1 |
Helmut Jarausch <jarausch <at> igpm.rwth-aachen.de> writes: |
2 |
|
3 |
|
4 |
> probably since I've emerged openssh-6.0_p1 and/or git-sources-3.4_rc? I |
5 |
> have problems with ssh. |
6 |
|
7 |
Well, I have a new problem with ssh too. I'm curious if my |
8 |
problem is related to Helmut's; thus posting in his thread. |
9 |
|
10 |
|
11 |
When I set up a new Adtran router, I give the router a local |
12 |
ip and I can ssh into it without issue (over the ethernet). |
13 |
|
14 |
When I put the router across a frame relay network, it |
15 |
gives a protocol timeout error [1]. I have many older |
16 |
antran routers where the same version of openssh works without |
17 |
issue; and the (allocated) bandwidth is the same. I have |
18 |
an open ticket with adtran, as they are looking at |
19 |
the problem from their end and admit some issues with |
20 |
their latest firmware, particularly related to cisco |
21 |
compatibility. |
22 |
|
23 |
Here is how the openssh is setup on my laptop: |
24 |
net-misc/openssh-5.9_p1-r4 USE="X hpn ldap pam tcpd |
25 |
|
26 |
So I guess I can recompile this 5.9 version of openssh (-hpn) and |
27 |
and test it out (several days round trip travel time will |
28 |
elapse). The FR circuit is limited to 16Kbps |
29 |
on the segment where the problem exist. Segements with older |
30 |
adtran routers on 16 Kbps links are work just fine. |
31 |
Is there a way to relax the timing on the protocol |
32 |
negotiations, so as to make the new Adtran's more |
33 |
tolerant? I guess Adtran would have to do this, or |
34 |
can I pass some options via openssh or another version |
35 |
of ssh? |
36 |
|
37 |
So another questions is this. Is there another older ssh (version 2 |
38 |
support) laying around in portage (or elsewhere) I should try? |
39 |
Maybe another "ssh" is more relaxed on timeout issues? |
40 |
Remember, I'm an old unix_hack so I keep things like very |
41 |
old versions of telnet(and many others) around, to access |
42 |
old (like me) equipment..... |
43 |
|
44 |
I even used a command line option to specify the encryption, |
45 |
"3des-cbc" but I get the same error message. |
46 |
|
47 |
Ideas, comments and syntax suggestions are welcome. |
48 |
|
49 |
James |
50 |
|
51 |
[1] |
52 |
OpenSSH_5.9p1-hpn13v11lpk, OpenSSL 1.0.0i 19 Apr 2012 |
53 |
debug1: Reading configuration data /etc/ssh/ssh_config |
54 |
debug1: Connecting to 192.168.21.2 [192.168.21.2] port 22. |
55 |
debug1: Connection established. |
56 |
debug1: identity file /home/james/.ssh/id_rsa type -1 |
57 |
debug1: identity file /home/james/.ssh/id_rsa-cert type -1 |
58 |
debug1: identity file /home/james/.ssh/id_dsa type -1 |
59 |
debug1: identity file /home/james/.ssh/id_dsa-cert type -1 |
60 |
debug1: identity file /home/james/.ssh/id_ecdsa type -1 |
61 |
debug1: identity file /home/james/.ssh/id_ecdsa-cert type -1 |
62 |
debug1: Remote protocol version 2.0, remote software version RomSShell_4.31 |
63 |
debug1: no match: RomSShell_4.31 |
64 |
debug1: Enabling compatibility mode for protocol 2.0 |
65 |
debug1: Local version string SSH-2.0-OpenSSH_5.9p1-hpn13v11lpk |
66 |
debug1: SSH2_MSG_KEXINIT sent |
67 |
debug1: SSH2_MSG_KEXINIT received |
68 |
debug1: AUTH STATE IS 0 |
69 |
debug1: REQUESTED ENC.NAME is '3des-cbc' |
70 |
debug1: kex: server->client 3des-cbc hmac-sha1 none |
71 |
debug1: REQUESTED ENC.NAME is '3des-cbc' |
72 |
debug1: kex: client->server 3des-cbc hmac-sha1 none |
73 |
debug1: sending SSH2_MSG_KEXDH_INIT |
74 |
debug1: expecting SSH2_MSG_KEXDH_REPLY |
75 |
Received disconnect from 192.168.21.2: 2: Protocol Timeout |