可以PING通对方，TELNET对方的22端口也是通到
局域网里到WINDOWS使用PUTTY是可以链接到远程主机到
真是奇怪呀

uncoffee@suncoffee:~$ ssh -v IP
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to IP [IP] port 22.
debug1: Connection established.
debug1: identity file /home/suncoffee/.ssh/id_rsa type -1
debug1: identity file /home/suncoffee/.ssh/id_rsa-cert type -1
debug1: identity file /home/suncoffee/.ssh/id_dsa type -1
debug1: identity file /home/suncoffee/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu4
debug1: SSH2_MSG_KEXINIT sent

到这里就停了，没有反应了

解决办法：修改内核参数
net.ipv4.tcp_rmem = 4096 87380 207520

10-03-2007, 04:17 AM
unix 
Junior Member

Join Date: Sep 2009
Posts: 0
ssh hang after SSH2_MSG_KEXINIT sent


..... but I'm fairly sure it's not an MTU problem and that's the only
thing I can find using Google.

Other client connections to the same host work OK, even from ssh
clients on the same subnet as the ssh client that doesn't work.
Similarly the ssh client that hangs in this one particular case can
connect to other ssh host machines. One other Fedora 6 Core client
machine on the same network *does* show the same problem, an Ubuntu
and an older Fedora machine don't show the problem.

The ssh client is OpenSSH_4.3p2 on a Fedora Core 6 installation, the
host it can't connect to is OpenSSH_4.4p1 on a Slackware 11 machine.


Having done a google search for this problem I have tried setting the
MTU to 576 on both client and host, no effect at all. (I simply did
'ifconfig eth0 mtu 576' on both machines as root, is this all that's
needed?)


The client debug reads as follows:-

debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/chris/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.4
debug1: match: OpenSSH_4.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
Read from socket failed: Connection reset by peer

There's a long (minutes) pause after the SSH2_MSG_KEXINIT sent.

Does anyone have any suggestions as to what might be the problem?

--
Chris Green

#2 
10-03-2007, 04:17 AM
unix 
Junior Member

Join Date: Sep 2009
Posts: 0
Re: ssh hang after SSH2_MSG_KEXINIT sent
On Mar 14, 6:35 pm, tinn...@isbd.co.uk wrote:
> .... but I'm fairly sure it's not an MTU problem and that's the only
> thing I can find using Google.
>
> Other client connections to the same host work OK, even from ssh
> clients on the same subnet as the ssh client that doesn't work.
> Similarly the ssh client that hangs in this one particular case can
> connect to other ssh host machines. One other Fedora 6 Core client
> machine on the same network *does* show the same problem, an Ubuntu
> and an older Fedora machine don't show the problem.
>
> The ssh client is OpenSSH_4.3p2 on a Fedora Core 6 installation, the
> host it can't connect to is OpenSSH_4.4p1 on a Slackware 11 machine.
>
> Having done a google search for this problem I have tried setting the
> MTU to 576 on both client and host, no effect at all. (I simply did
> 'ifconfig eth0 mtu 576' on both machines as root, is this all that's
> needed?)
>
> The client debug reads as follows:-
>
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: missing keytype
> debug1: identity file /home/chris/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version OpenSSH_4.4
> debug1: match: OpenSSH_4.4 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.3
> debug2: fd 3 setting O_NONBLOCK
> debug1: SSH2_MSG_KEXINIT sent
> Read from socket failed: Connection reset by peer
>
> There's a long (minutes) pause after the SSH2_MSG_KEXINIT sent.
>
> Does anyone have any suggestions as to what might be the problem?
>
> --
> Chris Green

Hi there,
I have the same problem, but with open SuSE 10.2.
On the same machine I have windows instalation and it works from there
with putty. Even from windows and VmPlayer with openSuSE 10.2 there is
NO problem connect to one single host.
The connection to other hosts using sshd is ok. Even to windows
servers with copSSH.
I tried change the MTU - it doesn helped.

Here is the client debug:
OpenSSH_4.4p1, OpenSSL 0.9.8d 28 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.4
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent

And here it HANGS!!
I tryed putty for linux and the problem persist.
Could this be something with the kernel params?
On suse machines i use different kernels: 2.6.18.2-34-xen, 2.6.18.2-34-
default.

