have any insight on something 
like this?

More information about the openssh-unix-dev mailing list