You are not logged in.

#1 2021-03-06 07:10:15

becho4
Member
From: Galicia, Spain
Registered: 2004-12-09
Posts: 84

ssh client freezes while trying to connect

I have several PCs with archlinux at home in my local network and when I try to connect from "palf" to "pimi" the ssh client freezes while trying to connect. If I try to connect from two other PCs to "pimi" ssh works perfectly fine.

To troubleshoot the issue I manually run the ssh server in "pimi":

[root@pimi ~]# /usr/sbin/sshd -d -D -p 222
debug1: sshd version OpenSSH_8.4, OpenSSL 1.1.1j  16 Feb 2021
debug1: private host key #0: ssh-rsa SHA256:0ZIg8LtntCOYc4nAALov8+CbGlt+vSigKWYiungsGmo
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:24RgiHQ/GuNJKqyHqb8WBJ7CIDfpDzXAKH6s9+ViJzg
debug1: private host key #2: ssh-ed25519 SHA256:BAjTqCpBbTc8Axi/w11v6jO9q04EQSbhDPUUfYADW4s
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-D'
debug1: rexec_argv[3]='-p'
debug1: rexec_argv[4]='222'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 222 on 0.0.0.0.
Server listening on 0.0.0.0 port 222.
debug1: Bind to port 222 on ::.
Server listening on :: port 222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: sshd version OpenSSH_8.4, OpenSSL 1.1.1j  16 Feb 2021
debug1: private host key #0: ssh-rsa SHA256:0ZIg8LtntCOYc4nAALov8+CbGlt+vSigKWYiungsGmo
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:24RgiHQ/GuNJKqyHqb8WBJ7CIDfpDzXAKH6s9+ViJzg
debug1: private host key #2: ssh-ed25519 SHA256:BAjTqCpBbTc8Axi/w11v6jO9q04EQSbhDPUUfYADW4s
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.0.16 port 47282 on 192.168.0.15 port 222 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_8.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4
debug1: match: OpenSSH_8.4 pat OpenSSH* compat 0x04000000
debug1: permanently_set_uid: 65534/65534 [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com [preauth]
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: rekey out after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: Sending SSH2_MSG_EXT_INFO [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey in after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user imi service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "imi"
debug1: PAM: setting PAM_RHOST to "192.168.0.16"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user imi service ssh-connection method password [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: PAM: password authentication accepted for imi
debug1: do_pam_account: called
Accepted password for imi from 192.168.0.16 port 47282 ssh2
debug1: monitor_child_preauth: imi has been authenticated by privileged process
debug1: Enabling compression at level 6. [preauth]
debug1: monitor_read_log: child log fd closed
debug1: PAM: establishing credentials
User child is on pid 747816
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 1001/1001
debug1: rekey in after 134217728 blocks
debug1: rekey out after 134217728 blocks
debug1: ssh_packet_set_postauth: called
debug1: Enabling compression at level 6.
debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
debug1: server_input_channel_req: channel 0 request x11-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req x11-req
debug1: channel 1: new [X11 inet listener]
debug1: channel 2: new [X11 inet listener]
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: session 0
debug1: session_pty_req: session 0 alloc /dev/pts/3
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: shell on pts/3 for imi from 192.168.0.16 port 47282 id 0
debug1: Setting controlling tty using TIOCSCTTY.

and then try to connect from "palf":

