Bug#747098: openssh-client: key negotiation fails for mtu>1500 and Ciphers (options) > 3
Source: openssh
Followup-For: Bug #747098
Dear Maintainer,
same here - ssh over a 10 GE interface to a wheezy machine with mtu 9000 hangs
until a tcp timeout after:
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
The attached wireshark capture on the client machine shows the
ssh Client: Key Exchange Init packet
with 2034 byte is retransmitted on the tcp level until the server machine closes the connection.
The workaround with reducing the mtu to 1500 works here, too.
Please forward this information if this bug is not in openssh itself.
BTW, bug #747096 looks like nearly a verbatim copy and could proably deleted or at least marked
as duplicate.
Thanks,
Hermann
-- System Information:
Debian Release: jessie/sid
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.14-1-amd64 (SMP w/120 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
No. Time Source Destination Protocol Length Info
1 0.000000000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 TCP 74 47645 > ssh [SYN] Seq=0 Win=26880 Len=0 MSS=8960 SACK_PERM=1 TSval=1130222 TSecr=0 WS=128
2 0.000140000 xxx.xxx.xxx.155 xxx.xxx.xxx.157 TCP 74 ssh > 47645 [SYN, ACK] Seq=0 Ack=1 Win=17896 Len=0 MSS=8960 SACK_PERM=1 TSval=647220770 TSecr=1130222 WS=128
3 0.000164000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 TCP 66 47645 > ssh [ACK] Seq=1 Ack=1 Win=26880 Len=0 TSval=1130222 TSecr=647220770
4 0.000438000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 SSHv2 100 Encrypted request packet len=34
5 0.000507000 xxx.xxx.xxx.155 xxx.xxx.xxx.157 TCP 66 ssh > 47645 [ACK] Seq=1 Ack=35 Win=17920 Len=0 TSval=647220770 TSecr=1130222
6 0.058714000 xxx.xxx.xxx.155 xxx.xxx.xxx.157 SSHv2 105 Encrypted response packet len=39
7 0.058770000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 TCP 66 47645 > ssh [ACK] Seq=35 Ack=40 Win=26880 Len=0 TSval=1130237 TSecr=647220785
8 0.059482000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 SSHv2 2034 Client: Key Exchange Init
9 0.070869000 xxx.xxx.xxx.155 xxx.xxx.xxx.157 SSHv2 1050 Server: Key Exchange Init
10 0.110762000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 TCP 66 47645 > ssh [ACK] Seq=2003 Ack=1024 Win=28928 Len=0 TSval=1130250 TSecr=647220788
11 0.258811000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 SSHv2 146 Client: Diffie-Hellman Key Exchange Init
12 0.258913000 xxx.xxx.xxx.155 xxx.xxx.xxx.157 TCP 78 [TCP Dup ACK 9#1] ssh > 47645 [ACK] Seq=1024 Ack=35 Win=17920 Len=0 TSval=647220835 TSecr=1130237 SLE=2003 SRE=2083
13 0.262813000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 SSHv2 2034 [TCP Retransmission] Client: Key Exchange Init
14 0.462819000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 SSHv2 2034 [TCP Retransmission] Client: Key Exchange Init
15 0.862783000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 SSHv2 2034 [TCP Retransmission] Client: Key Exchange Init
16 1.662782000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 SSHv2 2034 [TCP Retransmission] Client: Key Exchange Init
17 3.266821000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 SSHv2 2034 [TCP Retransmission] Client: Key Exchange Init
18 6.470820000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 SSHv2 2034 [TCP Retransmission] Client: Key Exchange Init
19 12.886807000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 SSHv2 2034 [TCP Retransmission] Client: Key Exchange Init
20 25.734804000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 SSHv2 2034 [TCP Retransmission] Client: Key Exchange Init
21 51.398811000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 SSHv2 2034 [TCP Retransmission] Client: Key Exchange Init
22 102.726816000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 SSHv2 2034 [TCP Retransmission] Client: Key Exchange Init
23 120.060534000 xxx.xxx.xxx.155 xxx.xxx.xxx.157 TCP 78 ssh > 47645 [FIN, ACK] Seq=1024 Ack=35 Win=17920 Len=0 TSval=647250785 TSecr=1130237 SLE=2003 SRE=2083
24 120.060913000 xxx.xxx.xxx.157 xxx.xxx.xxx.155 TCP 66 47645 > ssh [FIN, ACK] Seq=2083 Ack=1025 Win=28928 Len=0 TSval=1160237 TSecr=647250785
25 120.061038000 xxx.xxx.xxx.155 xxx.xxx.xxx.157 TCP 60 ssh > 47645 [RST] Seq=1025 Win=0 Len=0
Reply to: