[gentoo-user] ssh hanging ... why?

[gentoo-user] ssh hanging ... why?

[Stefan G. Weichinger]

I am fiddling with accessing a server  ...

"ssh -v" from my desktop hangs at:

# ssh -v $HOSTIP
OpenSSH_6.2p2-hpn14v1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to *edited*
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2p2-hpn14v1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH_4*
debug1: Remote is NON-HPN aware
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP


runs into timeout.

---

On a second machine in my LAN I am able to ssh into that server.

At first I suspected the IPSEC-tunnel from my router ... but that isn't
the problem.

I will test from the thinkpad as well ... looks like something on my
desktop is broken.

Rebuilt openssh already.

Maybe I should downgrade for testing ...

The problematic box: net-misc/openssh-6.2_p2-r4
The working box: net-misc/openssh-5.9_p1-r4

Does anyone else also see this issues?

Stefan

Re: [gentoo-user] ssh hanging ... why?

[Stefan G. Weichinger]

Am 18.09.2013 11:53, schrieb Stefan G. Weichinger:

> Rebuilt openssh already.
> 
> Maybe I should downgrade for testing ...
> 
> The problematic box: net-misc/openssh-6.2_p2-r4
> The working box: net-misc/openssh-5.9_p1-r4

Yep. Downgrading works for me.

Re: [gentoo-user] ssh hanging ... why?

[Joe Nyland]

On 18 Sep 2013, at 10:55, Stefan G. Weichinger <lists@xunil.at> wrote:

> Am 18.09.2013 11:53, schrieb Stefan G. Weichinger:
> 
>> Rebuilt openssh already.
>> 
>> Maybe I should downgrade for testing ...
>> 
>> The problematic box: net-misc/openssh-6.2_p2-r4
>> The working box: net-misc/openssh-5.9_p1-r4
> 
> Yep. Downgrading works for me.
> 
> 

Not sure why a downgraded openssh would improve things for you if this is the issue, however I faced the same issue as yourself and it was caused by mDNS trying to do a reverse lookup on the host connecting in to the affected server, ultimately causing the SSH connection to hang.

Check that the order of sources on the hosts line of you /etc/nsswitch.conf[1] file on the server that you are having issues _connecting to_, not the desktop that you're connecting from.

Mine is:

	`hosts:          files dns mdns4_minimal mdns4`

Note `dns` is before `mdns4`.

[1] http://linux.die.net/man/5/nsswitch.conf

Joe

Re: [gentoo-user] ssh hanging ... why?

[Stefan G. Weichinger]

Am 18.09.2013 19:47, schrieb Joe Nyland:
> Not sure why a downgraded openssh would improve things for you if
> this is the issue, however I faced the same issue as yourself and it
> was caused by mDNS trying to do a reverse lookup on the host
> connecting in to the affected server, ultimately causing the SSH
> connection to hang.
> 
> Check that the order of sources on the hosts line of you
> /etc/nsswitch.conf[1] file on the server that you are having issues
> _connecting to_, not the desktop that you're connecting from.
> 
> Mine is:
> 
> `hosts:          files dns mdns4_minimal mdns4`
> 
> Note `dns` is before `mdns4`.
> 
> [1] http://linux.die.net/man/5/nsswitch.conf

Thanks for your feedback.

The server doesn't have mdns in there, just:

hosts:	files dns

(which hasn't been changed in years, I am quite sure).

So you suggest that the contacted server wants to know which FQDN the
contacting IP points to?

Stefan

Re: [gentoo-user] ssh hanging ... why?

[Shawn Wilson]

Since the downgrade fixed your issue idk... but, what does your authorized_keys look like? Also, move or chmod 0 your config to make sure nothing funny is happening there. 

