Connection stalls at debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

Petr Lautrbach plautrba at redhat.com
Tue Feb 10 06:23:26 AEDT 2015 

On 02/09/2015 06:09 PM, mathew wrote:
> Trying to connect from Fedora 21 to CentOS 6.6, OpenSSH on both ends.
> Connection is via a VPN.
> 
> Initially the connection seems good, but OpenSSH stalls at
>   debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP.
> 
> Software version on servers:
> openssh-server-5.3p1-104.el6_6.1.x86_64
> openssh-5.3p1-104.el6_6.1.x86_64
> 
> Software version on client:
> openssh-6.6.1p1-11.1.fc21.x86_64
> also duplicated problem using local build of openssh-6.7p1.tar.gz
> 
> Connections to other CentOS 6 servers with identical SSH versions and
> configurations are successful. (Configs are managed by Puppet so I'm
> confident they really are identical, and I rebooted the server before the
> test below.)
> 
> Connections to the problem server using Windows PuTTY SSH are successful!
> (Using a Windows VM running on the same Fedora 21 client machine, inside
> VirtualBox.)
> 
> VPN MTU is 1400. Ping check for packet size:
> % ping -M do -s 1372 10.77.16.71
> PING 10.77.16.71 (10.77.16.71) 1372(1400) bytes of data.
> 1380 bytes from 10.77.16.71: icmp_seq=1 ttl=61 time=69.4 ms
> Server MTU is 1500, and I've confirmed that 1472-byte packets ping
> successfully from other servers to the problem server.

It seems to be the same problem as described and discussed in this [1]
thread.  MTU 1400 is not enough for packet sent by
openssh-6.6.1p1-11.1.fc21 with default settings. The size of one of
initial packets could be even 1968. Your VPN probably makes a
fragmentation but doesn't do the correct defragmentation. As a
workaround you can set shorter lists of MACs used by your client, eg:

$ ssh -m hmac-sha1 ...


[1]
https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-November/031775.html


> 
> Here's a transcript using ssh -vvv and a build of OpenSSH from
> openssh-6.7p1 sources:
> 
> % ./ssh -vvv docs.rtp.tecnet
> OpenSSH_6.7p1, OpenSSL 1.0.1k-fips 8 Jan 2015
> debug1: Reading configuration data /home/meta/.ssh/config
> /home/meta/.ssh/config line 1: Unsupported option "gssapiauthentication"
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to docs.rtp.tecnet [10.77.16.71] port 22.
> debug1: Connection established.
> debug1: identity file /home/meta/.ssh/id_rsa type 1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/meta/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/meta/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/meta/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/meta/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/meta/.ssh/id_ecdsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/meta/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/meta/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_6.7
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
> debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
> debug2: fd 3 setting O_NONBLOCK
> debug3: load_hostkeys: loading entries for host "docs.rtp.tecnet" from file
> "/home/meta/.ssh/known_hosts"
> debug3: load_hostkeys: loaded 0 keys
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org
> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01 at openssh.com,
> ecdsa-sha2-nistp384-cert-v01 at openssh.com,
> ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,
> ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,
> ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com
> ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,
> aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com
> ,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
> rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,
> aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com
> ,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
> rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,
> hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,
> hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com
> ,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at openssh.com,
> hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,
> hmac-md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,
> hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,
> hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,
> hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com
> ,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at openssh.com,
> hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,
> hmac-md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,
> hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
> debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
> debug2: kex_parse_kexinit: hmac-sha1,hmac-ripemd160
> debug2: kex_parse_kexinit: hmac-sha1,hmac-ripemd160
> debug2: kex_parse_kexinit: none,zlib at openssh.com
> debug2: kex_parse_kexinit: none,zlib at openssh.com
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_setup: setup hmac-sha1
> debug1: kex: server->client aes128-ctr hmac-sha1 none
> debug2: mac_setup: setup hmac-sha1
> debug1: kex: client->server aes128-ctr hmac-sha1 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> [hangs]
> 
> Here's the config output from building OpenSSH as used above:
> 
> OpenSSH has been configured with the following options:
>                      User binaries: /usr/local/bin
>                    System binaries: /usr/local/sbin
>                Configuration files: /usr/local/etc
>                    Askpass program: /usr/local/libexec/ssh-askpass
>                       Manual pages: /usr/local/share/man/manX
>                           PID file: /var/run
>   Privilege separation chroot path: /var/empty
>             sshd default user PATH:
> /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
>                     Manpage format: doc
>                        PAM support: no
>                    OSF SIA support: no
>                  KerberosV support: no
>                    SELinux support: no
>                  Smartcard support:
>                      S/KEY support: no
>               MD5 password support: no
>                    libedit support: no
>   Solaris process contract support: no
>            Solaris project support: no
>        IP address in $DISPLAY hack: no
>            Translate v4 in v6 hack: yes
>                   BSD Auth support: no
>               Random number source: OpenSSL internal ONLY
>              Privsep sandbox style: seccomp_filter
> 
>               Host: x86_64-unknown-linux-gnu
>           Compiler: gcc
>     Compiler flags: -g -O2 -Wall -Wpointer-arith -Wuninitialized
> -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess
> -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing
> -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong
> -fPIE
> Preprocessor flags:
>       Linker flags:  -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack
> -fstack-protector-strong -pie
>          Libraries: -lcrypto -ldl -lutil -lz -lnsl  -lcrypt -lresolv
> 
> So... Any ideas what I can try next to track down the source of the problem?
> 
> 
> mathew
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 


-- 
Petr Lautrbach

More information about the openssh-unix-dev mailing list