openssh clients on 7.04+ do not work with some ssh2 servers, while 6.10's ssh does.

I have the same problem with fresh install gutsy:

OpenSSH_4.6p1 Debian-5build1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to ... port 22.
debug1: Connection established.
debug1: identity file /home/.../.ssh/identity type -1
debug1: identity file /home/.../.ssh/id_rsa type -1
debug1: identity file /home/.../.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8p1
debug1: match: OpenSSH_3.8p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-5build1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent

any suggestions?

Thank you for taking the time to report this bug and helping to make Ubuntu better. This bug did not have a package associated with it, which is important for ensuring that it gets looked at by the proper developers. You can learn more about finding the right package at https://wiki.ubuntu.com/Bugs/FindRightPackage . I have classified this bug as a bug in openssh so somone more knowledgeable about can look at your bug report and determine what the root cause might be.

Can you post your /etc/ssh/ssh_config and /etc/ssh/sshd_config from the client and one of the server's you're trying to connect to?

I have a similar setup and haven't experienced the issue.

Brian,

I'm not convinced this is an OpenSSH bug. I built an older release of
OpenSSH - against the Gutsy OpenSSL and C libraries - and it still
doesn't work (same hang at the same point).

I actually think it's an OpenSSL problem that only shows up in OpenSSH.

But thanks for classifying it.

I still have to maintain a Dapper machine to be able to work...

Cheers,
-Patrick

On Thu, 2007-11-29 at 13:56 +0000, Brian Murray wrote:
> Thank you for taking the time to report this bug and helping to make
> Ubuntu better. This bug did not have a package associated with it,
> which is important for ensuring that it gets looked at by the proper
> developers. You can learn more about finding the right package at
> https://wiki.ubuntu.com/Bugs/FindRightPackage . I have classified this
> bug as a bug in openssh so somone more knowledgeable about can look at
> your bug report and determine what the root cause might be.
>
> ** Changed in: openssh (Ubuntu)
> Sourcepackagename: None => openssh
>

The client-side is using the default Gutsy /etc/ssh/sshd_config

I can't provide the server config due to company policy.

The Dapper version of openssh, which works on Dapper, does not work on
Gutsy. This tells me that it is either openssl, libc, or the kernel nic
driver. I'm very skeptical of the kernel possibility.

Altering the MTU of the NAT router and the Gutsy NIC interface to 576
(both) causes the hang to appear earlier in the initialization, which
tells me this is likely a fragmentation issue, but it happens no matter
what the MTU is set to. They're currently both at MTU:1500.

My money is on openssl. I don't currently have time to build/test an
older openssl library to check this, but if I get time I will do it and
report back.

On Thu, 2007-11-29 at 14:11 +0000, Adam Sommer wrote:
> Can you post your /etc/ssh/ssh_config and /etc/ssh/sshd_config from the
> client and one of the server's you're trying to connect to?
>
> I have a similar setup and haven't experienced the issue.
>

client ssh_config:

SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication no
GSSAPIDelegateCredentials no

i have no access to get from the server...

On Nov 29, 2007 12:11 PM, Adam Sommer <email address hidden> wrote:
> Can you post your /etc/ssh/ssh_config and /etc/ssh/sshd_config from the
> client and one of the server's you're trying to connect to?
>
> I have a similar setup and haven't experienced the issue.
>
>
> --
> openssh clients on 7.04+ do not work with some ssh2 servers, while 6.10's ssh does.
> https://bugs.launchpad.net/bugs/160760
> You received this bug notification because you are a direct subscriber
> of the bug.
>

Luiz can you post the output of ssh -vvv servername? Also, does the session never connect or just take a long time?

Also, has anyone tried connecting from tty1? If so did it hang at the same place?

Thanks,
Adam

this is the output:

OpenSSH_4.6p1 Debian-5build1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [server_ip] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8p1
debug1: match: OpenSSH_3.8p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-5build1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent

stop here and never connect...

from tty1 hangs too...

I'm trying through wireless connection using ndiswrapper, i don't no
if this information is important, later i'll try through wired.

thanks.

On Nov 29, 2007 1:59 PM, Adam Sommer <email address hidden> wrote:
> Luiz can you post the output of ssh -vvv servername? Also, does the
> session never connect or just take a long time?
>
> Also, has anyone tried connecting from tty1? If so did it hang at the
> same place?
>
> Thanks,
> Adam
>
> --
>
> openssh clients on 7.04+ do not work with some ssh2 servers, while 6.10's ssh does.
> https://bugs.launchpad.net/bugs/160760
> You received this bug notification because you are a direct subscriber
> of the bug.
>

i'm trying through wired, and didn't work too.
Stops in the same point.

When i'm inside the network everything works nice. That's not a bug, this is a security police on my company. Thank's everyone.

Luiz, what causes it though?

Something changed since Dapper. Dapper works fine. Edgy, Feisty, and Gutsy do not.

Because i can connect when i'm inside the company, in the intranet.
Maybe i'm not right, but it's very difficult to see another reason to
not work when i'm trying outside the company, through internet.

On Sat, Feb 23, 2008 at 12:31 PM, Giblet5 <email address hidden> wrote:
> Luiz, what causes it though?
>
> Something changed since Dapper. Dapper works fine. Edgy, Feisty, and
> Gutsy do not.
>
>
>
> --
> openssh clients on 7.04+ do not work with some ssh2 servers, while 6.10's ssh does.
> https://bugs.launchpad.net/bugs/160760
> You received this bug notification because you are a direct subscriber
> of the bug.
>

Is this still a problem with newer releases (Hardy, Intrepid) ?

Because Edgy and Feisty are no longer supported, and Gutsy goes out of support in 2 months, it's likely the bug won't be resolved ever if it's not found in newer releases.

Tried to reproduce the problem, installed a Gutsy in virtualbox, and tried to connect to several different ssh servers (with different versions), through double NAT (guest -> host -> linksys router) but they all connected.

Is it possible to do a tcpdump for port 22 on the outgoing interface, maybe some packet gets dropped by firewall or something?

It was still a problem on Intrepid until we stopped allowing ssh
sessions and switched to OpenVPN.

I still think it was either an OpenSSL or NAT problem.

Feel free to close this if you can't reproduce it.

Imre Gergely wrote:
> Is this still a problem with newer releases (Hardy, Intrepid) ?
>
> Because Edgy and Feisty are no longer supported, and Gutsy goes out of
> support in 2 months, it's likely the bug won't be resolved ever if it's
> not found in newer releases.
>
>

I'll be leaving this open for a bit more, and I'll try to reproduce it. Is there a way for you to try it once more on Intrepid?

Not possible.

Sorry.

Imre Gergely wrote:
> I'll be leaving this open for a bit more, and I'll try to reproduce it.
> Is there a way for you to try it once more on Intrepid?
>
> ** Changed in: openssh (Ubuntu)
> Status: New => Incomplete
>
>

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!