What does /etc/ssh/ssh_config look like on the OpenBSD client?
--
Jeff Goettsch
Agricultural and Resource Economics
University of California, Davis
http://agecon.ucdavis.edu/
On Fri, November 22, 2013 6:52 am, haris wrote:
> Hi,
>
> first of all, thanks @sthen for your answer (OP has no net access atm).
>
> We are to the point where the clients get ip (windows/linux/OpenBSD) and
> traffic is passing through the server as expected.
>
> There is a very strange problem with ssh service though. While internet
> traffic
> is being routed as expected, when we try to ssh, we can't connect (from
> OpenBSD
> clients) to any server.
>
> [..snip..]
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>
> and it just hangs there.
>
> Test time with windows, and with PuTTY, there is absolutely no problem. I
> can
> connect anywhere with absolutely no problem. At this point, I went with
> the
> crazy idea to try PuTTY on OpenBSD. And ssh with PuTTY works... We can't
> get
> our heads aroun this problem and why this is happening.
>
> ## pf.conf @ server ##
> NIC="<interface>"
> set skip on {lo0}
> block # block stateless traffic
> pass # establish keep-state
> block in on ! lo0 proto tcp to port 6000:6010
> block in on vic0
> #vpn
> extip="<ip>"
> pass in quick inet proto tcp from any to $NIC port {<ports>} flags S/SA
> keep
> state
> pass quick proto { esp, ah } from any to any
> pass in quick on egress proto udp from any to any port {500, 4500} keep
> state
> pass quick on enc0 from any to any keep state (if-bound)
> pass out quick on egress inet from 10.0.10.0/24 to any nat-to (egress:0)
> pass out on vic0
>
>
> Does anyone has a solution to this problem?
>
> Thanks.
>
> --
> A: Because we read from top to bottom, left to right.
> Q: Why should I start my reply below the quoted text?
>
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
> [demime 1.01d removed an attachment of type application/pgp-signature]