[alf@palf ~]$ ssh -v -C -A -X -p 222 imi@pimi
OpenSSH_8.4p1, OpenSSL 1.1.1j  16 Feb 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to pimi [192.168.0.15] port 222.
debug1: Connection established.
debug1: identity file /home/alf/.ssh/id_rsa type -1
debug1: identity file /home/alf/.ssh/id_rsa-cert type -1
debug1: identity file /home/alf/.ssh/id_dsa type -1
debug1: identity file /home/alf/.ssh/id_dsa-cert type -1
debug1: identity file /home/alf/.ssh/id_ecdsa type -1
debug1: identity file /home/alf/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/alf/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/alf/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/alf/.ssh/id_ed25519 type -1
debug1: identity file /home/alf/.ssh/id_ed25519-cert type -1
debug1: identity file /home/alf/.ssh/id_ed25519_sk type -1
debug1: identity file /home/alf/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/alf/.ssh/id_xmss type -1
debug1: identity file /home/alf/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4
debug1: match: OpenSSH_8.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to pimi:222 as 'imi'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:24RgiHQ/GuNJKqyHqb8WBJ7CIDfpDzXAKH6s9+ViJzg
debug1: checking without port identifier
debug1: Host 'pimi' is known and matches the ECDSA host key.
debug1: Found key in /home/alf/.ssh/known_hosts:1
debug1: found matching key w/out port
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/alf/.ssh/id_rsa 
debug1: Will attempt key: /home/alf/.ssh/id_dsa 
debug1: Will attempt key: /home/alf/.ssh/id_ecdsa 
debug1: Will attempt key: /home/alf/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/alf/.ssh/id_ed25519 
debug1: Will attempt key: /home/alf/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/alf/.ssh/id_xmss 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/alf/.ssh/id_rsa
debug1: Trying private key: /home/alf/.ssh/id_dsa
debug1: Trying private key: /home/alf/.ssh/id_ecdsa
debug1: Trying private key: /home/alf/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/alf/.ssh/id_ed25519
debug1: Trying private key: /home/alf/.ssh/id_ed25519_sk
debug1: Trying private key: /home/alf/.ssh/id_xmss
debug1: Next authentication method: password
imi@pimi's password: 
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (password).
Authenticated to pimi ([192.168.0.15]:222).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: exec
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Requesting X11 forwarding with authentication spoofing.

The ssh client seems to freeze while "Requesting X11 forwarding with authentication spoofing." but couldn't find any info on google about this.

This is the sshd configuration file in "pimi"

[root@pimi ~]# cat /etc/ssh/sshd_config 
#       $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no # pam does that
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/lib/ssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

I have been fighting this issue for a few days. Already reinstalled ssh and recreated the ssh config files from scratch in both "pimi" and "palf" but I'm totally lost.

Any ideas or hits of what I could check?

Offline

#2 2021-03-06 07:31:12

paulkerry
Member
From: Sheffield, UK
Registered: 2014-10-02
Posts: 570

Re: ssh client freezes while trying to connect

For X11 forwarding, you need xauth, so on "pimi" do you have xauth installed? It's in the xorg-xauth package.

Offline

#3 2021-03-06 07:36:31

becho4
Member
From: Galicia, Spain
Registered: 2004-12-09
Posts: 84

Re: ssh client freezes while trying to connect

Yes, xorg-auth is installed. In fact I can connect via ssh to "pimi" from 2 other PCs so I guess the issue should not be in "pimi".

[root@pimi ~]# pacman -Q | grep xauth
xorg-xauth 1.1-2

Last edited by becho4 (2021-03-06 07:37:23)

Offline

#4 2021-03-06 08:51:27

paulkerry
Member
From: Sheffield, UK
Registered: 2014-10-02
Posts: 570

Re: ssh client freezes while trying to connect

OK. I read that it worked for your other 2 pc's, but you didn't post what happened when using those, presumably it does not freeze at the same point and login succeeds.
openssh is at version 8.5p1-1 so you are out of date on both "pimi" and "palf".
Have you tried doing the same ssh command on "palf" using an ip address rather than a hostname?
Does the same thing happen if you create and use a new user account created on "palf"?

Edit: also for the sshd command, you can use up to 3x "-d" switches to increase the debug level.

Last edited by paulkerry (2021-03-06 08:55:04)

Offline

#5 2021-03-06 12:32:15

becho4
Member
From: Galicia, Spain
Registered: 2004-12-09
Posts: 84

Re: ssh client freezes while trying to connect

openssh is at version 8.5p1-1 so you are out of date on both "pimi" and "palf".

I just updated with "pacman -Syu" both "pimi" and "palf".
After the upgrade the ssh client at "palf" freezes before asking the password (before the upgrade the client was freezing after entering the password). Now it seems that the ssh client doesn't even connect to the server.

OK. I read that it worked for your other 2 pc's, but you didn't post what happened when using those, presumably it does not freeze at the same point and login succeeds.