"Stefan G. Weichinger" <lists@xunil.at> wrote:
>Am 18.09.2013 19:47, schrieb Joe Nyland:
>> Not sure why a downgraded openssh would improve things for you if
>> this is the issue, however I faced the same issue as yourself and it
>> was caused by mDNS trying to do a reverse lookup on the host
>> connecting in to the affected server, ultimately causing the SSH
>> connection to hang.
>> 
>> Check that the order of sources on the hosts line of you
>> /etc/nsswitch.conf[1] file on the server that you are having issues
>> _connecting to_, not the desktop that you're connecting from.
>> 
>> Mine is:
>> 
>> `hosts:          files dns mdns4_minimal mdns4`
>> 
>> Note `dns` is before `mdns4`.
>> 
>> [1] http://linux.die.net/man/5/nsswitch.conf
>
>Thanks for your feedback.
>
>The server doesn't have mdns in there, just:
>
>hosts:	files dns
>
>(which hasn't been changed in years, I am quite sure).
>
>So you suggest that the contacted server wants to know which FQDN the
>contacting IP points to?
>
>Stefan

Re: [gentoo-user] ssh hanging ... why?

[Stefan G. Weichinger]

Am 18.09.2013 20:03, schrieb Shawn Wilson:
> Since the downgrade fixed your issue idk... but, what does your
> authorized_keys look like? Also, move or chmod 0 your config to make
> sure nothing funny is happening there.

authorized_keys looks very OK ... only my 2 keys in there ... untouched
for years. did "chmod 0600" now.

Re: [gentoo-user] ssh hanging ... why?

[Shawn Wilson]

I was saying to chmod 000 it so that you're not picking up (possibly strange?) options. 

"Stefan G. Weichinger" <lists@xunil.at> wrote:
>Am 18.09.2013 20:03, schrieb Shawn Wilson:
>> Since the downgrade fixed your issue idk... but, what does your
>> authorized_keys look like? Also, move or chmod 0 your config to make
>> sure nothing funny is happening there.
>
>authorized_keys looks very OK ... only my 2 keys in there ... untouched
>for years. did "chmod 0600" now.

[gentoo-user] re ssh hangs

[James]

Stefan G. Weichinger <lists <at> xunil.at> writes:


> "ssh -v" from my desktop hangs at:


I'm not sure what you are doing but some (vendor's) implemetations
of ssh, have a different set of priorities and order of negotiation,
particularly if the product you are trying to ssh into was based
on "funky code" or a different version of ssh. If you have identical
versions of ssh on similar OSes (thefrom-to)  on the machines then 
ignore this suggestion.

(
Sometime diagnosing aberant (ssh) behavior of a vendor's ssh implementation
can make you want to scream, particularly when a product vendor did
purchased "binaries" for ssh.

good hunting, as it is surely a timeout/order of negotiation
issue, most likely. ymmv.

htn,
James

Re: [gentoo-user] ssh hanging ... why?

[Stefan G. Weichinger]

Am 18.09.2013 21:01, schrieb Shawn Wilson:
> I was saying to chmod 000 it so that you're not picking up (possibly strange?) options. 

and it is still readable then? never tried 000.

Re: [gentoo-user] ssh hanging ... why?

[shawn wilson]

[-- Attachment #1: Type: text/plain, Size: 759 bytes --]

"did "chmod 0600" now."

You just made it read+writable by just you - you're running ssh by you,
right?

I referred to the man page because I thought there would be something I
could just quote and learned something "Omitted digits are assumed to be
leading zeros." which makes sense, as I intuitively knew if I left out the
sticky bit, it would be unset but always thought: user, group, everyone
else. So, 'chmod 0 config' doesn't look as cluttered and conveys the same
meaning :)


On Wed, Sep 18, 2013 at 4:48 PM, Stefan G. Weichinger <lists@xunil.at>wrote:

> Am 18.09.2013 21:01, schrieb Shawn Wilson:
> > I was saying to chmod 000 it so that you're not picking up (possibly
> strange?) options.
>
> and it is still readable then? never tried 000.
>
>
>

[-- Attachment #2: Type: text/html, Size: 1191 bytes --]