Bug#747098: can't ssh over OpenConnect from client running sid

To: 747098@bugs.debian.org, 612607@bugs.debian.org
Subject: Bug#747098: can't ssh over OpenConnect from client running sid
From: Mike Kupfer <m.kupfer@acm.org>
Date: Thu, 27 Aug 2015 12:28:59 -0700
Message-id: <[🔎] 3094.1440703739@allegro.localdomain>
Reply-to: Mike Kupfer <m.kupfer@acm.org>, 747098@bugs.debian.org

I've been seeing an issue that is very similar to what is described in
747098 and 612607, where there's a hang after

  ...
  debug1: kex: server->client aes128-ctr umac-64@openssh.com zlib@openssh.com
  debug1: kex: client->server aes128-ctr umac-64@openssh.com zlib@openssh.com
  debug1: sending SSH2_MSG_KEX_ECDH_INIT
  debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

This only happens when connecting through an OpenConnect tunnel; ssh
works fine when I'm not using VPN.

Specifying a cipher didn't help, but lowering the MTU for the VPN tunnel
from 1500 to 1300 fixed things.

# ip li set mtu 1300 dev vpn0

mike

Reply to:

Prev by Date: [bts-link] source package openssh
Next by Date: Bug#795711: why no fix in jessie or older release
Previous by thread: Re: ssh backports
Next by thread: Bug#795711: why no fix in jessie or older release
Index(es):
- Date
- Thread