Yes, connecting from my 2 other PCs the ssh connection works fine, so no freeze and login succeeds. Everything perfectly fine.

This is what I get when connecting from one of these 2 PCs to "pimi" where there are no issues:

This is the server log:

[root@pimi ~]# /usr/sbin/sshd -d -D -p 222   
debug1: sshd version OpenSSH_8.5, OpenSSL 1.1.1j  16 Feb 2021
debug1: private host key #0: ssh-rsa SHA256:0ZIg8LtntCOYc4nAALov8+CbGlt+vSigKWYiungsGmo
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:24RgiHQ/GuNJKqyHqb8WBJ7CIDfpDzXAKH6s9+ViJzg
debug1: private host key #2: ssh-ed25519 SHA256:BAjTqCpBbTc8Axi/w11v6jO9q04EQSbhDPUUfYADW4s
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-D'
debug1: rexec_argv[3]='-p'
debug1: rexec_argv[4]='222'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 222 on 0.0.0.0.
Server listening on 0.0.0.0 port 222.
debug1: Bind to port 222 on ::.
Server listening on :: port 222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: sshd version OpenSSH_8.5, OpenSSL 1.1.1j  16 Feb 2021
debug1: private host key #0: ssh-rsa SHA256:0ZIg8LtntCOYc4nAALov8+CbGlt+vSigKWYiungsGmo
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:24RgiHQ/GuNJKqyHqb8WBJ7CIDfpDzXAKH6s9+ViJzg
debug1: private host key #2: ssh-ed25519 SHA256:BAjTqCpBbTc8Axi/w11v6jO9q04EQSbhDPUUfYADW4s
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.0.7 port 36174 on 192.168.0.15 port 222 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_8.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4
debug1: compat_banner: match: OpenSSH_8.4 pat OpenSSH* compat 0x04000000
debug1: permanently_set_uid: 65534/65534 [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com [preauth]
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
debug1: rekey out after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: Sending SSH2_MSG_EXT_INFO [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey in after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user imi service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "imi"
debug1: PAM: setting PAM_RHOST to "192.168.0.7"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user imi service ssh-connection method password [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: PAM: password authentication accepted for imi
debug1: do_pam_account: called
Accepted password for imi from 192.168.0.7 port 36174 ssh2
debug1: monitor_child_preauth: user imi authenticated by privileged process
debug1: Enabling compression at level 6. [preauth]
debug1: monitor_read_log: child log fd closed
debug1: PAM: establishing credentials
User child is on pid 2831
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 1001/1001
debug1: rekey in after 134217728 blocks
debug1: rekey out after 134217728 blocks
debug1: ssh_packet_set_postauth: called
debug1: Enabling compression at level 6.
debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: session 0
debug1: session_pty_req: session 0 alloc /dev/pts/2
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: shell on pts/2 for imi from 192.168.0.7 port 36174 id 0
debug1: Setting controlling tty using TIOCSCTTY.

and this is the client log:

[root@nuc ~]# ssh -v -C -A -Xvvv -p 222 imi@pimi
OpenSSH_8.4p1, OpenSSL 1.1.1i  8 Dec 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'
debug2: resolving "pimi" port 222
debug2: ssh_connect_direct
debug1: Connecting to pimi [192.168.0.15] port 222.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.5
debug1: match: OpenSSH_8.5 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to pimi:222 as 'imi'
debug3: put_host_port: [pimi]:222
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: zlib@openssh.com,zlib,none
debug2: compression stoc: zlib@openssh.com,zlib,none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:24RgiHQ/GuNJKqyHqb8WBJ7CIDfpDzXAKH6s9+ViJzg
debug3: put_host_port: [192.168.0.15]:222
debug3: put_host_port: [pimi]:222
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug1: checking without port identifier
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from pimi
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 192.168.0.15
debug1: Host 'pimi' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: found matching key w/out port
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa 
debug1: Will attempt key: /root/.ssh/id_dsa 
debug1: Will attempt key: /root/.ssh/id_ecdsa 
debug1: Will attempt key: /root/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /root/.ssh/id_ed25519 
debug1: Will attempt key: /root/.ssh/id_ed25519_sk 
debug1: Will attempt key: /root/.ssh/id_xmss 
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa_sk
debug3: no such identity: /root/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519_sk
debug3: no such identity: /root/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /root/.ssh/id_xmss
debug3: no such identity: /root/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
imi@pimi's password: 
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (password).
Authenticated to pimi ([192.168.0.15]:222).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: exec
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug1: X11 forwarding requested but DISPLAY not set
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x48
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Sat Mar  6 07:53:50 2021 from 192.168.0.16
Environment:
  USER=imi
  LOGNAME=imi
  HOME=/home/imi
  PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
  SHELL=/bin/bash
  TERM=xterm-256color
  MOTD_SHOWN=pam
  MAIL=/var/spool/mail/imi
  SSH_CLIENT=192.168.0.7 36174 222
  SSH_CONNECTION=192.168.0.7 36174 192.168.0.15 222
  SSH_TTY=/dev/pts/2
[imi@pimi ~]$ 

