Connection stalls at debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

mathew meta at
Sat Feb 14 05:35:47 AEDT 2015

Root cause established: A firewall appliance was replaced, and an error
installing the replacement meant it wasn't receiving rule updates. So, no
action at all needed by OpenSSH. Thanks, and sorry for the false alarm.


On Mon Feb 09 2015 at 4:42:25 PM mathew <meta at> wrote:

> More info: We've checked firewall logs, and it seems to be a firewall rule
> designed to prevent sessions which are subject to the bug detailed at <
> I've tried explicitly setting PAMAuthenticationViaKBDInt no,
> KbdInteractiveAuthentication no and UsePrivilegeSeparation yes in
> sshd_config, but the problem still occurs, so I think the firewall rule is
> buggy.
> So, doesn't seem to be an OpenSSH problem per se, but I'll follow up with
> anything more I discover in case other people encounter the issue -- it's
> possible that the rule in question is deployed quite widely.
> mathew

More information about the openssh-unix-dev mailing list