Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Is your job running? You'd better go catch it!


computers / comp.security.ssh / Re: ssh gets stuck before entering password

SubjectAuthor
* ssh gets stuck before entering passwordKnarf Reueh
+* Re: ssh gets stuck before entering passwordbob prohaska
|`* Re: ssh gets stuck before entering passwordKnarf Reueh
| `* Re: ssh gets stuck before entering passwordbob prohaska
|  `- Re: ssh gets stuck before entering passwordWilliam Unruh
`* Re: ssh gets stuck before entering passwordGrant Taylor
 `* Re: ssh gets stuck before entering passwordKnarf Reueh
  `* Re: ssh gets stuck before entering passwordGrant Taylor
   `* Re: ssh gets stuck before entering passwordKnarf Reueh
    `* Re: ssh gets stuck before entering passwordKnarf Reueh
     `- Re: ssh gets stuck before entering passwordGrant Taylor

1
Subject: ssh gets stuck before entering password
From: Knarf Reueh
Newsgroups: comp.security.ssh
Date: Sat, 19 Feb 2022 17:07 UTC
X-Received: by 2002:adf:f44e:0:b0:1a9:f21:2250 with SMTP id f14-20020adff44e000000b001a90f212250mr9974544wrp.263.1645290430389;
Sat, 19 Feb 2022 09:07:10 -0800 (PST)
X-Received: by 2002:a05:6830:55d:b0:5ac:ebf8:6d95 with SMTP id
l29-20020a056830055d00b005acebf86d95mr4218921otb.162.1645290429816; Sat, 19
Feb 2022 09:07:09 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!proxad.net!feeder1-2.proxad.net!209.85.128.88.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Sat, 19 Feb 2022 09:07:09 -0800 (PST)
Injection-Info: google-groups.googlegroups.com; posting-host=93.133.136.77; posting-account=fy0ppAoAAAC8p_RcYOJSTBKRrAo4hfF7
NNTP-Posting-Host: 93.133.136.77
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <5d2af319-b03a-4b28-8772-c4756cdaab61n@googlegroups.com>
Subject: ssh gets stuck before entering password
From: knarf.re...@gmail.com (Knarf Reueh)
Injection-Date: Sat, 19 Feb 2022 17:07:10 +0000
Content-Type: text/plain; charset="UTF-8"
View all headers
Hello,
I have setup an Ubuntu 20.04 virtual machine on my second host (host2). When I ssh into the vm from host2 everything works.
But when I ssh into the vm from my main host (Host1) it gets stuck before asking for the password.

ssh verbose (ssh -vvv name@server) gives the output,

debug2: ssh_connect_direct
debug1: Connecting to 192.168.150.139 [192.168.150.139] port 22.
debug1: Connection established.
.....
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
END OF OUTPUT! Her it stucks.

Each of the systems are in different network segments. VM has a bridged network to the network adapter of its host.

Any help will be great.


Subject: Re: ssh gets stuck before entering password
From: bob prohaska
Newsgroups: comp.security.ssh
Organization: A noiseless patient Spider
Date: Sat, 19 Feb 2022 19:34 UTC
References: 1
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: bp...@www.zefox.net (bob prohaska)
Newsgroups: comp.security.ssh
Subject: Re: ssh gets stuck before entering password
Date: Sat, 19 Feb 2022 19:34:32 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 23
Message-ID: <surgo8$c01$1@dont-email.me>
References: <5d2af319-b03a-4b28-8772-c4756cdaab61n@googlegroups.com>
Injection-Date: Sat, 19 Feb 2022 19:34:32 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="bc8cef96457b47394a38298ddaea416d";
logging-data="12289"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19qpTzORwtzgJIHYmM4mOCLYbVed9VaKx0="
User-Agent: tin/2.4.4-20191224 ("Millburn") (FreeBSD/12.3-STABLE (arm))
Cancel-Lock: sha1:SRpbOFGid/jDtm28/f/7zBMlvBY=
View all headers
Knarf Reueh <knarf.reueh@gmail.com> wrote:
Hello,
I have setup an Ubuntu 20.04 virtual machine on my second host (host2). When I ssh into the vm from host2 everything works.
But when I ssh into the vm from my main host (Host1) it gets stuck before asking for the password.

ssh verbose (ssh -vvv name@server) gives the output,

debug2: ssh_connect_direct
debug1: Connecting to 192.168.150.139 [192.168.150.139] port 22.
debug1: Connection established.
....
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
END OF OUTPUT! Her it stucks.

Each of the systems are in different network segments. VM has a bridged network to the network adapter of its host.


How does ping behave?

hth,

bob prohaska



Subject: Re: ssh gets stuck before entering password
From: Knarf Reueh
Newsgroups: comp.security.ssh
Date: Sat, 19 Feb 2022 19:51 UTC
References: 1 2
X-Received: by 2002:a5d:47cb:0:b0:1e8:593d:d34b with SMTP id o11-20020a5d47cb000000b001e8593dd34bmr9820916wrc.124.1645300263072;
Sat, 19 Feb 2022 11:51:03 -0800 (PST)
X-Received: by 2002:a9d:18f:0:b0:5ad:9728:ecc3 with SMTP id
e15-20020a9d018f000000b005ad9728ecc3mr1111392ote.309.1645300262393; Sat, 19
Feb 2022 11:51:02 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!proxad.net!feeder1-2.proxad.net!209.85.128.87.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Sat, 19 Feb 2022 11:51:02 -0800 (PST)
In-Reply-To: <surgo8$c01$1@dont-email.me>
Injection-Info: google-groups.googlegroups.com; posting-host=93.133.136.77; posting-account=fy0ppAoAAAC8p_RcYOJSTBKRrAo4hfF7
NNTP-Posting-Host: 93.133.136.77
References: <5d2af319-b03a-4b28-8772-c4756cdaab61n@googlegroups.com> <surgo8$c01$1@dont-email.me>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <ff3b8263-3168-4b2c-8b69-ff87cae7fe34n@googlegroups.com>
Subject: Re: ssh gets stuck before entering password
From: knarf.re...@gmail.com (Knarf Reueh)
Injection-Date: Sat, 19 Feb 2022 19:51:03 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
View all headers
PING 192.168.150.139 (192.168.150.139) 56(84) Bytes Daten.
64 Bytes von 192.168.150.139: icmp_seq=1 ttl=63 Zeit=1.30 ms
Von 192.168.1.1 icmp_seq=2 Host umleiten(New nexthop: 18.1.168.192)
64 Bytes von 192.168.150.139: icmp_seq=2 ttl=63 Zeit=0.988 ms
Von 192.168.1.1 icmp_seq=3 Host umleiten(New nexthop: 18.1.168.192)
64 Bytes von 192.168.150.139: icmp_seq=3 ttl=63 Zeit=1.11 ms
Von 192.168.1.1 icmp_seq=4 Host umleiten(New nexthop: 18.1.168.192)
64 Bytes von 192.168.150.139: icmp_seq=4 ttl=63 Zeit=1.06 ms
^C
--- 192.168.150.139 ping statistics ---
4 Pakete ├╝bertragen, 4 empfangen, +3 Fehler, 0% Paketverlust, Zeit 3004ms
rtt min/avg/max/mdev = 0.988/1.114/1.296/0.113 ms

I'm not a network expert but where does this nexthop come from and is that the reason for that behaviour?
 



bob prohaska schrieb am Samstag, 19. Februar 2022 um 20:34:34 UTC+1:
Knarf Reueh <knarf...@gmail.com> wrote:
Hello,
I have setup an Ubuntu 20.04 virtual machine on my second host (host2). When I ssh into the vm from host2 everything works.
But when I ssh into the vm from my main host (Host1) it gets stuck before asking for the password.

ssh verbose (ssh -vvv name@server) gives the output,

debug2: ssh_connect_direct
debug1: Connecting to 192.168.150.139 [192.168.150.139] port 22.
debug1: Connection established.
....
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
END OF OUTPUT! Her it stucks.

Each of the systems are in different network segments. VM has a bridged network to the network adapter of its host.

