Hi,
every once in a while, I am stuck in a crap wifi network and often
cannot even establish SSH connections. What happens is that the
socket connection is established, but the client then just waits for
a server reply during the DH key exhchange:
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
there it sits forever, eventually doing TCP retransmissions of the
DH GEX Init sequence.
In the tcpdump output, I see a lot of duplicate packets, but
otherwise can't figure out what's going on.
2.996410 192.168.254.246 -> 213.203.238.82 TCP 59448 > 22 [SYN] Seq=0 Win=5440 Len=0 MSS=1360 TSV=4283727 TSER=0 WS=6
4.443188 213.203.238.82 -> 192.168.254.246 TCP 22 > 59448 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1380 TSV=747572639 TSER=4283727 WS=7
4.443250 192.168.254.246 -> 213.203.238.82 TCP 59448 > 22 [ACK] Seq=1 Ack=1 Win=5440 Len=0 TSV=4284088 TSER=747572639
5.620407 213.203.238.82 -> 192.168.254.246 SSH Server Protocol: SSH-2.0-OpenSSH_4.3p2 Debian-9
5.620536 192.168.254.246 -> 213.203.238.82 TCP 59448 > 22 [ACK] Seq=1 Ack=32 Win=5440 Len=0 TSV=4284383 TSER=747573010
5.620750 192.168.254.246 -> 213.203.238.82 SSH Client Protocol: SSH-2.0-OpenSSH_4.7p1 Debian-8
6.889086 213.203.238.82 -> 192.168.254.246 TCP 22 > 59448 [ACK] Seq=32 Ack=32 Win=5888 Len=0 TSV=747573317 TSER=4284383
6.889130 192.168.254.246 -> 213.203.238.82 SSHv2 Client: Key Exchange Init
6.975096 213.203.238.82 -> 192.168.254.246 SSHv2 Server: Key Exchange Init
7.012395 192.168.254.246 -> 213.203.238.82 TCP 59448 > 22 [ACK] Seq=592 Ack=736 Win=6848 Len=0 TSV=4284731 TSER=747573317
7.711829 213.203.238.82 -> 192.168.254.246 TCP 22 > 59448 [ACK] Seq=736 Ack=592 Win=6912 Len=0 TSV=747573644 TSER=4284700
7.711873 192.168.254.246 -> 213.203.238.82 SSHv2 Client: Diffie-Hellman GEX Request
8.741589 213.203.238.82 -> 192.168.254.246 SSHv2 Server: Diffie-Hellman Key Exchange Reply
8.741634 192.168.254.246 -> 213.203.238.82 TCP 59448 > 22 [ACK] Seq=616 Ack=1016 Win=8256 Len=0 TSV=4285163 TSER=747573824
8.781014 192.168.254.246 -> 213.203.238.82 SSHv2 Client: Diffie-Hellman GEX Init
14.908203 192.168.254.246 -> 213.203.238.82 SSHv2 [TCP Retransmission] Client: Diffie-Hellman GEX Init
16.227454 213.203.238.82 -> 192.168.254.246 TCP [TCP Previous segment lost] 22 > 59448 [ACK] Seq=1608 Ack=888 Win=8064 Len=0 TSV=747575655 TSER=4286705 SLE=616 SRE=888
22.576404 192.168.254.246 -> 213.203.238.82 SSH Encrypted request packet len=560
23.876222 213.203.238.82 -> 192.168.254.246 TCP [TCP ACKed lost segment] 22 > 59447 [ACK] Seq=1 Ack=586 Win=54 Len=0 TSV=747577555 TSER=4288622
23.942641 213.203.238.82 -> 192.168.254.246 SSH Encrypted response packet len=280
I tried varying the MTU but that didn't seem to have any effect.
Does anyone have any clue what's going on here? Is
SSH2_MSG_KEX_DH_GEX_INIT so complex that it manages to screw over
crap networks?
--
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, author, administrator, and user
`. `'` http://people.debian.org/~madduck - http://debiansystem.info
`- Debian - when you have better things to do than fixing systems
"women, when they are not in love,
have all the cold blood of an experienced attorney."
-- honoré de balzac
Attachment:
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)