Have you tried doing the same ssh command on "palf" using an ip address rather than a hostname?

Yes, I see the same behavior using the IP address or the machine name. This is what I get from the server:

[root@pimi ~]# /usr/sbin/sshd -ddd -D -p 222
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 288
debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 288
debug3: /etc/ssh/sshd_config:32 setting PermitRootLogin yes
debug3: /etc/ssh/sshd_config:41 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:61 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:82 setting UsePAM yes
debug3: /etc/ssh/sshd_config:87 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:91 setting PrintMotd no
debug3: /etc/ssh/sshd_config:109 setting Subsystem sftp /usr/lib/ssh/sftp-server
debug1: sshd version OpenSSH_8.5, OpenSSL 1.1.1j  16 Feb 2021
debug1: private host key #0: ssh-rsa SHA256:0ZIg8LtntCOYc4nAALov8+CbGlt+vSigKWYiungsGmo
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:24RgiHQ/GuNJKqyHqb8WBJ7CIDfpDzXAKH6s9+ViJzg
debug1: private host key #2: ssh-ed25519 SHA256:BAjTqCpBbTc8Axi/w11v6jO9q04EQSbhDPUUfYADW4s
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-D'
debug1: rexec_argv[3]='-p'
debug1: rexec_argv[4]='222'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 222 on 0.0.0.0.
Server listening on 0.0.0.0 port 222.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 222 on ::.
Server listening on :: port 222.

and this from the client:

[alf@palf ~]$ ssh -vvv -C -A -X -p 222 imi@192.168.0.15
OpenSSH_8.5p1, OpenSSL 1.1.1j  16 Feb 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 192.168.0.15 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/alf/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/alf/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.0.15 [192.168.0.15] port 222.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48

Does the same thing happen if you create and use a new user account created on "palf"?

I created a new user dummy but got the same result:

[dummy@palf alf]$ whoami
dummy
[dummy@palf alf]$ ssh -vvv -C -A -X -p 222 imi@pimi
OpenSSH_8.5p1, OpenSSL 1.1.1j  16 Feb 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/dummy/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/dummy/.ssh/known_hosts2'
debug2: resolving "pimi" port 222
debug3: ssh_connect_direct: entering
debug1: Connecting to pimi [192.168.0.15] port 222.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48

Last edited by becho4 (2021-03-06 12:32:45)

Offline

#6 2021-03-06 22:04:42

paulkerry
Member
From: Sheffield, UK
Registered: 2014-10-02
Posts: 570

Re: ssh client freezes while trying to connect

becho4 wrote:

debug2: shell request accepted on channel 0
Last login: Sat Mar  6 07:53:50 2021 from 192.168.0.16
Environment:
  USER=imi
  LOGNAME=imi
  HOME=/home/imi
  PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
  SHELL=/bin/bash
  TERM=xterm-256color
  MOTD_SHOWN=pam
  MAIL=/var/spool/mail/imi
  SSH_CLIENT=192.168.0.7 36174 222
  SSH_CONNECTION=192.168.0.7 36174 192.168.0.15 222
  SSH_TTY=/dev/pts/2
[imi@pimi ~]$

Check your setup on "pimi" - you wouldn't normally see all of those "Environment" lines being output unless you have done something to either your user or system-wide config files, like the files belonging to the shell. When I login, I just see the "Last login:...." line and then the shell prompt ready to accept commands, with nothing else afterwards.

