Temporary Crypto Glitches ... ??
Philipp Marek
philipp at marek.priv.at
Thu Nov 18 04:48:22 AEDT 2021
> Then I tried *this*:
...
> Yes, that's eight times the *same* algorithm (the one that would get
> picked if there were no problem at all). Now let's try giving it only
> *seven* thumbs-up:
...
> [ ... continue to successful connection]
Yeah, that smells like MTU.
> Still possible that it's a pMTU detection problem or something alike
> it, though, will have to look into the tcpdumps I now have to see
> whether that's the case ...
When you have the blocking case, run "ss -i" to see the PMTU;
and/or run "tracepath -p 22 <host>" to diagnose.
Furthermore, you could try to set your own VM's MTU smaller to
see whether that solves the problem.
> (Both VMs are CentOS 7.9, the client a "free-range" one, the server a
> cloud provider's sub-flavor. There's a handful of VLANs, leased line
> uplink to a colo, then an IPsec VPN through the Internet into the
> cloud, and finally the usual cloud networking between the two.)
Yeah, lots of PMTU trouble points here inbetween.
If that's the case, you could either run one of the VMs with a
smaller permanent MTU, or set a route-specific MTU ("ip route via mtu").
Good luck!
More information about the openssh-unix-dev
mailing list