Hi, As I haven't seen any related discussion here (or bug in bugzilla), I thought it'll be good to do a heads-up for a recently introduced problem in 5.8p1 (or at least after 5.5.x). Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612607 Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493 Arch Linux: https://bugs.archlinux.org/task/22897?project=1 Any other information needed? Shall I file a bug in bugzilla? Best Regards Oren
On 16/02/11 9:27 PM, Oren Held wrote:> Hi, > > As I haven't seen any related discussion here (or bug in bugzilla), I thought > it'll be good to do a heads-up for a recently introduced problem in 5.8p1 (or at > least after 5.5.x). > > Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612607 > Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493 > Arch Linux: https://bugs.archlinux.org/task/22897?project=1 > > Any other information needed? Shall I file a bug in bugzilla?Can you reproduce the problem with an unmodified tarball from openssh.com? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
#!/bin/hi Sorry to interfere, but finally I find someone talking about my problem. I encountered the very same problem with a mix of Gentoo/Ubuntu/Debian machines whereas I could not connect from my Gentoo Box (5.8p1) to any machine behind the firewall in the wild (Debian; 5.1p1). But connecting to a Ubuntu box right next to me within the very same subnet and then SSH from this very machine to a machine outside worked. I also could connect to any machine inside the subnet from my Gentoo/5.8p1. Then reducing the number of cypher-options on the client side by stating in /etc/ssh/ssh_config: --- 8< snip --- ... # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160 MACs hmac-md5,hmac-sha1,hmac-ripemd160 ... --- >8 snap --- worked like charm. I finally can SSH again to my machines behind the firewall. Thanks for this workaround. KR, Oliver