From owner-freebsd-stable@FreeBSD.ORG  Fri Mar 27 01:25:57 2015
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 54DB43DB
 for <stable@freebsd.org>; Fri, 27 Mar 2015 01:25:57 +0000 (UTC)
Received: from gddsn.org.cn (gddsn.org.cn [218.19.164.145])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 00EEF9F8
 for <stable@freebsd.org>; Fri, 27 Mar 2015 01:25:56 +0000 (UTC)
Received: by gddsn.org.cn (Postfix, from userid 65534)
 id 257302E096; Fri, 27 Mar 2015 09:25:54 +0800 (CST)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on gddsn.org.cn
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,HTML_MESSAGE
 autolearn=unavailable autolearn_force=no version=3.4.0
Received: from lp.gddsn.org.cn (unknown [10.44.8.136])
 (Authenticated sender: wsk)
 by gddsn.org.cn (Postfix) with ESMTPA id A8DFD2E00B;
 Fri, 27 Mar 2015 09:25:51 +0800 (CST)
Message-ID: <5514B19F.2070106@gddsn.org.cn>
Date: Fri, 27 Mar 2015 09:25:51 +0800
From: Wu ShuKun <wsk@gddsn.org.cn>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: d@delphij.net, Mike Tancsa <mike@sentex.net>, stable@freebsd.org
Subject: Re: SSH hung with an OpenSSH_6.6.1p1 --> OpenSSH_5.8p2_hpn13v11
References: <5513AAD8.9060505@gddsn.org.cn> <551414C3.6020704@sentex.net>
 <5514A4BF.5020509@gddsn.org.cn> <5514A9E1.8070001@delphij.net>
In-Reply-To: <5514A9E1.8070001@delphij.net>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
Cc: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= <des@des.no>
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2015 01:25:57 -0000

Okay
% ssh -v -o "KexAlgorithms diffie-hellman-group-exchange-sha1" 10.41.172.19
OpenSSH_6.6.1p1, OpenSSL 1.0.1l-freebsd 15 Jan 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 10.41.172.19 [10.41.172.19] port 22.
debug1: Connection established.
debug1: identity file /home/wsk/.ssh/id_rsa type -1
debug1: identity file /home/wsk/.ssh/id_rsa-cert type -1
debug1: identity file /home/wsk/.ssh/id_dsa type -1
debug1: identity file /home/wsk/.ssh/id_dsa-cert type -1
debug1: identity file /home/wsk/.ssh/id_ecdsa type -1
debug1: identity file /home/wsk/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/wsk/.ssh/id_ed25519 type -1
debug1: identity file /home/wsk/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503
debug1: match: OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503 pat OpenSSH_5*
compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by 10.41.172.19
%

在 2015/03/27 08:52, Xin Li 写道:
> On 03/26/15 17:30, Wu ShuKun wrote:
> > Yep. I'm upgraded  via freebsd-update. and I have no idea where
> > i'm wrong either.:-[ Is it likely I have no luck in other words?
>
> Can you try specifying -o "KexAlgorithms
> diffie-hellman-group-exchange-sha1" when ssh'ing and see if that would
> mitigate the problem?
>
> My gut feeling is that somehow the HPN patch have broke certain key
> exchange negotiation steps of OpenSSH, which was not exercised in
> earlier versions of FreeBSD due to the lack of ECDH key exchange?
>
> Cheers,
>