10x to everyone


#3 
10-03-2007, 04:18 AM
unix 
Junior Member

Join Date: Sep 2009
Posts: 0
Re: ssh hang after SSH2_MSG_KEXINIT sent

ssabc...@gmail.com wrote:
> On Mar 14, 6:35 pm, tinn...@isbd.co.uk wrote:
> > .... but I'm fairly sure it's not an MTU problem and that's the only
> > thing I can find using Google.
> >
> > Other client connections to the same host work OK, even from ssh
> > clients on the same subnet as the ssh client that doesn't work.
> > Similarly the ssh client that hangs in this one particular case can
> > connect to other ssh host machines. One other Fedora 6 Core client
> > machine on the same network *does* show the same problem, an Ubuntu
> > and an older Fedora machine don't show the problem.
> >
> > The ssh client is OpenSSH_4.3p2 on a Fedora Core 6 installation, the
> > host it can't connect to is OpenSSH_4.4p1 on a Slackware 11 machine.
> >
> > Having done a google search for this problem I have tried setting the
> > MTU to 576 on both client and host, no effect at all. (I simply did
> > 'ifconfig eth0 mtu 576' on both machines as root, is this all that's
> > needed?)
> >
> > The client debug reads as follows:-
> >
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug2: key_type_from_name: unknown key type '-----END'
> > debug3: key_read: missing keytype
> > debug1: identity file /home/chris/.ssh/id_dsa type 2
> > debug1: Remote protocol version 1.99, remote software version OpenSSH_4.4
> > debug1: match: OpenSSH_4.4 pat OpenSSH*
> > debug1: Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_4.3
> > debug2: fd 3 setting O_NONBLOCK
> > debug1: SSH2_MSG_KEXINIT sent
> > Read from socket failed: Connection reset by peer
> >
> > There's a long (minutes) pause after the SSH2_MSG_KEXINIT sent.
> >
> > Does anyone have any suggestions as to what might be the problem?
> >
> > --
> > Chris Green
>
> Hi there,
> I have the same problem, but with open SuSE 10.2.
> On the same machine I have windows instalation and it works from there
> with putty. Even from windows and VmPlayer with openSuSE 10.2 there is
> NO problem connect to one single host.
> The connection to other hosts using sshd is ok. Even to windows
> servers with copSSH.
> I tried change the MTU - it doesn helped.
>
> Here is the client debug:
> OpenSSH_4.4p1, OpenSSL 0.9.8d 28 Sep 2006
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: identity file /root/.ssh/identity type -1
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.9p1
> debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.4
> debug2: fd 3 setting O_NONBLOCK
> debug1: SSH2_MSG_KEXINIT sent
>
> And here it HANGS!!
> I tryed putty for linux and the problem persist.
> Could this be something with the kernel params?
> On suse machines i use different kernels: 2.6.18.2-34-xen, 2.6.18.2-34-
> default.
>
> 10x to everyone

I am seeing this problem on Debian testing (lenny) with a 2.6.18
kernel. Given the previous comments I'm starting to guess it's
something in 2.6.18. Here is a compiled list so far including my
machines.

Fedora Core 6 -> hangs
2.6.18

OpenSuse 10.2 -> hangs
2.6.18.2-34

Opensuse 10.1 -> works
2.6.16

Xubuntu 7.04 -> works
2.6.20-15.27
OpenSSH_4.3p2 Debian-8ubuntu1, OpenSSL 0.9.8c 05 Sep 2006

Debian Etch -> hangs
2.6.18.dfsg.1-12etch2
OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8c 05 Sep 2006

Debian Etch -> works
linux-image-2.6.15-1-486
OpenSSH_4.2p1 Debian-5, OpenSSL 0.9.8a 11 Oct 2005

Debian lenny/sid -> hangs
Kernel: 2.6.18.dfsg.1-12etch2
OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8e 23 Feb 2007
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007

Centos 4 -> works
2.6.9-55.EL
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003



In my case I am doing the following:

Workstation A -> Nat -> Internet -> Nat -> Workstation B

The ubuntu, opensuse 10.1, Centos, and the debians following the same
network path.


#4 
10-03-2007, 04:18 AM
unix 
Junior Member

Join Date: Sep 2009
Posts: 0
Re: ssh hang after SSH2_MSG_KEXINIT sent
Hi there,
Finally I fond how to make a workaround!
It is a kernel parameter....bu the real problem is somewhere out
there....on the path between to machines.

so What I've done - I'v changed the kernel parameter
net.ipv4.tcp_rmem.

from
net.ipv4.tcp_rmem = 4096 87380 4194304
to
net.ipv4.tcp_rmem = 4096 87380 207520

And it worked...
I made a systl -a > file.1 on FC6 and then syscl -p file.1 on SuSE
10.2 and it worked...then diff and a lot of test...
Hope somebody can tell actually what is the problem.
The machines that I cannot ( now I can ) connect via SSH are behind
BSD firewall ( not supported by our company )....and 16 hops.
I presume that between 2 machines there a network unit which cannot
handle big traffic (may be I'm wrong )....but how to say which one?






#5 
10-03-2007, 04:18 AM
unix 
Junior Member

Join Date: Sep 2009
Posts: 0
Re: ssh hang after SSH2_MSG_KEXINIT sent
ssabc...@gmail.com napisa (a):
[...]
> I made a systl -a > file.1 on FC6 and then syscl -p file.1 on SuSE
> 10.2 and it worked...then diff and a lot of test...
> Hope somebody can tell actually what is the problem.
> The machines that I cannot ( now I can ) connect via SSH are behind
> BSD firewall ( not supported by our company )....and 16 hops.
> I presume that between 2 machines there a network unit which cannot
> handle big traffic (may be I'm wrong )....but how to say which one?

I have the same problem.
Have you found any solution not workaround for this?

I also have a BSD system in beetween (with IPSEC).

Regards,

Dawid SQ6EMM


#6 
10-03-2007, 04:18 AM
unix 
Junior Member

Join Date: Sep 2009
Posts: 0
Re: ssh hang after SSH2_MSG_KEXINIT sent
On 2007-06-12, dawszy@gmail.com wrote:
[...]
> I have the same problem.
> Have you found any solution not workaround for this?

Set the MTU to 1492 or less. See:
http://www.snailbook.com/faq/mtu-mismatch.auto.html

> I also have a BSD system in beetween (with IPSEC).

IPSEC is one of the usual suspects for MTU problems.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

#7 
10-03-2007, 04:18 AM
unix 
Junior Member

Join Date: Sep 2009
Posts: 0
Re: ssh hang after SSH2_MSG_KEXINIT sent
As I wrote before - I've tested MTU options but only on machines that
I can control!
And it didnt worked.
I don't have any other ideas.
May be you can try change the MTU on the BSD - whre IPSEC is running.
BR,
Stiliyan Sabchew