Package: openssh-server Version: 1:10.0p1-7+deb13u4 Severity: important X-Debbugs-Cc: [email protected], [email protected]
I’ve got this trixie system, updated to latest everything earlier, and I cannot connect to it over the WLAN from a bullseye system any more. This worked very recently. I ran /usr/sbin/sshd -ddddde server-side and ssh -vvvvv client-side to test, and it hangs at: […] debug1: sshd-auth version OpenSSH_10.0, OpenSSL 3.5.6 7 Apr 2026 debug2: fd 5 is TCP_NODELAY [preauth] debug3: set_sock_tos: set socket 5 IP_TOS 0xb8 [preauth] debug3: server_process_channel_timeouts: setting 0 timeouts [preauth] debug3: channel_clear_timeouts: clearing [preauth] debug3: fd 5 is O_NONBLOCK [preauth] debug3: ssh_sandbox_init: preparing seccomp filter sandbox [preauth] debug3: privsep user:group 995:65534 [preauth] debug1: permanently_set_uid: 995/65534 [preauth] debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] debug3: ssh_sandbox_child: attaching seccomp filter program [preauth] debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth] debug3: send packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] The client hangs after listing all the identity files and showing the local version string as debug1. ssh-ing to localhost works. It’s not an MTU problem, 1500 byte DF ping packets go through. If I run the sever as /usr/sbin/sshd -ddddde -o IPQoS=throughput the connection succeeds. For the sake of completeness: /usr/sbin/sshd -ddddde -o IPQoS=ef hangs /usr/sbin/sshd -ddddde -o IPQoS=le works /usr/sbin/sshd -ddddde -o IPQoS=none works (do I need to test more?) Server hangs on a FritzBox 7430 (OS 07.31 up-to-date) which is meshed with a FritzBox 7330 (OS 06.56 up-to-date). They have isolation disabled, and as far as I can tell, no filtering. -- System Information: Debian Release: 13.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.86+deb13-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) Versions of packages openssh-server depends on: ii debconf [debconf-2.0] 1.5.91 ii init-system-helpers 1.69~deb13u1 ii libaudit1 1:4.0.2-2+b2 ii libc6 2.41-12+deb13u3 ii libcom-err2 1.47.2-3+b11 ii libcrypt1 1:4.4.38-1 ii libgssapi-krb5-2 1.21.3-5 ii libkrb5-3 1.21.3-5 ii libpam-modules 1.7.0-5 ii libpam-runtime 1.7.0-5 ii libpam0g 1.7.0-5 ii libselinux1 3.8.1-1 ii libssl3t64 3.5.6-1~deb13u1 ii libwrap0 7.6.q-36 ii libwtmpdb0 0.73.0-3+deb13u1 ii openssh-client 1:10.0p1-7+deb13u4 ii openssh-sftp-server 1:10.0p1-7+deb13u4 ii procps 2:4.0.4-9 ii runit-helper 2.16.4 ii systemd-standalone-sysusers [systemd-sysusers] 257.13-1~deb13u1 ii sysvinit-utils [lsb-base] 3.14-4 ii ucf 3.0052 ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1 Versions of packages openssh-server recommends: ii logind-considered-harmful [logind] 89 pn ncurses-term <none> ii xauth 1:1.1.2-1.1 Versions of packages openssh-server suggests: ii kwalletcli [ssh-askpass] 3.03-1+b1 ii molly-guard 0.8.5 pn monkeysphere <none> ii ssh-askpass 1:1.2.4.1-16+b1 pn ufw <none> -- debconf information excluded