How does ping behave?

hth,

bob prohaska


Subject: Re: ssh gets stuck before entering password
From: bob prohaska
Newsgroups: comp.security.ssh
Organization: A noiseless patient Spider
Date: Sat, 19 Feb 2022 21:08 UTC
References: 1 2 3
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: bp...@www.zefox.net (bob prohaska)
Newsgroups: comp.security.ssh
Subject: Re: ssh gets stuck before entering password
Date: Sat, 19 Feb 2022 21:08:51 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 60
Message-ID: <surm93$l95$1@dont-email.me>
References: <5d2af319-b03a-4b28-8772-c4756cdaab61n@googlegroups.com> <surgo8$c01$1@dont-email.me> <ff3b8263-3168-4b2c-8b69-ff87cae7fe34n@googlegroups.com>
Injection-Date: Sat, 19 Feb 2022 21:08:51 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="bc8cef96457b47394a38298ddaea416d";
logging-data="21797"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+tgP4W7jkmsLBFaTb780Kxe+U+lfLphmI="
User-Agent: tin/2.4.4-20191224 ("Millburn") (FreeBSD/12.3-STABLE (arm))
Cancel-Lock: sha1:1y7clhjioXZElK3Zmtc90PBG1LI=
View all headers
Knarf Reueh <knarf.reueh@gmail.com> wrote:
PING 192.168.150.139 (192.168.150.139) 56(84) Bytes Daten.
64 Bytes von 192.168.150.139: icmp_seq=1 ttl=63 Zeit=1.30 ms
Von 192.168.1.1 icmp_seq=2 Host umleiten(New nexthop: 18.1.168.192)
64 Bytes von 192.168.150.139: icmp_seq=2 ttl=63 Zeit=0.988 ms
Von 192.168.1.1 icmp_seq=3 Host umleiten(New nexthop: 18.1.168.192)
64 Bytes von 192.168.150.139: icmp_seq=3 ttl=63 Zeit=1.11 ms
Von 192.168.1.1 icmp_seq=4 Host umleiten(New nexthop: 18.1.168.192)
64 Bytes von 192.168.150.139: icmp_seq=4 ttl=63 Zeit=1.06 ms
^C
--- 192.168.150.139 ping statistics ---
4 Pakete ?bertragen, 4 empfangen, +3 Fehler, 0% Paketverlust, Zeit 3004ms
rtt min/avg/max/mdev = 0.988/1.114/1.296/0.113 ms

I'm not a network expert but where does this nexthop come from and is that the reason for that behaviour?

I'm no expert either and have no idea what nexthop is. Never seen it on
any of my machines, nothing in the man pages. Perhaps Ubuntu specific?

I suggested the test only because of a problem I've been having with
ssh on FreeBSD: The first symptom was an ssh login stalling after
asking for and receiving a password, with the login subsequently
timing out.

It eventually developed that my machines weren't responnding correctly
to ping, returning only 1% of packets. If that was the case for you it
would be interesting, but clearly you are seeing something different.

Sorry I can't be more help!

bob prohaska



 



bob prohaska schrieb am Samstag, 19. Februar 2022 um 20:34:34 UTC+1:
Knarf Reueh <knarf...@gmail.com> wrote:
Hello,
I have setup an Ubuntu 20.04 virtual machine on my second host (host2). When I ssh into the vm from host2 everything works.
But when I ssh into the vm from my main host (Host1) it gets stuck before asking for the password.

ssh verbose (ssh -vvv name@server) gives the output,

debug2: ssh_connect_direct
debug1: Connecting to 192.168.150.139 [192.168.150.139] port 22.
debug1: Connection established.
....
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
END OF OUTPUT! Her it stucks.

Each of the systems are in different network segments. VM has a bridged network to the network adapter of its host.

How does ping behave?

