[Touch-packages] [Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS

Jay Sat, 09 May 2020 22:06:09 -0700

** Changed in: openssh (Ubuntu)
       Status: Incomplete => Confirmed

** Changed in: openvpn (Ubuntu)
       Status: Incomplete => Confirmed


** Package changed: openvpn (Ubuntu) => openconnect (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1874257

Title:
  SSH fails with connection timed out - in VPN and hangs here "expecting
  SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS

Status in linux package in Ubuntu:
  Invalid
Status in openconnect package in Ubuntu:
  Confirmed
Status in openssh package in Ubuntu:
  Confirmed

Bug description:
  Hello Team,

  SSH timeout issue, once connect to VPN.

  Environment

  ======
  Dell XPS 9570 
  Ubuntu 16.04.6 Xenial Xerus)
  kernel - 4.15.0-55-generic

  $dpkg -l | grep -i openssh
  ii  openssh-client     1:7.2p2-4ubuntu2.8  --> 
  ii  openssh-server     1:7.2p2-4ubuntu2.8          
  ii  openssh-sftp-server  1:7.2p2-4ubuntu2.8        

  
  VPN tunnel info 
  ====
  vpn0      Link encap:UNSPEC  HWaddr 
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
            inet addr:IP  P-t-P:xx  Mask:255.255.252.0
            inet6 addr: fe80::b8e2:bea4:2e62:fe08/64 Scope:Link
            UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1406  Metric:1
            RX packets:962 errors:0 dropped:0 overruns:0 frame:0
            TX packets:1029 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:500
            RX bytes:87839 (87.8 KB)  TX bytes:238740 (238.7 KB)

  Issue
  ====
  Unable to connect to any host via ssh or sftp after VPN connection 

  Tried 
  =====

  Reinstalled the openssh-client package and still no luck. May I know
  why the default cipher is not taking/hanging? Please let me know .
  There were no recent changes.

  
  Workaround
  ===
  Able to connect to ssh / sftp $ssh -c aes128-ctr   user@IP

  
  Below is the debug ssh client logs ===
  ======

  $ssh -vvv  user@ip
  OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g  1 Mar 2016
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug1: /etc/ssh/ssh_config line 19: Applying options for *
  debug2: resolving "IP" port 22
  debug2: ssh_connect_direct: needpriv 0
  debug1: Connecting to IP [IP] port 22.
  debug1: Connection established.
  debug1: key_load_public: No such file or directory
  debug1: identity file /home/user/.ssh/id_rsa type -1
  debug1: key_load_public: No such file or directory
  debug1: identity file /home/user/.ssh/id_rsa-cert type -1
  debug1: key_load_public: No such file or directory
  debug1: identity file /home/user/.ssh/id_dsa type -1
  debug1: key_load_public: No such file or directory
  debug1: identity file /home/user/.ssh/id_dsa-cert type -1
  debug1: key_load_public: No such file or directory
  debug1: identity file /home/user/.ssh/id_ecdsa type -1
  debug1: key_load_public: No such file or directory
  debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
  debug1: key_load_public: No such file or directory
  debug1: identity file /home/user/.ssh/id_ed25519 type -1
  debug1: key_load_public: No such file or directory
  debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
  debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 
Ubuntu-4ubuntu0.3
  debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
  debug2: fd 3 setting O_NONBLOCK
  debug1: Authenticating to IP:22 as 'user'
  debug3: send packet: type 20
  debug1: SSH2_MSG_KEXINIT sent
  debug3: receive packet: type 20
  debug1: SSH2_MSG_KEXINIT received
  debug2: local client KEXINIT proposal
  debug2: KEX algorithms: 
curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
  debug2: host key algorithms: 
ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
  debug2: ciphers ctos: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
  debug2: ciphers stoc: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
  debug2: MACs ctos: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  debug2: MACs stoc: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  debug2: compression ctos: none,z...@openssh.com,zlib
  debug2: compression stoc: none,z...@openssh.com,zlib
  debug2: languages ctos:
  debug2: languages stoc:
  debug2: first_kex_follows 0
  debug2: reserved 0
  debug2: peer server KEXINIT proposal
  debug2: KEX algorithms: 
curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
  debug2: host key algorithms: 
ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
  debug2: ciphers ctos: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
  debug2: ciphers stoc: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
  debug2: MACs ctos: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  debug2: MACs stoc: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  debug2: compression ctos: none,z...@openssh.com
  debug2: compression stoc: none,z...@openssh.com
  debug2: languages ctos:
  debug2: languages stoc:
  debug2: first_kex_follows 0
  debug2: reserved 0
  debug1: kex: algorithm: curve25519-sha...@libssh.org
  debug1: kex: host key algorithm: ecdsa-sha2-nistp256
  debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: 
<implicit> compression: none
  debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: 
<implicit> compression: none
  debug3: send packet: type 30
  debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

  << Hangs here >>

  Please shed some views

  Thanks
  Jay

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1874257] Re: SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS

Reply via email to