Hi, every once in a while, I am stuck in a crap wifi network and often cannot even establish SSH connections. What happens is that the socket connection is established, but the client then just waits for a server reply during the DH key exhchange:
debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client 3des-cbc hmac-md5 none debug1: kex: client->server 3des-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY there it sits forever, eventually doing TCP retransmissions of the DH GEX Init sequence. In the tcpdump output, I see a lot of duplicate packets, but otherwise can't figure out what's going on. 2.996410 192.168.254.246 -> 213.203.238.82 TCP 59448 > 22 [SYN] Seq=0 Win=5440 Len=0 MSS=1360 TSV=4283727 TSER=0 WS=6 4.443188 213.203.238.82 -> 192.168.254.246 TCP 22 > 59448 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1380 TSV=747572639 TSER=4283727 WS=7 4.443250 192.168.254.246 -> 213.203.238.82 TCP 59448 > 22 [ACK] Seq=1 Ack=1 Win=5440 Len=0 TSV=4284088 TSER=747572639 5.620407 213.203.238.82 -> 192.168.254.246 SSH Server Protocol: SSH-2.0-OpenSSH_4.3p2 Debian-9 5.620536 192.168.254.246 -> 213.203.238.82 TCP 59448 > 22 [ACK] Seq=1 Ack=32 Win=5440 Len=0 TSV=4284383 TSER=747573010 5.620750 192.168.254.246 -> 213.203.238.82 SSH Client Protocol: SSH-2.0-OpenSSH_4.7p1 Debian-8 6.889086 213.203.238.82 -> 192.168.254.246 TCP 22 > 59448 [ACK] Seq=32 Ack=32 Win=5888 Len=0 TSV=747573317 TSER=4284383 6.889130 192.168.254.246 -> 213.203.238.82 SSHv2 Client: Key Exchange Init 6.975096 213.203.238.82 -> 192.168.254.246 SSHv2 Server: Key Exchange Init 7.012395 192.168.254.246 -> 213.203.238.82 TCP 59448 > 22 [ACK] Seq=592 Ack=736 Win=6848 Len=0 TSV=4284731 TSER=747573317 7.711829 213.203.238.82 -> 192.168.254.246 TCP 22 > 59448 [ACK] Seq=736 Ack=592 Win=6912 Len=0 TSV=747573644 TSER=4284700 7.711873 192.168.254.246 -> 213.203.238.82 SSHv2 Client: Diffie-Hellman GEX Request 8.741589 213.203.238.82 -> 192.168.254.246 SSHv2 Server: Diffie-Hellman Key Exchange Reply 8.741634 192.168.254.246 -> 213.203.238.82 TCP 59448 > 22 [ACK] Seq=616 Ack=1016 Win=8256 Len=0 TSV=4285163 TSER=747573824 8.781014 192.168.254.246 -> 213.203.238.82 SSHv2 Client: Diffie-Hellman GEX Init 14.908203 192.168.254.246 -> 213.203.238.82 SSHv2 [TCP Retransmission] Client: Diffie-Hellman GEX Init 16.227454 213.203.238.82 -> 192.168.254.246 TCP [TCP Previous segment lost] 22 > 59448 [ACK] Seq=1608 Ack=888 Win=8064 Len=0 TSV=747575655 TSER=4286705 SLE=616 SRE=888 22.576404 192.168.254.246 -> 213.203.238.82 SSH Encrypted request packet len=560 23.876222 213.203.238.82 -> 192.168.254.246 TCP [TCP ACKed lost segment] 22 > 59447 [ACK] Seq=1 Ack=586 Win=54 Len=0 TSV=747577555 TSER=4288622 23.942641 213.203.238.82 -> 192.168.254.246 SSH Encrypted response packet len=280 I tried varying the MTU but that didn't seem to have any effect. Does anyone have any clue what's going on here? Is SSH2_MSG_KEX_DH_GEX_INIT so complex that it manages to screw over crap networks? -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems "women, when they are not in love, have all the cold blood of an experienced attorney." -- honoré de balzac
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