hth,

bob prohaska


Subject: Re: ssh gets stuck before entering password
From: William Unruh
Newsgroups: comp.security.ssh
Organization: A noiseless patient Spider
Date: Sat, 19 Feb 2022 21:36 UTC
References: 1 2 3 4
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: unr...@invalid.ca (William Unruh)
Newsgroups: comp.security.ssh
Subject: Re: ssh gets stuck before entering password
Date: Sat, 19 Feb 2022 21:36:07 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 62
Message-ID: <surns7$rlk$1@dont-email.me>
References: <5d2af319-b03a-4b28-8772-c4756cdaab61n@googlegroups.com>
<surgo8$c01$1@dont-email.me>
<ff3b8263-3168-4b2c-8b69-ff87cae7fe34n@googlegroups.com>
<surm93$l95$1@dont-email.me>
Injection-Date: Sat, 19 Feb 2022 21:36:07 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="64869a9f1942233388bd83830f2cad5c";
logging-data="28340"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18Pfkse2HCxV3x/lYpixHMN"
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:vvqX8t6ImO45QzI4AX8lJYoVtf0=
View all headers
On 2022-02-19, bob prohaska <bp@www.zefox.net> wrote:
Knarf Reueh <knarf.reueh@gmail.com> wrote:
PING 192.168.150.139 (192.168.150.139) 56(84) Bytes Daten.
64 Bytes von 192.168.150.139: icmp_seq=1 ttl=63 Zeit=1.30 ms
Von 192.168.1.1 icmp_seq=2 Host umleiten(New nexthop: 18.1.168.192)
64 Bytes von 192.168.150.139: icmp_seq=2 ttl=63 Zeit=0.988 ms
Von 192.168.1.1 icmp_seq=3 Host umleiten(New nexthop: 18.1.168.192)
64 Bytes von 192.168.150.139: icmp_seq=3 ttl=63 Zeit=1.11 ms
Von 192.168.1.1 icmp_seq=4 Host umleiten(New nexthop: 18.1.168.192)
64 Bytes von 192.168.150.139: icmp_seq=4 ttl=63 Zeit=1.06 ms
^C
--- 192.168.150.139 ping statistics ---
4 Pakete ?bertragen, 4 empfangen, +3 Fehler, 0% Paketverlust, Zeit 3004ms
rtt min/avg/max/mdev = 0.988/1.114/1.296/0.113 ms

I'm not a network expert but where does this nexthop come from and is that the reason for that behaviour?

I'm no expert either and have no idea what nexthop is. Never seen it on
any of my machines, nothing in the man pages. Perhaps Ubuntu specific?
umleiten=redirect. Maybe 18.1.168.192 is the host for the vm

I suggested the test only because of a problem I've been having with
ssh on FreeBSD: The first symptom was an ssh login stalling after
asking for and receiving a password, with the login subsequently
timing out.

It eventually developed that my machines weren't responnding correctly
to ping, returning only 1% of packets. If that was the case for you it
would be interesting, but clearly you are seeing something different.

Well it could be. The packet weems to be being sent to 18.1.168.192
rather than to 192.168.150.139. That may confuse the ssh on the vm in
that the address the packet is being sent to is not what it thinks its
own address as, and thus gets confused.

....
 



bob prohaska schrieb am Samstag, 19. Februar 2022 um 20:34:34 UTC+1:
Knarf Reueh <knarf...@gmail.com> wrote:
Hello,
I have setup an Ubuntu 20.04 virtual machine on my second host (host2). When I ssh into the vm from host2 everything works.
But when I ssh into the vm from my main host (Host1) it gets stuck before asking for the password.

ssh verbose (ssh -vvv name@server) gives the output,

debug2: ssh_connect_direct
debug1: Connecting to 192.168.150.139 [192.168.150.139] port 22.
debug1: Connection established.
....
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
END OF OUTPUT! Her it stucks.

Each of the systems are in different network segments. VM has a bridged network to the network adapter of its host.

How does ping behave?

hth,

bob prohaska


Subject: Re: ssh gets stuck before entering password
From: Grant Taylor
Newsgroups: comp.security.ssh
Organization: TNet Consulting
Date: Sun, 20 Feb 2022 00:16 UTC
References: 1
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.security.ssh
Subject: Re: ssh gets stuck before entering password
Date: Sat, 19 Feb 2022 17:16:17 -0700
Organization: TNet Consulting
Message-ID: <sus181$hn7$3@tncsrv09.home.tnetconsulting.net>
References: <5d2af319-b03a-4b28-8772-c4756cdaab61n@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 20 Feb 2022 00:16:01 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="18151"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <5d2af319-b03a-4b28-8772-c4756cdaab61n@googlegroups.com>
Content-Language: en-US
View all headers
On 2/19/22 10:07 AM, Knarf Reueh wrote:
Any help will be great.

Compare what sniffers (e.g. tcpdump) see on each end of the connection.

I've seen some strange MTU issues cause this type of problem.

I suspect that one side is sending a packet that the other side is not receiving, thereby stalling the normal flow of the exchange.

If it is an MTU issue, you can artificially lower it for the connection on one end to see if SSH connections will establish or not.

