Connection stalls at debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
mathew
meta at pobox.com
Sat Feb 14 05:35:47 AEDT 2015
Root cause established: A firewall appliance was replaced, and an error
installing the replacement meant it wasn't receiving rule updates. So, no
action at all needed by OpenSSH. Thanks, and sorry for the false alarm.
mathew
On Mon Feb 09 2015 at 4:42:25 PM mathew <meta at pobox.com> wrote:
> More info: We've checked firewall logs, and it seems to be a firewall rule
> designed to prevent sessions which are subject to the bug detailed at <
> http://archives.neohapsis.com/archives/bugtraq/2002-06/0294.html>.
>
> I've tried explicitly setting PAMAuthenticationViaKBDInt no,
> KbdInteractiveAuthentication no and UsePrivilegeSeparation yes in
> sshd_config, but the problem still occurs, so I think the firewall rule is
> buggy.
>
> So, doesn't seem to be an OpenSSH problem per se, but I'll follow up with
> anything more I discover in case other people encounter the issue -- it's
> possible that the rule in question is deployed quite widely.
>
>
> mathew
>
More information about the openssh-unix-dev
mailing list