Last edited by paulkerry (2021-03-06 22:07:35)

Offline

#7 2021-03-08 14:53:53

paulkerry
Member
From: Sheffield, UK
Registered: 2014-10-02
Posts: 570

Re: ssh client freezes while trying to connect

Have you had any success?
I've been reviewing your output in case I missed something.

In your original post, you have...

becho4 wrote:

debug1: Requesting X11 forwarding with authentication spoofing

at which point it hung.
In a later post you say another client system you have is working: that has...

becho4 wrote:

debug1: X11 forwarding requested but DISPLAY not set

so it would appear to me that your clients have different setups so this wouldn't be a fair test.
Maybe on the 2nd client you say is working, you are not running an X server, so DISPLAY won't be set, bypassing the X11 forwarding?

Offline

#8 2021-03-08 15:58:51

becho4
Member
From: Galicia, Spain
Registered: 2004-12-09
Posts: 84

Re: ssh client freezes while trying to connect

Have you had any success?

I couldn't fix it so far.
To be honest I don't know what to check.
I really have no clue where is the problem but it is hard for me to think that it is on the ssh itself since I reviewed the config files several times and went back to the default ones.
My wild guess is that it is something related to some misconfiguration of the network somewhere but couldn't find any evidence of that.

Maybe on the 2nd client you say is working, you are not running an X server, so DISPLAY won't be set, bypassing the X11 forwarding?

The 2nd client named "nuc" has archlinux with KDE running so same as pimi or palf. I have a server as well without X server and can connect as well without any issues.

Offline

#9 2021-03-08 16:13:26

becho4
Member
From: Galicia, Spain
Registered: 2004-12-09
Posts: 84

Re: ssh client freezes while trying to connect

Just tried directly with telnet to be sure the ssh server is accessible and it is indeed:

[root@pimi ~]# /usr/sbin/sshd -ddd -D -p 222
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 288
debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 288
debug3: /etc/ssh/sshd_config:32 setting PermitRootLogin yes
debug3: /etc/ssh/sshd_config:41 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:61 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:82 setting UsePAM yes
debug3: /etc/ssh/sshd_config:87 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:91 setting PrintMotd no
debug3: /etc/ssh/sshd_config:109 setting Subsystem sftp /usr/lib/ssh/sftp-server
debug1: sshd version OpenSSH_8.5, OpenSSL 1.1.1j  16 Feb 2021
debug1: private host key #0: ssh-rsa SHA256:0ZIg8LtntCOYc4nAALov8+CbGlt+vSigKWYiungsGmo
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:24RgiHQ/GuNJKqyHqb8WBJ7CIDfpDzXAKH6s9+ViJzg
debug1: private host key #2: ssh-ed25519 SHA256:BAjTqCpBbTc8Axi/w11v6jO9q04EQSbhDPUUfYADW4s
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-D'
debug1: rexec_argv[3]='-p'
debug1: rexec_argv[4]='222'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 222 on 0.0.0.0.
Server listening on 0.0.0.0 port 222.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 222 on ::.
Server listening on :: port 222.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 288
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config_depth: config rexec len 288
debug3: rexec:32 setting PermitRootLogin yes
debug3: rexec:41 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: rexec:61 setting ChallengeResponseAuthentication no
debug3: rexec:82 setting UsePAM yes
debug3: rexec:87 setting X11Forwarding yes
debug3: rexec:91 setting PrintMotd no
debug3: rexec:109 setting Subsystem sftp        /usr/lib/ssh/sftp-server
debug1: sshd version OpenSSH_8.5, OpenSSL 1.1.1j  16 Feb 2021
debug1: private host key #0: ssh-rsa SHA256:0ZIg8LtntCOYc4nAALov8+CbGlt+vSigKWYiungsGmo
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:24RgiHQ/GuNJKqyHqb8WBJ7CIDfpDzXAKH6s9+ViJzg
debug1: private host key #2: ssh-ed25519 SHA256:BAjTqCpBbTc8Axi/w11v6jO9q04EQSbhDPUUfYADW4s
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.0.16 port 33026 on 192.168.0.15 port 222 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_8.5
[alf@palf ~]$ telnet pimi 222
Trying 192.168.0.15...
Connected to pimi.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.5

