Hi Hari, Can you get a backtrace of the stuck dropbear process in 2) ? That might suggest what's going wrong.
Cheers, Matt > On Mon 23/10/2017, at 7:12 pm, Hariharasubramanian Ramasubramanian > <hrama...@in.ibm.com> wrote: > > ssh login gets stuck at "expecting SSH2_MSG_KEX_ECDH_REPLY" at random. > > However forcing ssh to use 3des cipher suite makes the login go through. > > What causes the login to succeed when cipher suite is forced but fail > otherwise ? > > Here are the debug for 3 different use cases: > 1) successful login attempt > 2) failed login attempt > 3) forced 3des cipher suite > > ============================================================================== > 1) Successful login attempt > ============================================================================== > -bash-4.1$ ssh -vvv root@wsbmc011 > OpenSSH_5.8p2, OpenSSL 1.0.0g 18 Jan 2012 > debug1: Reading configuration data > /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to wsbmc011 [9.3.21.42] port 22. > debug1: Connection established. > debug3: Incorrect RSA1 identifier > debug3: Could not load > "/gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_rsa" as a RSA1 public key > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: missing keytype > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: missing keytype > debug1: identity file /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_rsa > type 1 > debug1: identity file > /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_rsa-cert type -1 > debug1: identity file /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_dsa > type -1 > debug1: identity file > /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_dsa-cert type -1 > debug1: identity file > /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_ecdsa type -1 > debug1: identity file > /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 2.0, remote software version dropbear_2016.74 > debug1: no match: dropbear_2016.74 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.8 > debug2: fd 3 setting O_NONBLOCK > debug3: load_hostkeys: loading entries for host "wsbmc011" from file > "/gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/known_hosts" > debug3: load_hostkeys: found key type RSA in file > /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/known_hosts:23 > debug3: load_hostkeys: loaded 1 keys > debug3: order_hostkeyalgs: prefer hostkeyalgs: > ssh-rsa-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-rsa > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: > ssh-rsa-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-dss-cert-v01@openssh > > .com,ssh-dss-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa- > sha2-nistp521,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > curve25519-sha...@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kexgue...@matt.ucc.asn.au > debug2: kex_parse_kexinit: ssh-rsa > debug2: kex_parse_kexinit: > aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc > debug2: kex_parse_kexinit: > aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc > debug2: kex_parse_kexinit: > hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5 > debug2: kex_parse_kexinit: > hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5 > debug2: kex_parse_kexinit: z...@openssh.com,none > debug2: kex_parse_kexinit: z...@openssh.com,none > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_setup: found hmac-md5 > debug1: kex: server->client aes128-ctr hmac-md5 none > debug2: mac_setup: found hmac-md5 > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: sending SSH2_MSG_KEX_ECDH_INIT > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY > debug1: Server host key: RSA 70:28:98:8f:c1:8b:0e:33:a2:cc:e5:3d:c3:d0:f3:82 > debug3: load_hostkeys: loading entries for host "wsbmc011" from file > "/gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/known_hosts" > debug3: load_hostkeys: found key type RSA in file > /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/known_hosts:23 > debug3: load_hostkeys: loaded 1 keys > debug3: load_hostkeys: loading entries for host "9.3.21.42" from file > "/gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/known_hosts" > debug3: load_hostkeys: found key type RSA in file > /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/known_hosts:15 > debug3: load_hostkeys: loaded 1 keys > debug1: Host 'wsbmc011' is known and matches the RSA host key. > debug1: Found key in > /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/known_hosts:23 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: Roaming not allowed by server > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_rsa > (0x9dd410) > debug2: key: /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_dsa ((nil)) > debug2: key: /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_ecdsa ((nil)) > debug1: Authentications that can continue: publickey,password > debug3: start over, passed a different list publickey,password > debug3: preferred publickey,keyboard-interactive,password > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Offering RSA public key: > /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_rsa > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: Authentications that can continue: publickey,password > debug1: Trying private key: > /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_dsa > debug3: no such identity: > /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_dsa > debug1: Trying private key: > /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_ecdsa > debug3: no such identity: > /gsa/ausgsa/projects/i/indiateam04/hramasub/.ssh/id_ecdsa > debug2: we did not send a packet, disable method > debug3: authmethod_lookup password > debug3: remaining preferred: ,password > debug3: authmethod_is_enabled password > debug1: Next authentication method: password > root@wsbmc011's password: > ============================================================================== > 2) failed login attempt > ============================================================================== > $ ssh -v root@wsbmc011 > OpenSSH_5.8p2, OpenSSL 1.0.0g 18 Jan 2012 > debug1: Reading configuration data > /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to wsbmc011 [9.3.21.42] port 22. > debug1: Connection established. > debug1: identity file /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_rsa > type 1 > debug1: identity file > /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_rsa-cert type -1 > debug1: identity file /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_dsa > type -1 > debug1: identity file > /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_dsa-cert type -1 > debug1: identity file > /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_ecdsa type -1 > debug1: identity file > /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 2.0, remote software version dropbear_2016.74 > debug1: no match: dropbear_2016.74 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.8 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: sending SSH2_MSG_KEX_ECDH_INIT > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY > ============================================================================== > 3) forced 3des cipher suite > ============================================================================== > $ ssh -c 3des -v root@wsbmc011 > OpenSSH_5.8p2, OpenSSL 1.0.0g 18 Jan 2012 > debug1: Reading configuration data > /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to wsbmc011 [9.3.21.42] port 22. > debug1: Connection established. > debug1: identity file /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_rsa > type 1 > debug1: identity file > /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_rsa-cert type -1 > debug1: identity file /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_dsa > type -1 > debug1: identity file > /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_dsa-cert type -1 > debug1: identity file > /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_ecdsa type -1 > debug1: identity file > /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 2.0, remote software version dropbear_2016.74 > debug1: no match: dropbear_2016.74 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.8 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client 3des-cbc hmac-md5 none > debug1: kex: client->server 3des-cbc hmac-md5 none > debug1: sending SSH2_MSG_KEX_ECDH_INIT > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY > debug1: Server host key: RSA 70:28:98:8f:c1:8b:0e:33:a2:cc:e5:3d:c3:d0:f3:82 > debug1: Host 'wsbmc011' is known and matches the RSA host key. > debug1: Found key in > /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/known_hosts:26 > debug1: ssh_rsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: Roaming not allowed by server > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey,password > debug1: Next authentication method: publickey > debug1: Offering RSA public key: > /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_rsa > debug1: Authentications that can continue: publickey,password > debug1: Trying private key: > /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_dsa > debug1: Trying private key: > /gsa/ausgsa/projects/i/indiateam04/gkeishin/.ssh/id_ecdsa > debug1: Next authentication method: password > root@wsbmc011's password: > > Thanks in advance, > Hari ! > > Hariharasubramanian R. > Power Firmware Development > IBM India Systems & Technology Lab, Bangalore, India > Phone: +91 80 4025 6950