Aside:  I've also seen DNS issues induce a ~35 second delay.



--
Grant. . . .
unix || die


Subject: Re: ssh gets stuck before entering password
From: Knarf Reueh
Newsgroups: comp.security.ssh
Date: Sun, 20 Feb 2022 16:30 UTC
References: 1 2
X-Received: by 2002:adf:e288:0:b0:1e3:36c0:91cc with SMTP id v8-20020adfe288000000b001e336c091ccmr12780734wri.41.1645374631650;
Sun, 20 Feb 2022 08:30:31 -0800 (PST)
X-Received: by 2002:a9d:7a45:0:b0:59d:5b0f:3cce with SMTP id
z5-20020a9d7a45000000b0059d5b0f3ccemr5444589otm.161.1645374631075; Sun, 20
Feb 2022 08:30:31 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Sun, 20 Feb 2022 08:30:30 -0800 (PST)
In-Reply-To: <sus181$hn7$3@tncsrv09.home.tnetconsulting.net>
Injection-Info: google-groups.googlegroups.com; posting-host=78.48.176.86; posting-account=fy0ppAoAAAC8p_RcYOJSTBKRrAo4hfF7
NNTP-Posting-Host: 78.48.176.86
References: <5d2af319-b03a-4b28-8772-c4756cdaab61n@googlegroups.com> <sus181$hn7$3@tncsrv09.home.tnetconsulting.net>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <7a29f7f6-1e75-4e8e-b00a-908240e3b251n@googlegroups.com>
Subject: Re: ssh gets stuck before entering password
From: knarf.re...@gmail.com (Knarf Reueh)
Injection-Date: Sun, 20 Feb 2022 16:30:31 +0000
Content-Type: text/plain; charset="UTF-8"
Lines: 56
View all headers
Hello Grant Taylor,
thanks for your reply. As I told, my knowledge about networking is basic, not advanced. I had tcpdump used before so far but was always unable to interpret the output. So ... Good Luck (see above).
I could not find any special but I found a bug in Ubuntu that looks a bit like that behavior. As described there, the ip address of the hop is printed in reverse order. To explain, here is the route as printed from ping called on Host1:
ping -R 192.168.150.139
PING 192.168.150.139 (192.168.150.139) 56(124) Bytes Daten.
64 Bytes von 192.168.150.139: icmp_seq=1 ttl=63 Zeit=1.37 ms
RR: 192.168.1.20 (Host 1)
192.168.1.1 (router and dhcp server)
192.168.150.1 ?? guess a virtual router on host2 that hosts the vm
192.168.150.139 (vm)
192.168.150.139
192.168.1.18 (host2)
192.168.1.20 (host1)

So the route backwards from ..139 to ..1.20 takes another route. The nexthop printed out by ping ist 18.1.168.192 (so in reverse order). Magic.
See the bug described here:
https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/1892108

And here are tcpdumps:

TCP Dump on the vm while ssh from Zuse2016
-------------------------------------------------------------------
franz@TrainUB20:~$ sudo tcpdump host 192.168.1.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp1s0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:41:57.359875 IP Zuse2016.localdomain.43514 > TrainUB20.network.ssh: Flags [S], seq 2909393996, win 64240, options [mss 1460,sackOK,TS val 3232087362 ecr 0,nop,wscale 7], length 0
13:41:57.359974 IP TrainUB20.network.ssh > Zuse2016.localdomain.43514: Flags [S.], seq 2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859469818 ecr 3232087362,nop,wscale 7], length 0
13:41:58.383658 IP TrainUB20.network.ssh > Zuse2016.localdomain.43514: Flags [S.], seq 2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859470842 ecr 3232087362,nop,wscale 7], length 0
13:42:00.399674 IP TrainUB20.network.ssh > Zuse2016.localdomain.43514: Flags [S.], seq 2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859472858 ecr 3232087362,nop,wscale 7], length 0
13:42:04.431668 IP TrainUB20.network.ssh > Zuse2016.localdomain.43514: Flags [S.], seq 2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859476890 ecr 3232087362,nop,wscale 7], length 0
13:42:12.623670 IP TrainUB20.network.ssh > Zuse2016.localdomain.43514: Flags [S.], seq 2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859485082 ecr 3232087362,nop,wscale 7], length 0

