Date: Fri, 27 Mar 2015 09:25:51 +0800 From: Wu ShuKun <wsk@gddsn.org.cn> To: d@delphij.net, Mike Tancsa <mike@sentex.net>, stable@freebsd.org Cc: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= <des@des.no> Subject: Re: SSH hung with an OpenSSH_6.6.1p1 --> OpenSSH_5.8p2_hpn13v11 Message-ID: <5514B19F.2070106@gddsn.org.cn> In-Reply-To: <5514A9E1.8070001@delphij.net> References: <5513AAD8.9060505@gddsn.org.cn> <551414C3.6020704@sentex.net> <5514A4BF.5020509@gddsn.org.cn> <5514A9E1.8070001@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Okay % ssh -v -o "KexAlgorithms diffie-hellman-group-exchange-sha1" 10.41.172.19 OpenSSH_6.6.1p1, OpenSSL 1.0.1l-freebsd 15 Jan 2015 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 10.41.172.19 [10.41.172.19] port 22. debug1: Connection established. debug1: identity file /home/wsk/.ssh/id_rsa type -1 debug1: identity file /home/wsk/.ssh/id_rsa-cert type -1 debug1: identity file /home/wsk/.ssh/id_dsa type -1 debug1: identity file /home/wsk/.ssh/id_dsa-cert type -1 debug1: identity file /home/wsk/.ssh/id_ecdsa type -1 debug1: identity file /home/wsk/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/wsk/.ssh/id_ed25519 type -1 debug1: identity file /home/wsk/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503 debug1: match: OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP Connection closed by 10.41.172.19 % 在 2015/03/27 08:52, Xin Li 写道: > On 03/26/15 17:30, Wu ShuKun wrote: > > Yep. I'm upgraded via freebsd-update. and I have no idea where > > i'm wrong either.:-[ Is it likely I have no luck in other words? > > Can you try specifying -o "KexAlgorithms > diffie-hellman-group-exchange-sha1" when ssh'ing and see if that would > mitigate the problem? > > My gut feeling is that somehow the HPN patch have broke certain key > exchange negotiation steps of OpenSSH, which was not exercised in > earlier versions of FreeBSD due to the lack of ECDH key exchange? > > Cheers, >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5514B19F.2070106>