The ssh client doesn't connect though:

[root@pimi ~]# /usr/sbin/sshd -ddd -D -p 222
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 288
debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 288
debug3: /etc/ssh/sshd_config:32 setting PermitRootLogin yes
debug3: /etc/ssh/sshd_config:41 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:61 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:82 setting UsePAM yes
debug3: /etc/ssh/sshd_config:87 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:91 setting PrintMotd no
debug3: /etc/ssh/sshd_config:109 setting Subsystem sftp /usr/lib/ssh/sftp-server
debug1: sshd version OpenSSH_8.5, OpenSSL 1.1.1j  16 Feb 2021
debug1: private host key #0: ssh-rsa SHA256:0ZIg8LtntCOYc4nAALov8+CbGlt+vSigKWYiungsGmo
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:24RgiHQ/GuNJKqyHqb8WBJ7CIDfpDzXAKH6s9+ViJzg
debug1: private host key #2: ssh-ed25519 SHA256:BAjTqCpBbTc8Axi/w11v6jO9q04EQSbhDPUUfYADW4s
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-D'
debug1: rexec_argv[3]='-p'
debug1: rexec_argv[4]='222'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 222 on 0.0.0.0.
Server listening on 0.0.0.0 port 222.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 222 on ::.
Server listening on :: port 222.
[alf@palf ~]$ ssh -v -C -A -Xvvv -p 222 imi@pimi
OpenSSH_8.5p1, OpenSSL 1.1.1j  16 Feb 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/alf/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/alf/.ssh/known_hosts2'
debug2: resolving "pimi" port 222
debug3: ssh_connect_direct: entering
debug1: Connecting to pimi [192.168.0.15] port 222.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48

Offline

#10 2021-03-09 21:32:09

paulkerry
Member
From: Sheffield, UK
Registered: 2014-10-02
Posts: 570

Re: ssh client freezes while trying to connect

Can you post /etc/ssh/ssh_config from "palf" and "alf@palf"'s ~/.ssh/config if there is one?
Does it make a difference if you run sshd on "pimi" using the normal systemd method of starting the service over the normal port 22 rather than running it manually?
You can change the Port line in /etc/ssh/sshd_config later.
Also did you take a look at https://wiki.archlinux.org/index.php/Op … leshooting

Offline

#11 2021-03-10 17:37:00

becho4
Member
From: Galicia, Spain
Registered: 2004-12-09
Posts: 84

Re: ssh client freezes while trying to connect

/etc/ssh/ssh_config from "palf"

[alf@palf]$ cat /etc/ssh/ssh_config 
#       $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k

There is no ~/.ssh/config for alf@palf

[alf@palf ~]$ ls ~/.ssh
known_hosts  known_hosts.old

Does it make a difference if you run sshd on "pimi" using the normal systemd method of starting the service over the normal port 22 rather than running it manually?

I see the same behavior in both scenarios.

You can change the Port line in /etc/ssh/sshd_config later.

I changed the port to 222 in the file /etc/ssh/sshd_config at pimi.
Then tried to connect from palf but got the same result as using port 22

[alf@palf ~]$  ssh -v -C -A -Xvvv -p 222 imi@pimi
OpenSSH_8.5p1, OpenSSL 1.1.1j  16 Feb 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/alf/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/alf/.ssh/known_hosts2'
debug2: resolving "pimi" port 222
debug3: ssh_connect_direct: entering
debug1: Connecting to pimi [192.168.0.15] port 222.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48

Also did you take a look at https://wiki.archlinux.org/index.php/Op … leshooting

I just checked all the points mentioned in there but couldn't find any issues.