TCP Dump from Zuse2016
------------------------------------------------------------------
@Zuse2016:~$ sudo tcpdump host 192.168.150.139 -i enp0s31f6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s31f6, link-type EN10MB (Ethernet), capture size 262144 bytes
13:41:57.358577 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [S], seq 2909393996, win 64240, options [mss 1460,sackOK,TS val 3232087362 ecr 0,nop,wscale 7], length 0
13:41:57.359719 IP 192.168.150.139.ssh > Zuse2016.localdomain.43514: Flags [S.], seq 2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859469818 ecr 3232087362,nop,wscale 7], length 0
13:41:57.359736 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [.], ack 1, win 502, options [nop,nop,TS val 3232087363 ecr 2859469818], length 0
13:41:57.359954 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232087363 ecr 2859469818], length 41
13:41:57.564064 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232087567 ecr 2859469818], length 41
13:41:57.772060 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232087775 ecr 2859469818], length 41
13:41:58.184075 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232088187 ecr 2859469818], length 41
13:41:58.383423 IP 192.168.150.139.ssh > Zuse2016.localdomain.43514: Flags [S.], seq 2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859470842 ecr 3232087362,nop,wscale 7], length 0
13:41:58.383451 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [.], ack 1, win 502, options [nop,nop,TS val 3232088387 ecr 2859469818], length 0
13:41:59.016148 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232089019 ecr 2859469818], length 41
13:42:00.399470 IP 192.168.150.139.ssh > Zuse2016.localdomain.43514: Flags [S.], seq 2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859472858 ecr 3232087362,nop,wscale 7], length 0
13:42:00.399509 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [.], ack 1, win 502, options [nop,nop,TS val 3232090403 ecr 2859469818], length 0
13:42:00.680063 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232090683 ecr 2859469818], length 41
13:42:04.200110 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232094203 ecr 2859469818], length 41
13:42:04.431533 IP 192.168.150.139.ssh > Zuse2016.localdomain.43514: Flags [S.], seq 2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859476890 ecr 3232087362,nop,wscale 7], length 0
13:42:04.431566 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [.], ack 1, win 502, options [nop,nop,TS val 3232094435 ecr 2859469818], length 0
13:42:10.856057 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232100859 ecr 2859469818], length 41

So, any idea?
And: How to change the MTU for the communication?


Subject: Re: ssh gets stuck before entering password
From: Grant Taylor
Newsgroups: comp.security.ssh
Organization: TNet Consulting
Date: Sun, 20 Feb 2022 17:57 UTC
References: 1 2 3
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.security.ssh
Subject: Re: ssh gets stuck before entering password
Date: Sun, 20 Feb 2022 10:57:53 -0700
Organization: TNet Consulting
Message-ID: <sutveg$hdo$1@tncsrv09.home.tnetconsulting.net>
References: <5d2af319-b03a-4b28-8772-c4756cdaab61n@googlegroups.com>
<sus181$hn7$3@tncsrv09.home.tnetconsulting.net>
<7a29f7f6-1e75-4e8e-b00a-908240e3b251n@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 20 Feb 2022 17:57:36 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="17848"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <7a29f7f6-1e75-4e8e-b00a-908240e3b251n@googlegroups.com>
Content-Language: en-US
View all headers
On 2/20/22 9:30 AM, Knarf Reueh wrote:
Hello Grant Taylor,

Hi,

thanks for your reply. As I told, my knowledge about networking is basic, not advanced. I had tcpdump used before so far but was always unable to interpret the output. So ... Good Luck (see above).

You're welcome.

No time like the present to learn something new.

I could not find any special but I found a bug in Ubuntu that looks a bit like that behavior. As described there, the ip address of the hop is printed in reverse order. To explain, here is the route as printed from ping called on Host1:

ping -R 192.168.150.139
PING 192.168.150.139 (192.168.150.139) 56(124) Bytes Daten.
64 Bytes von 192.168.150.139: icmp_seq=1 ttl=63 Zeit=1.37 ms
RR: 192.168.1.20 (Host 1)
192.168.1.1 (router and dhcp server)
192.168.150.1 ?? guess a virtual router on host2 that hosts the vm
192.168.150.139 (vm)
192.168.150.139
192.168.1.18 (host2)
192.168.1.20 (host1)

So the route backwards from ..139 to ..1.20 takes another route. The nexthop printed out by ping ist 18.1.168.192 (so in reverse order). Magic.

