Re: cant connect, ssh hangs after SSH2_MSG_KEX_DH_GEX_GROUP

so what changed on your box and why 
did you change it 
since 
you were able to ssh?




-----Original Message-----
> From: Micha <mw-u2@gmx.de>
> Sent: Feb 28, 2007 4:48 AM
> To: secureshell@securityfocus.com
> Subject: Re: cant connect, ssh hangs after SSH2_MSG_KEX_DH_GEX_GROUP
>
> mw-u2@gmx.de schrieb:
>
> > starting a while ago I can no longer ssh into my box anymore. I have tried 
> > anything I can think of and have no clue anymore. Needless to say that I 
> > realy need ssh to access my work from remote places.
> >
> > Problem:
> > When I ssh -vvv to my server the connection hangs after
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>
> UPDATE:
>
> I have noticed that portforwarding is some sort of workaround. Since I
> can conect from client to box but not the other direction I have set up
> a port forwarding for the other direction.
>
> mw@client:~>$ ssh -R 10000:localhost:22 mw@server
>
> Even though
>  mw@server:~> ssh mw@client                  # doesnt work
>
> doenst work, using the setup portforwarding it strangle works
>  mw@server:~> ssh -p 10000 mw@localhost      # works
>
> I realy appriciate some experts knowledge since this is way to
> strange/difficult for me.
>
> > System: 
> > I'm using Debian with openssh-server (1:4.3p2-8)
> > sshd: OpenSSH_4.3p2 Debian-8, OpenSSL 0.9.8c 05 Sep 2006
> > uname -a:  Linux server 2.6.18-3-686 #1 SMP Mon Dec 4 16:41:14 UTC 2006 i686 
> > GNU/Linux
> >
> > What I tried:
> > I have recompiled a recent openssh from source on the client with now 
> > success. (I have no root access on the client and they use an older version 
> > of ssh)
> >
> > I have booted grml (grml.org, a live linux cd) on my server and tried to 
> > connect to the sshd running from cd in order have a fresh sshd on my server.
> >
> > I have purged and reinstalled openssh-server to get a fresh configuration.
> >
> > I _can_ connect with putty on a windows client.
> >
> > I hope you can help me, and thank you for your consideration.
> >
> > === Client Log ===
> >
> > mw@client:~> ssh -vvv mw@server
> > OpenSSH_3.8.1p1 Debian-8.sarge.6, OpenSSL 0.9.7e 25 Oct 2004
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug2: ssh_connect: needpriv 0
> > debug1: Connecting to server [x.x.x.x] port 22.
> > debug1: Connection established.
> > debug1: read PEM private key done: type DSA
> > debug1: read PEM private key done: type RSA
> > debug1: identity file /home/mw/.ssh/identity type -1
> > debug1: identity file /home/mw/.ssh/id_rsa type -1
> > debug1: identity file /home/mw/.ssh/id_dsa type -1
> > debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 
> > Debian-8
> > debug1: match: OpenSSH_4.3p2 Debian-8 pat OpenSSH*
> > debug1: Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.6
> > debug1: SSH2_MSG_KEXINIT sent
> > debug1: SSH2_MSG_KEXINIT received
> > debug2: kex_parse_kexinit: 
> > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> > debug2: kex_parse_kexinit: 
> > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> > debug2: kex_parse_kexinit: 
> > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> > debug2: kex_parse_kexinit: 
> > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> > debug2: kex_parse_kexinit: 
> > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> > debug2: kex_parse_kexinit: none,zlib
> > debug2: kex_parse_kexinit: none,zlib
> > debug2: kex_parse_kexinit: 
> > debug2: kex_parse_kexinit: 
> > debug2: kex_parse_kexinit: first_kex_follows 0 
> > debug2: kex_parse_kexinit: reserved 0 
> > debug2: kex_parse_kexinit: 
> > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> > debug2: kex_parse_kexinit: 
> > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> > debug2: kex_parse_kexinit: 
> > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> > debug2: kex_parse_kexinit: 
> > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> > debug2: kex_parse_kexinit: 
> > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> > debug2: kex_parse_kexinit: none,zlib@openssh.com
> > debug2: kex_parse_kexinit: none,zlib@openssh.com
> > debug2: kex_parse_kexinit: 
> > debug2: kex_parse_kexinit: 
> > debug2: kex_parse_kexinit: first_kex_follows 0 
> > debug2: kex_parse_kexinit: reserved 0 
> > debug2: mac_init: found hmac-md5
> > debug1: kex: server->client aes128-cbc hmac-md5 none
> > debug2: mac_init: found hmac-md5
> > debug1: kex: client->server aes128-cbc hmac-md5 none
> > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> > -- and it hangs here and stays forever
> >
> > === Server Log ===
> >
> > server:~# /usr/sbin/sshd -D -d -d -d -e 
> > debug2: load_server_config: filename /etc/ssh/sshd_config
> > debug2: load_server_config: done config len = 638
> > debug2: parse_server_config: config /etc/ssh/sshd_config len 638
> > debug1: sshd version OpenSSH_4.3p2 Debian-8
> > debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
> > debug1: read PEM private key done: type RSA
> > debug1: private host key: #0 type 1 RSA
> > debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
> > debug1: read PEM private key done: type DSA
> > debug1: private host key: #1 type 2 DSA
> > debug1: rexec_argv[0]='/usr/sbin/sshd'
> > debug1: rexec_argv[1]='-D'
> > debug1: rexec_argv[2]='-d'
> > debug1: rexec_argv[3]='-d'
> > debug1: rexec_argv[4]='-d'
> > debug1: rexec_argv[5]='-e'
> > debug2: fd 3 setting O_NONBLOCK
> > debug1: Bind to port 22 on ::.
> > Server listening on :: port 22.
> > debug2: fd 4 setting O_NONBLOCK
> > debug1: Bind to port 22 on 0.0.0.0.
> >
> > debug3: fd 4 is not O_NONBLOCK
> > debug1: Server will not fork when running in debugging mode.
> > debug3: send_rexec_state: entering fd = 7 config len 638
> > debug3: ssh_msg_send: type 0
> > debug3: send_rexec_state: done
> > debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
> > debug3: recv_rexec_state: entering fd = 5
> > debug3: ssh_msg_recv entering
> > debug3: recv_rexec_state: done
> > debug2: parse_server_config: config rexec len 638
> > debug1: sshd version OpenSSH_4.3p2 Debian-8
> > debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
> > debug1: read PEM private key done: type RSA
> > debug1: private host key: #0 type 1 RSA
> > debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
> > debug1: read PEM private key done: type DSA
> > debug1: private host key: #1 type 2 DSA
> > debug1: inetd sockets after dupping: 3, 3
> > debug3: Normalising mapped IPv4 in IPv6 address
> > Connection from 139.18.9.23 port 4381
> > debug1: Client protocol version 2.0; client software version OpenSSH_3.8.1p1 
> > Debian-8.sarge.6
> > debug1: match: OpenSSH_3.8.1p1 Debian-8.sarge.6 pat OpenSSH_3.*
> > debug1: Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-8
> > debug2: fd 3 setting O_NONBLOCK
> > debug3: privsep user:group 103:65534
> > debug1: permanently_set_uid: 103/65534
> > debug1: list_hostkey_types: ssh-rsa,ssh-dss
> > debug1: SSH2_MSG_KEXINIT sent
> > debug2: Network child is on pid 4713
> > debug3: preauth child monitor started
> > debug3: mm_request_receive entering