I installed tcpdump in pimi, then started the ssh server in pimi on port 222

Then connected via telnet from palf to pimi sshd on port 222 and got this output:

[root@pimi ~]# sudo tcpdump -ni wlo1 "port 222"
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wlo1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
18:29:52.428325 IP 192.168.0.16.45372 > 192.168.0.15.222: Flags [S], seq 2772512106, win 64240, options [mss 1460,sackOK,TS val 1074716132 ecr 0,nop,wscale 7], length 0
18:29:52.428437 IP 192.168.0.15.222 > 192.168.0.16.45372: Flags [S.], seq 1423143135, ack 2772512107, win 65160, options [mss 1460,sackOK,TS val 3584487937 ecr 1074716132,nop,wscale 7], length 0
18:29:52.432726 IP 192.168.0.16.45372 > 192.168.0.15.222: Flags [.], ack 1, win 502, options [nop,nop,TS val 1074716136 ecr 3584487937], length 0
18:29:52.446323 IP 192.168.0.15.222 > 192.168.0.16.45372: Flags [P.], seq 1:22, ack 1, win 510, options [nop,nop,TS val 3584487955 ecr 1074716136], length 21
18:29:52.450535 IP 192.168.0.16.45372 > 192.168.0.15.222: Flags [.], ack 22, win 502, options [nop,nop,TS val 1074716154 ecr 3584487955], length 0

Then connected via the ssh client from palf to pimi sshd on port 222 and got no output at all:

[root@pimi ~]# sudo tcpdump -ni wlo1 "port 222"
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wlo1, link-type EN10MB (Ethernet), snapshot length 262144 bytes

The telnet command makes the connection from palf to pimi so the network setup I guess should be fine.
The problem is not that the ssh server refuses the connection, but a timeout problem while trying to establish the connection.
What could be preventing the ssh client at palf from connecting to the sshd at pimi?

Last edited by becho4 (2021-03-10 17:43:52)

Offline

#12 2021-03-11 13:11:24

paulkerry
Member
From: Sheffield, UK
Registered: 2014-10-02
Posts: 570

Re: ssh client freezes while trying to connect

Very strange. I see from your tcpdump command that you are using a wireless interface ("wlo1"): I presumed you were using wired ethernet throughout.
Are you able to use wired on both ends connected via a switch for instance and if so, does that work? Could this be a network "route" issue or an issue with your router?

Last edited by paulkerry (2021-03-11 13:12:48)

Offline

#13 2021-03-12 07:33:11

becho4
Member
From: Galicia, Spain
Registered: 2004-12-09
Posts: 84

Re: ssh client freezes while trying to connect

Both pimi and palf are connected to the same local network via wireless interface.
I just connected palf via wire and now it can connect via ssh to pimi. No more ssh issues.

Do you know what might be the reason for this?

Last edited by becho4 (2021-03-12 07:40:23)

Offline

#14 2021-03-12 08:23:23

paulkerry
Member
From: Sheffield, UK
Registered: 2014-10-02
Posts: 570

Re: ssh client freezes while trying to connect

At last: something works!
If you are using your own router, it could be segregation of some kind: try searching for router settings like "AP Isolation" and/or "Network Segregation".
Lots of hits online for this: search for "cannot ssh using wifi"

Last edited by paulkerry (2021-03-12 08:23:56)

Offline

#15 2021-03-16 17:43:35

becho4
Member
From: Galicia, Spain
Registered: 2004-12-09
Posts: 84

Re: ssh client freezes while trying to connect

In my local network I have an ASUS EA-AC87 configured as access point and couldn't find any settings regarding blocking specific ports or protocols.

Since this is happening in a single computer in which using a wired connection is not a big deal I give up on finding the root cause of this.

Offline

#16 2021-03-22 19:55:51

paulkerry
Member
From: Sheffield, UK
Registered: 2014-10-02
Posts: 570

Re: ssh client freezes while trying to connect

Ports or protocols settings?

Not sure if it's relevant, but searching for "ASUS EA-AC87 ap isolation" I came across https://www.asus.com/support/FAQ/1011438/
and searching on there for the word "isolate" I found...

7. Set IP Isolated: When this feature is enabled, wireless clients or devices will not be able to communicate with each other. You may want to utilize this feature if you have many guests frequently using your wireless network.

Also https://www.asus.com/me-en/support/FAQ/1044821/

Offline

Board footer

Powered by FluxBB