OpenSSH 9.6 client is stuck

radiatejava radiatejava at gmail.com
Tue Apr 23 08:40:22 AEST 2024 

I am trying to run ssh to a server continuously and quickly. Out of
about 10-12 times of good run or result, once the client gets stuck.
It does not connect. This we are observing after upgrading both the
server and client to OpenSSL 9.6p1.

We are running this cmd on the client side:
ssh -vvv -p 1022 -o UserKnownHostsFile=/dev/null -o
GSSAPIAuthentication=no -o StrictHostKeyChecking=no -o
ConnectTimeout=60  -o PubkeyAuthentication=yes -o
PreferredAuthentications=publickey -o ServerAliveInterval=60 -i
/root/id_rsa root at 10.0.0.2 "/usr/sbin/dmidecode -s
system-product-name"

On the client side (working):
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname 10.0.0.6 is address
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to 10.0.0.6 [10.0.0.6] port 1022.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 60000 ms remain after connect

Client side non0-working:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname 10.0.0.6 is address
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to 10.0.0.6 [10.0.0.6] port 1022.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug2: fd 3 setting O_NONBLOCK <----------- hangs here
debug1: connect to address 10.0.0.6 port 1022: Connection timed out
ssh: connect to host 10.0.0.6 port 1022: Connection timed out

Netstat output shows client is stuck after receiving the syn-ack. It
remains in SYN_RECV status.
//client
root at node2:~# netstat -ant  | grep 1022
tcp        0      0 10.0.0.6:1022           10.0.0.5:52836          SYN_RECV

//server
root at node1:~# netstat -ant | grep 1022
tcp        0      0 10.0.0.5:1022           0.0.0.0:*               LISTEN
tcp        0      0 10.0.0.5:39668          10.0.0.6:1022           TIME_WAIT
tcp        0      1 10.0.0.5:52836          10.0.0.6:1022           SYN_SENT

More information about the openssh-unix-dev mailing list