| 1 |
Helmut Jarausch <jarausch <at> igpm.rwth-aachen.de> writes: |
| 2 |
|
| 3 |
|
| 4 |
> probably since I've emerged openssh-6.0_p1 and/or git-sources-3.4_rc? I |
| 5 |
> have problems with ssh. |
| 6 |
|
| 7 |
Well, I have a new problem with ssh too. I'm curious if my |
| 8 |
problem is related to Helmut's; thus posting in his thread. |
| 9 |
|
| 10 |
|
| 11 |
When I set up a new Adtran router, I give the router a local |
| 12 |
ip and I can ssh into it without issue (over the ethernet). |
| 13 |
|
| 14 |
When I put the router across a frame relay network, it |
| 15 |
gives a protocol timeout error [1]. I have many older |
| 16 |
antran routers where the same version of openssh works without |
| 17 |
issue; and the (allocated) bandwidth is the same. I have |
| 18 |
an open ticket with adtran, as they are looking at |
| 19 |
the problem from their end and admit some issues with |
| 20 |
their latest firmware, particularly related to cisco |
| 21 |
compatibility. |
| 22 |
|
| 23 |
Here is how the openssh is setup on my laptop: |
| 24 |
net-misc/openssh-5.9_p1-r4 USE="X hpn ldap pam tcpd |
| 25 |
|
| 26 |
So I guess I can recompile this 5.9 version of openssh (-hpn) and |
| 27 |
and test it out (several days round trip travel time will |
| 28 |
elapse). The FR circuit is limited to 16Kbps |
| 29 |
on the segment where the problem exist. Segements with older |
| 30 |
adtran routers on 16 Kbps links are work just fine. |
| 31 |
Is there a way to relax the timing on the protocol |
| 32 |
negotiations, so as to make the new Adtran's more |
| 33 |
tolerant? I guess Adtran would have to do this, or |
| 34 |
can I pass some options via openssh or another version |
| 35 |
of ssh? |
| 36 |
|
| 37 |
So another questions is this. Is there another older ssh (version 2 |
| 38 |
support) laying around in portage (or elsewhere) I should try? |
| 39 |
Maybe another "ssh" is more relaxed on timeout issues? |
| 40 |
Remember, I'm an old unix_hack so I keep things like very |
| 41 |
old versions of telnet(and many others) around, to access |
| 42 |
old (like me) equipment..... |
| 43 |
|
| 44 |
I even used a command line option to specify the encryption, |
| 45 |
"3des-cbc" but I get the same error message. |
| 46 |
|
| 47 |
Ideas, comments and syntax suggestions are welcome. |
| 48 |
|
| 49 |
James |
| 50 |
|
| 51 |
[1] |
| 52 |
OpenSSH_5.9p1-hpn13v11lpk, OpenSSL 1.0.0i 19 Apr 2012 |
| 53 |
debug1: Reading configuration data /etc/ssh/ssh_config |
| 54 |
debug1: Connecting to 192.168.21.2 [192.168.21.2] port 22. |
| 55 |
debug1: Connection established. |
| 56 |
debug1: identity file /home/james/.ssh/id_rsa type -1 |
| 57 |
debug1: identity file /home/james/.ssh/id_rsa-cert type -1 |
| 58 |
debug1: identity file /home/james/.ssh/id_dsa type -1 |
| 59 |
debug1: identity file /home/james/.ssh/id_dsa-cert type -1 |
| 60 |
debug1: identity file /home/james/.ssh/id_ecdsa type -1 |
| 61 |
debug1: identity file /home/james/.ssh/id_ecdsa-cert type -1 |
| 62 |
debug1: Remote protocol version 2.0, remote software version RomSShell_4.31 |
| 63 |
debug1: no match: RomSShell_4.31 |
| 64 |
debug1: Enabling compatibility mode for protocol 2.0 |
| 65 |
debug1: Local version string SSH-2.0-OpenSSH_5.9p1-hpn13v11lpk |
| 66 |
debug1: SSH2_MSG_KEXINIT sent |
| 67 |
debug1: SSH2_MSG_KEXINIT received |
| 68 |
debug1: AUTH STATE IS 0 |
| 69 |
debug1: REQUESTED ENC.NAME is '3des-cbc' |
| 70 |
debug1: kex: server->client 3des-cbc hmac-sha1 none |
| 71 |
debug1: REQUESTED ENC.NAME is '3des-cbc' |
| 72 |
debug1: kex: client->server 3des-cbc hmac-sha1 none |
| 73 |
debug1: sending SSH2_MSG_KEXDH_INIT |
| 74 |
debug1: expecting SSH2_MSG_KEXDH_REPLY |
| 75 |
Received disconnect from 192.168.21.2: 2: Protocol Timeout |
Archives