[Touch-packages] [Bug 1254085] Re: ssh fails to connect to VPN host - hangs at 'expecting SSH2_MSG_KEX_ECDH_REPLY'
Update to my comment above (#37): I was able to connect to Box2 from OS X 10.11. I tried once more by mistake and was shocked that it suddenly worked (albeit with a long connection lag). With more testing I found I could connect from 10.11 to Box2 maybe 1/25 times (as I said, crazy making). I wasn't ever able to get to Box2 from Box1 despite trying numerous times. Long story short it looks like the Ubuntu SSH client is the most particular vs least able to win the race, followed by that in 10.11, followed by 10.9 which always connected without a problem. Interestingly when I switched to keys 10.11 was much more likely to connect (1/5 times). The switch to keys had no effect on Box1's inability to connect to Box2. So as with #36 I'd say Ubuntu's ssh client gave the worst experience here - vs - is actually the best but just needs an error message explaining why it's electing to protect me from (...?) vs "working" as my other clients did. For those curious about the sshd aspect of the story I did finally track down a fix for Box2. Box1 and Box2 are both dual nic systems. They were configured with eth0 as static and eth1 dhcp. Plugging eth1 and letting it obtained a dhcp lease / taking that interface out of the config fixed Box2. Having the interface configured but the jack unplug produced the client dependent connection issues I outlined in #37. Box1 had the exact same interface config (eth1 looking for a dhcp lease but not being plugged in) without any problem. They are both full Intel systems but totally different hardware. Seems like the kernel abstraction leaking hardware details up the stack but understandable given both were arguably misconfigured. Imagine how annoying it would be in a dual nic system to have a port go out and suddenly arbitrarily be unable to connect to sshd with anything other than an old copy of OS X. TL;DR - my 16.10 ssh client didn't work when others did and failed silently. This may be Ubuntu being smart. It may be Ubuntu being broken. Either repair or an informative error would make the experience better than / comparable to others. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1254085 Title: ssh fails to connect to VPN host - hangs at 'expecting SSH2_MSG_KEX_ECDH_REPLY' Status in openssh package in Ubuntu: Invalid Bug description: ssh -vvv is failing for me where is a VPN system. VPN is configured and connected via network-manager. Last messages from ssh (hangs forever): debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY = Workaround = $ sudo apt-get install putty $ putty This works perfectly. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: openssh-client 1:6.4p1-1 ProcVersionSignature: Ubuntu 3.12.0-3.8-generic 3.12.0 Uname: Linux 3.12.0-3-generic i686 NonfreeKernelModules: nvidia ApportVersion: 2.12.7-0ubuntu1 Architecture: i386 CurrentDesktop: Unity Date: Fri Nov 22 15:37:18 2013 InstallationDate: Installed on 2010-10-21 (1128 days ago) InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007) RelatedPackageVersions: ssh-askpass 1:1.2.4.1-9 libpam-sshN/A keychain 2.7.1-1 ssh-askpass-gnome 1:6.4p1-1 SSHClientVersion: OpenSSH_6.4p1 Ubuntu-1, OpenSSL 1.0.1e 11 Feb 2013 SourcePackage: openssh UpgradeStatus: Upgraded to trusty on 2013-11-01 (20 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1254085/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1254085] Re: ssh fails to connect to VPN host - hangs at 'expecting SSH2_MSG_KEX_ECDH_REPLY'
I'm running into hung ssh connection and it is crazy making because I'm getting inconsistent behavior across 16.10 boxes. I've got two newly installed 16.10 boxes ($ ssh -V: OpenSSH_7.3p1 Ubuntu-1, OpenSSL 1.0.2g 1 Mar 2016). I'll call them Box1 and Box2. They are in in adjacent ports on switch that has not had any changes in years and on which all other systems are functioning. I've got four clients: one OS X 10.9 (OpenSSH_6.2p1,OSSLShim 0.9.8r 8 Dec 2011), OS X 10.11 (OpenSSH_6.9p1, LibreSSL 2.1.8), Box1, and Box2. I can connect to Box1 from the other three clients without any problem. Works as expected. I can ONLY connect to Box2 from OS X 10.9 and itself (i.e. ssh me@localhost). I cannot get to it from Box1, I cannot get to it from OS X 10.11. I have swapped the two OS X boxes around on the network and also the two 16.10 boxes such that I'm confident that the ability to connect is a function of the client-server combination not the network link between them. ssh -vvv into Box2 from all of the failing clients hangs as above, expecting SSH2_MSG_KEX_ECDH_REPLY. This behavior / bug is so perplexing I'm unsure of it's relevance. I see two factors of interest: - Two ubuntu 16.10 sshds are behaving differently despite stock config across the two; - The ubuntu 16.10 is unable to connect to an sshd that one of two OS X ssh clients is able to connect two. Since the two just got installed they haven't had much time to diverge. The only differences between box1 and box2 are: (1) box2 is a few updates behind and (2) although both have LXD installed only box2 has had a container launched on it. Unfortunately prior to racking only the 10.9 system had ssh-ed into these boxes. I'm going to sit on this for now in case someone interesting in trying to get the Ubuntu ssh client to function - or - someone curious about the divergent behavior of the Ubuntu sshd can give guidance on how to turn this from a odd +1 report into something more useful. If not I'll do a little more troubleshooting (install the pending updates [initramfs-tools initramfs-tools-bin initramfs-tools-core isc-dhcp- client isc-dhcp-common libglib2.0-0 libglib2.0-data liblxc1 lxc-common], purge LXD) to see if I stumble onto something useful and failing that nuke and pave. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1254085 Title: ssh fails to connect to VPN host - hangs at 'expecting SSH2_MSG_KEX_ECDH_REPLY' Status in openssh package in Ubuntu: Invalid Bug description: ssh -vvv is failing for me where is a VPN system. VPN is configured and connected via network-manager. Last messages from ssh (hangs forever): debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY = Workaround = $ sudo apt-get install putty $ putty This works perfectly. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: openssh-client 1:6.4p1-1 ProcVersionSignature: Ubuntu 3.12.0-3.8-generic 3.12.0 Uname: Linux 3.12.0-3-generic i686 NonfreeKernelModules: nvidia ApportVersion: 2.12.7-0ubuntu1 Architecture: i386 CurrentDesktop: Unity Date: Fri Nov 22 15:37:18 2013 InstallationDate: Installed on 2010-10-21 (1128 days ago) InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007) RelatedPackageVersions: ssh-askpass 1:1.2.4.1-9 libpam-sshN/A keychain 2.7.1-1 ssh-askpass-gnome 1:6.4p1-1 SSHClientVersion: OpenSSH_6.4p1 Ubuntu-1, OpenSSL 1.0.1e 11 Feb 2013 SourcePackage: openssh UpgradeStatus: Upgraded to trusty on 2013-11-01 (20 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1254085/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
