Connection stalls at debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

mathew meta at
Tue Feb 10 09:42:26 AEDT 2015

More info: We've checked firewall logs, and it seems to be a firewall rule
designed to prevent sessions which are subject to the bug detailed at <>.

I've tried explicitly setting PAMAuthenticationViaKBDInt no,
KbdInteractiveAuthentication no and UsePrivilegeSeparation yes in
sshd_config, but the problem still occurs, so I think the firewall rule is

So, doesn't seem to be an OpenSSH problem per se, but I'll follow up with
anything more I discover in case other people encounter the issue -- it's
possible that the rule in question is deployed quite widely.


More information about the openssh-unix-dev mailing list