I'm surprised that there are different routes for such a short path.

I wonder if this is simply the reporting of the opposite interfaces. I'm used to replies from the interface facing the source of the traffic.

[R1 a]---[b R2 c]---[d R3]

E.g. R1 will see replies from the b interface on R2 when tracing to R3. Similarly, R3 will see replies from the c interface on R2 when tracing to R1.

See the bug described here:
https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/1892108

That bug seems to be the way that a particular utility is printing the output of a specific string.  This seems to be unrelated to the problem you describe above.

Aside:  Any time you get an ICMP Redirect, that is an indicating that you have a sub-optimal routing configuration or a stale routing configuration or an active attack.

And here are tcpdumps:

tcpdump output removed for brevity.

Aside:  Please re-run the tcpdump commands with the "-nn" option to disable the IP to name resolution.  That will make sure that we know the source & destination of the packets.  --  This is important because there are scenarios where this resolution may be misleading.  --  Ask if you want clarification.

My immediate concern from the two tcpdump outputs is that the first seems to be showing unidirectional traffic.  While the second seems to be showing bidirectional traffic.  This is unexpected to me.

Aside:  I'd be tempted to also add another "host" parameter to the tcpdump command line:

    tcpdump -nn host 192.168.1.20 and host 192.168.150.139

Further aside:  I'm notorious for adding the "-i ..." interface to the command line, but I'm omitting it so that it's possible to use the exact same command on both systems.

So, any idea?

No, not yet.

Please collect new tcpdump data.  If at all possible, start the tcpdump sessions /before/ starting the ssh client.  This should enable capturing the TCP three way handshake.

I don't know how many lines of output it would be, but a tcpdump of the entire ssh session might be helpful.  As in from the TCP connection establishment through connection termination.

And: How to change the MTU for the communication?
I usually will rely on iptables TCPMSS target to modify MTU for specific connections.  --  I usually have to look it up because I do it infrequently.



--
Grant. . . .
unix || die


Subject: Re: ssh gets stuck before entering password
From: Knarf Reueh
Newsgroups: comp.security.ssh
Date: Mon, 21 Feb 2022 17:01 UTC
References: 1 2 3 4
X-Received: by 2002:a05:600c:35c4:b0:37c:debf:6f2d with SMTP id r4-20020a05600c35c400b0037cdebf6f2dmr21659696wmq.142.1645462892683;
Mon, 21 Feb 2022 09:01:32 -0800 (PST)
X-Received: by 2002:a9d:5512:0:b0:5ad:73b:412d with SMTP id
l18-20020a9d5512000000b005ad073b412dmr6906837oth.177.1645462892044; Mon, 21
Feb 2022 09:01:32 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Mon, 21 Feb 2022 09:01:31 -0800 (PST)
In-Reply-To: <sutveg$hdo$1@tncsrv09.home.tnetconsulting.net>
Injection-Info: google-groups.googlegroups.com; posting-host=2.244.34.255; posting-account=fy0ppAoAAAC8p_RcYOJSTBKRrAo4hfF7
NNTP-Posting-Host: 2.244.34.255
References: <5d2af319-b03a-4b28-8772-c4756cdaab61n@googlegroups.com>
<sus181$hn7$3@tncsrv09.home.tnetconsulting.net> <7a29f7f6-1e75-4e8e-b00a-908240e3b251n@googlegroups.com>
<sutveg$hdo$1@tncsrv09.home.tnetconsulting.net>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <d073cc8a-80df-420a-a898-851090bb721en@googlegroups.com>
Subject: Re: ssh gets stuck before entering password
From: knarf.re...@gmail.com (Knarf Reueh)
Injection-Date: Mon, 21 Feb 2022 17:01:32 +0000
Content-Type: text/plain; charset="UTF-8"
Lines: 3
View all headers
Dear Grant Tailor,

it's very kind that you are helping me. Now it's Monday till Friday and I just have time to do more analysis at evening or even only the next day. So my answers will not arrive in short time.
Maybe that I find time today, to do the tcpdumps, but I think it will be Wednesday evening ( Germany). Hope you will have an eye on it.


