SSH hung with an OpenSSH_6.6.1p1 --> OpenSSH_5.8p2_hpn13v11

[Wu ShuKun]

Okay
% ssh -v -o "KexAlgorithms diffie-hellman-group-exchange-sha1" 10.41.172.19
OpenSSH_6.6.1p1, OpenSSL 1.0.1l-freebsd 15 Jan 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 10.41.172.19 [10.41.172.19] port 22.
debug1: Connection established.
debug1: identity file /home/wsk/.ssh/id_rsa type -1
debug1: identity file /home/wsk/.ssh/id_rsa-cert type -1
debug1: identity file /home/wsk/.ssh/id_dsa type -1
debug1: identity file /home/wsk/.ssh/id_dsa-cert type -1
debug1: identity file /home/wsk/.ssh/id_ecdsa type -1
debug1: identity file /home/wsk/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/wsk/.ssh/id_ed25519 type -1
debug1: identity file /home/wsk/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503
debug1: match: OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503 pat OpenSSH_5*
compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by 10.41.172.19
%

在 2015/03/27 08:52, Xin Li 写道:
> On 03/26/15 17:30, Wu ShuKun wrote:
> > Yep. I'm upgraded  via freebsd-update. and I have no idea where
> > i'm wrong either.:-[ Is it likely I have no luck in other words?
>
> Can you try specifying -o "KexAlgorithms
> diffie-hellman-group-exchange-sha1" when ssh'ing and see if that would
> mitigate the problem?
>
> My gut feeling is that somehow the HPN patch have broke certain key
> exchange negotiation steps of OpenSSH, which was not exercised in
> earlier versions of FreeBSD due to the lack of ECDH key exchange?
>
> Cheers,
>