On Wed, 3 Apr 2019, Adam Eijdenberg wrote:> > From: Damien Miller <djm at mindrot.org> > > Thanks for testing - are you able to see if there's anything in > > the server logs? > > Hi Damien, > > I've been able to reproduce being unable to successfully connect to > EC2 instances launched with either Amazon Linux 2 AMI (HVM) or Amazon > Linux AMI 2018.03.0 (HVM) images (which are the first two options you > see when launching an instance via their "Launch instance..." wizard).This is deeply weird, especially the lack of further output from the server. A couple more questions: Does this only happen with Amazon as the destination? Is there anything in dmesg indicating a sandbox violation? Could you try turning off IPQoS setting (ssh -oIPQoS=none ...) and seeing whether that makes any difference? Was it working with OpenSSH 7.9? If none of the above yield any clues, then could I ask you to try and git bisect the last good version and git HEAD to see where it broke. Thanks again for your patience, Damien
On Wed, Apr 3, 2019 at 9:43 AM Damien Miller <djm at mindrot.org> wrote:> Could you try turning off IPQoS setting (ssh -oIPQoS=none ...) and seeing > whether that makes any difference?Yes - setting -oIPQoS=none on the client allows for a successful connection to the server. Would you still like me to check on the other things or is that enough to go on with?
On Wed, 3 Apr 2019, Adam Eijdenberg wrote:> On Wed, Apr 3, 2019 at 9:43 AM Damien Miller <djm at mindrot.org> wrote: > > Could you try turning off IPQoS setting (ssh -oIPQoS=none ...) and seeing > > whether that makes any difference? > > Yes - setting -oIPQoS=none on the client allows for a successful > connection to the server. > > Would you still like me to check on the other things or is that enough > to go on with?No - it looks like a middlebox in Amazon's network might be getting confused when the DSCP value changes during the connection. Thanks a lot for helping to chase this down. Cheers, Damien
Apparently Analagous Threads
- Call for testing: OpenSSH 8.0
- sshd 7.8p1 close connection from VMware Fusion NAT Port Forwarding
- [Bug 1964] New: QoS/DSCP names false translated to ToS hex value
- OpenSSH 7.8p1 drops SSH connection with "Broken Pipe" IMMEDIATELY after successful login
- [Bug 3634] New: IPQoS default should be changed to "none"