Subject: Re: ssh gets stuck before entering password
From: Knarf Reueh
Newsgroups: comp.security.ssh
Date: Fri, 25 Feb 2022 19:58 UTC
References: 1 2 3 4 5
X-Received: by 2002:ac8:73c6:0:b0:2d8:2b2f:a1d5 with SMTP id v6-20020ac873c6000000b002d82b2fa1d5mr8583711qtp.386.1645819111917;
Fri, 25 Feb 2022 11:58:31 -0800 (PST)
X-Received: by 2002:a05:6870:f2a4:b0:c6:690c:2d with SMTP id
u36-20020a056870f2a400b000c6690c002dmr2183089oap.201.1645819111663; Fri, 25
Feb 2022 11:58:31 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!1.us.feeder.erje.net!feeder.erje.net!border1.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Fri, 25 Feb 2022 11:58:31 -0800 (PST)
In-Reply-To: <d073cc8a-80df-420a-a898-851090bb721en@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=93.135.177.159; posting-account=fy0ppAoAAAC8p_RcYOJSTBKRrAo4hfF7
NNTP-Posting-Host: 93.135.177.159
References: <5d2af319-b03a-4b28-8772-c4756cdaab61n@googlegroups.com>
<sus181$hn7$3@tncsrv09.home.tnetconsulting.net> <7a29f7f6-1e75-4e8e-b00a-908240e3b251n@googlegroups.com>
<sutveg$hdo$1@tncsrv09.home.tnetconsulting.net> <d073cc8a-80df-420a-a898-851090bb721en@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <5652c04e-e3b2-4a85-93d7-a987e0ca8774n@googlegroups.com>
Subject: Re: ssh gets stuck before entering password
From: knarf.re...@gmail.com (Knarf Reueh)
Injection-Date: Fri, 25 Feb 2022 19:58:31 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 14
View all headers
Hello,

after talking to a friend who is a network specialist I came to the decision, that I first have to setup my network the right way. He told me, that I could not set up a bridged network the way I did and have to assign different IP addresses to the same link (or something like that).
Anyway: The observed behavior of ssh has nothing to do with ssh itself so my problem is more network related and posting these things here is out of topic.

So thanks everybody for your support.

Regards

Frank


Subject: Re: ssh gets stuck before entering password
From: Grant Taylor
Newsgroups: comp.security.ssh
Organization: TNet Consulting
Date: Fri, 25 Feb 2022 23:52 UTC
References: 1 2 3 4 5 6
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.security.ssh
Subject: Re: ssh gets stuck before entering password
Date: Fri, 25 Feb 2022 16:52:46 -0700
Organization: TNet Consulting
Message-ID: <svbq3s$38q$1@tncsrv09.home.tnetconsulting.net>
References: <5d2af319-b03a-4b28-8772-c4756cdaab61n@googlegroups.com>
<sus181$hn7$3@tncsrv09.home.tnetconsulting.net>
<7a29f7f6-1e75-4e8e-b00a-908240e3b251n@googlegroups.com>
<sutveg$hdo$1@tncsrv09.home.tnetconsulting.net>
<d073cc8a-80df-420a-a898-851090bb721en@googlegroups.com>
<5652c04e-e3b2-4a85-93d7-a987e0ca8774n@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 25 Feb 2022 23:52:28 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="3354"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <5652c04e-e3b2-4a85-93d7-a987e0ca8774n@googlegroups.com>
Content-Language: en-US
View all headers
On 2/25/22 12:58 PM, Knarf Reueh wrote:
Hello,

Hi,

after talking to a friend who is a network specialist I came to the decision, that I first have to setup my network the right way. He told me, that I could not set up a bridged network the way I did and have to assign different IP addresses to the same link (or something like that).

As someone who has bridged a lot of different network segments together using many different technologies, I strongly question the veracity of your friends statement.

Anyway: The observed behavior of ssh has nothing to do with ssh itself so my problem is more network related and posting these things here is out of topic.

If you want to discuss it further, feel free to email men.  Or reply here.  --  I feel like there's not a lot of traffic in this newsgroup. So having some won't be bad.  I'd just ask that you prefix your new thread with "OT" and that we keep it as a thread so that people can ignore it if they want to not see it.

So thanks everybody for your support.

You're welcome and good luck.



--
Grant. . . .
unix || die


1
rocksolid light 0.7.2
clearneti2ptor