-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/26/15 17:30, Wu ShuKun wrote:> Yep. I'm upgraded via freebsd-update. and I have no idea where > i'm wrong either.:-[ Is it likely I have no luck in other words?Can you try specifying -o "KexAlgorithms diffie-hellman-group-exchange-sha1" when ssh'ing and see if that would mitigate the problem? My gut feeling is that somehow the HPN patch have broke certain key exchange negotiation steps of OpenSSH, which was not exercised in earlier versions of FreeBSD due to the lack of ECDH key exchange? Cheers, - -- Xin LI <delphij at delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.2 (FreeBSD) iQIcBAEBCgAGBQJVFKndAAoJEJW2GBstM+ns83UQAIjsYGkaBJstCW1F/Rp1Q1mm Hg63DSYteIhOfAJ/m3M4qpfWJq3vf9ID0QjN0oPkfpKvwK35P3hgkT0y/hleRjpG YdcDqlW6Adm8ZmaI+9BdZSqga+plfXyjeyChgjXSfocT7Is+s0+zSS4km3rl91aR Jhv1uVr/gMKUTnXlCaNSDajzHpEYxaKu1ipp1OTfdwnSdoK1VpVN1dcDHFK0stts qdrFiOQWKaUXiXnfVTrGRowTBk46C429k+66YLKmYLfSj/0toiCGRlrwfCLTYFHM Uc0oGWTJbqyhd9lpf5Q90B7pvJ7sBaatvEt0i9LgyuyfZQieAX6hidgnEV5cI4nC CYfMwjXRSOChcvpBtjsC/Az+7FE0mOXN9NAmwPcQ5XO0JtipNrCKwN1oR6nG2Rk5 c1qBcc9fYZBYRwdnunEG3FlNgnzi5baoHszSoHGmkew4dbUZsTIYEknsMlP0B3BP k0RHnl/083JTDP55WR/IEJF0O0LVGnrI4UQEDq66hfNSNoLLJkMkyC95EIZpNHVo uo6TI9TP3QvJBp/iPIuIdQaux7DFD/ba1htXWwOsf4Sw2brHYyvLGfnHkFOBrFNt LkiYZf9CCsawDU+BGSn2OJCndDidLuJV4H2jtZFbJ+vo13nq0t+ZmA7ZtEOz4EMr v2DmLBOFU3jxsrAwmkhJ =HsH2 -----END PGP SIGNATURE-----
Wu ShuKun
2015-Mar-27 01:25 UTC
SSH hung with an OpenSSH_6.6.1p1 --> OpenSSH_5.8p2_hpn13v11
Okay % ssh -v -o "KexAlgorithms diffie-hellman-group-exchange-sha1" 10.41.172.19 OpenSSH_6.6.1p1, OpenSSL 1.0.1l-freebsd 15 Jan 2015 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 10.41.172.19 [10.41.172.19] port 22. debug1: Connection established. debug1: identity file /home/wsk/.ssh/id_rsa type -1 debug1: identity file /home/wsk/.ssh/id_rsa-cert type -1 debug1: identity file /home/wsk/.ssh/id_dsa type -1 debug1: identity file /home/wsk/.ssh/id_dsa-cert type -1 debug1: identity file /home/wsk/.ssh/id_ecdsa type -1 debug1: identity file /home/wsk/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/wsk/.ssh/id_ed25519 type -1 debug1: identity file /home/wsk/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503 debug1: match: OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP Connection closed by 10.41.172.19 % ? 2015/03/27 08:52, Xin Li ??:> On 03/26/15 17:30, Wu ShuKun wrote: > > Yep. I'm upgraded via freebsd-update. and I have no idea where > > i'm wrong either.:-[ Is it likely I have no luck in other words? > > Can you try specifying -o "KexAlgorithms > diffie-hellman-group-exchange-sha1" when ssh'ing and see if that would > mitigate the problem? > > My gut feeling is that somehow the HPN patch have broke certain key > exchange negotiation steps of OpenSSH, which was not exercised in > earlier versions of FreeBSD due to the lack of ECDH key exchange? > > Cheers, >