Wu ShuKun
2015-Mar-26 06:44 UTC
SSH hung with an OpenSSH_6.6.1p1 --> OpenSSH_5.8p2_hpn13v11
greeting! ssh connection failed by using a new version SSH to and old one. Below is the symptoms which on a same network. Connection is Okay with old version SSH %ssh -V OpenSSH_5.4p1 FreeBSD-20100308, OpenSSL 0.9.8q 2 Dec 2010 %ssh -v 10.41.172.19 OpenSSH_5.4p1 FreeBSD-20100308, OpenSSL 0.9.8q 2 Dec 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 10.41.172.19 [10.41.172.19] port 22. debug1: Connection established. debug1: identity file /home/wsk/.ssh/id_rsa type -1 debug1: identity file /home/wsk/.ssh/id_rsa-cert type -1 debug1: identity file /home/wsk/.ssh/id_dsa type -1 debug1: identity file /home/wsk/.ssh/id_dsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503 debug1: match: OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.4p1 FreeBSD-20100308 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY The authenticity of host '10.41.172.19 (10.41.172.19)' can't be established. RSA key fingerprint is ab:81:83:79:6a:d8:29:23:a0:51:1d:e6:f0:aa:ce:d6. Are you sure you want to continue connecting (yes/no)? --- failed with Latest SSH: % ssh -V OpenSSH_6.6.1p1, OpenSSL 1.0.1l-freebsd 15 Jan 2015 % ssh -v 10.41.172.19 OpenSSH_6.6.1p1, OpenSSL 1.0.1l-freebsd 15 Jan 2015 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 10.41.172.19 [10.41.172.19] port 22. debug1: Connection established. debug1: identity file /home/wsk/.ssh/id_rsa type -1 debug1: identity file /home/wsk/.ssh/id_rsa-cert type -1 debug1: identity file /home/wsk/.ssh/id_dsa type -1 debug1: identity file /home/wsk/.ssh/id_dsa-cert type -1 debug1: identity file /home/wsk/.ssh/id_ecdsa type -1 debug1: identity file /home/wsk/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/wsk/.ssh/id_ed25519 type -1 debug1: identity file /home/wsk/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503 debug1: match: OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY Connection closed by 10.41.172.19 any ideas?
Mike Tancsa
2015-Mar-26 10:12 UTC
SSH hung with an OpenSSH_6.6.1p1 --> OpenSSH_5.8p2_hpn13v11
On 3/26/2015 2:44 AM, Wu ShuKun wrote:> OpenSSH_5.4p1 FreeBSD-20100308, OpenSSL 0.9.8q 2 Dec 2010 > failed with Latest SSH: > % ssh -V > OpenSSH_6.6.1p1, OpenSSL 1.0.1l-freebsd 15 Jan 2015Hi, The latest is 1.0.1m, no? }# ssh -V OpenSSH_6.6.1p1, OpenSSL 1.0.1m-freebsd 19 Mar 2015 What version of FreeBSD are you using ? Ssh and Openssl from the ports ? or in the base ? ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike at sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Mike Tancsa
2015-Mar-26 14:16 UTC
SSH hung with an OpenSSH_6.6.1p1 --> OpenSSH_5.8p2_hpn13v11
On 3/26/2015 2:44 AM, Wu ShuKun wrote:> greeting! > ssh connection failed by using a new version SSH to and old one. > Below is the symptoms which on a same network. > Connection is Okay with old version SSH > %ssh -V > OpenSSH_5.4p1 FreeBSD-20100308, OpenSSL 0.9.8q 2 Dec 2010 > OpenSSH_6.6.1p1, OpenSSL 1.0.1l-freebsd 15 Jan 2015 > % ssh -v 10.41.172.19 > OpenSSH_6.6.1p1, OpenSSL 1.0.1l-freebsd 15 Jan 2015Is it possible this user somehow got a package or port, or binary upgrade somehow built with OpenSSL when it was briefly broken between r280266 and r280274 ? (Trimming the other lists from this thread) ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike at sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/