[Gllug] ssh problem doing my head in

Tom Schutzer-Weissmann tom at schutzer-weissmann.net
Sat Feb 10 14:21:09 UTC 2007


On Thursday 01 February 2007 22:49, Tethys wrote:

> What does "ssh -v" say on the client? What does "sshd -d" say
> on the server? How does a tcpdump of a valid session using putty
> compare to one that fails using ssh from a Linux box?

In wireshark I can see that after authentication there's nothing but TCP 
Retransmissions and Dup ACKs. I don't know enough to diagnose much more.

As far as I can understand, the client is trying to respond to the server's 
last packet, but the response doesn't get through. The server just keeps 
asking for the response. Why the response doesn't get there...

I've tried removing all the firewall rules except the nat masquerade one, but 
it makes no difference.

What should I look at next?
Thanks for your help,
TomSW

---------------

No.     Time        Source                Destination           Protocol Info
      1 0.000000    192.168.1.2           XX.XX.XX.XX       TCP      44894 > 
ssh [SYN] Seq=0 Len=0 MSS=1460 TSV=87038247 TSER=0 WS=5
      2 0.356858    XX.XX.XX.XX       192.168.1.2           TCP      ssh > 
44894 [SYN, ACK] Seq=0 Ack=1 Win=57344 Len=0 MSS=1360 WS=0 TSV=699447785 
TSER=87038247
      3 0.356901    192.168.1.2           XX.XX.XX.XX       TCP      44894 > 
ssh [ACK] Seq=1 Ack=1 Win=5856 Len=0 TSV=87038604 TSER=699447785
      4 1.226342    XX.XX.XX.XX       192.168.1.2           SSHv2    Server 
Protocol: SSH-2.0-OpenSSH_4.2
      5 1.226434    192.168.1.2           XX.XX.XX.XX       TCP      44894 > 
ssh [ACK] Seq=1 Ack=21 Win=5856 Len=0 TSV=87039473 TSER=699447874
      6 1.226680    192.168.1.2           XX.XX.XX.XX       SSHv2    Client 
Protocol: SSH-2.0-OpenSSH_4.3p2 Debian-5ubuntu1
      7 1.556224    XX.XX.XX.XX       192.168.1.2           SSHv2    Server: 
Key Exchange Init
      8 1.556277    192.168.1.2           XX.XX.XX.XX       SSHv2    Client: 
Key Exchange Init
      9 2.108055    XX.XX.XX.XX       192.168.1.2           TCP      ssh > 
44894 [ACK] Seq=733 Ack=751 Win=57964 Len=0 TSV=699447961 TSER=87039803
     10 2.108095    192.168.1.2           XX.XX.XX.XX       SSHv2    Client: 
Diffie-Hellman GEX Request
     11 2.369152    XX.XX.XX.XX       192.168.1.2           SSHv2    Server: 
Diffie-Hellman Key Exchange Reply
     12 2.378065    192.168.1.2           XX.XX.XX.XX       SSHv2    Client: 
Diffie-Hellman GEX Init
     13 2.551637    XX.XX.XX.XX       192.168.1.2           SSHv2    Server: 
Diffie-Hellman GEX Reply
     14 2.591521    192.168.1.2           XX.XX.XX.XX       TCP      44894 > 
ssh [ACK] Seq=919 Ack=1349 Win=10112 Len=0 TSV=87040839 TSER=699448006
     15 2.634557    192.168.1.2           XX.XX.XX.XX       SSHv2    Client: 
New Keys
     16 3.008151    XX.XX.XX.XX       192.168.1.2           TCP      ssh > 
44894 [ACK] Seq=1349 Ack=935 Win=57964 Len=0 TSV=699448051 TSER=87040882
     17 3.008190    192.168.1.2           XX.XX.XX.XX       SSHv2    Encrypted 
request packet len=48
     18 3.376348    XX.XX.XX.XX       192.168.1.2           SSHv2    Encrypted 
response packet len=48
     19 3.376459    192.168.1.2           XX.XX.XX.XX       TCP      44894 > 
ssh [ACK] Seq=983 Ack=1397 Win=10112 Len=0 TSV=87041624 TSER=699448088
     20 3.417030    192.168.1.2           XX.XX.XX.XX       SSHv2    Encrypted 
request packet len=64
     21 3.912674    XX.XX.XX.XX       192.168.1.2           SSHv2    Encrypted 
response packet len=80
     22 3.912795    192.168.1.2           XX.XX.XX.XX       TCP      44894 > 
ssh [ACK] Seq=1047 Ack=1477 Win=10112 Len=0 TSV=87042160 TSER=699448142
     23 3.913031    192.168.1.2           XX.XX.XX.XX       SSHv2    Encrypted 
request packet len=96
     24 4.291207    XX.XX.XX.XX       192.168.1.2           SSHv2    Encrypted 
response packet len=80
     25 4.331250    192.168.1.2           XX.XX.XX.XX       TCP      44894 > 
ssh [ACK] Seq=1143 Ack=1557 Win=10112 Len=0 TSV=87042579 TSER=699448175
     26 8.397065    192.168.1.2           XX.XX.XX.XX       SSHv2    Encrypted 
request packet len=144
     27 8.730497    XX.XX.XX.XX       192.168.1.2           SSHv2    Encrypted 
response packet len=32
     28 8.730576    192.168.1.2           XX.XX.XX.XX       TCP      44894 > 
ssh [ACK] Seq=1287 Ack=1589 Win=10112 Len=0 TSV=87046978 TSER=699448624
     29 8.731061    192.168.1.2           XX.XX.XX.XX       SSHv2    Encrypted 
request packet len=64
     30 8.996848    XX.XX.XX.XX       192.168.1.2           SSHv2    Encrypted 
response packet len=48
     31 8.997324    192.168.1.2           XX.XX.XX.XX       SSHv2    Encrypted 
request packet len=448
     32 9.743428    192.168.1.2           XX.XX.XX.XX       SSHv2    [TCP 
Retransmission] Encrypted request packet len=448
     33 10.207503   XX.XX.XX.XX       192.168.1.2           SSHv2    [TCP 
Retransmission] Encrypted response packet len=48
     34 10.207542   192.168.1.2           XX.XX.XX.XX       TCP      [TCP Dup 
ACK 32#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87048456 
TSER=699448771
     35 11.237198   192.168.1.2           XX.XX.XX.XX       SSHv2    [TCP 
Retransmission] Encrypted request packet len=448
     36 12.397019   XX.XX.XX.XX       192.168.1.2           SSHv2    [TCP 
Retransmission] Encrypted response packet len=48
     37 12.397054   192.168.1.2           XX.XX.XX.XX       TCP      [TCP Dup 
ACK 35#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87050646 
TSER=699448991
     38 14.224744   192.168.1.2           XX.XX.XX.XX       SSHv2    [TCP 
Retransmission] Encrypted request packet len=448
     39 16.591690   XX.XX.XX.XX       192.168.1.2           SSHv2    [TCP 
Retransmission] Encrypted response packet len=48
     40 16.591733   192.168.1.2           XX.XX.XX.XX       TCP      [TCP Dup 
ACK 38#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87054841 
TSER=699449411
     41 20.199837   192.168.1.2           XX.XX.XX.XX       SSHv2    [TCP 
Retransmission] Encrypted request packet len=448
     42 24.789993   XX.XX.XX.XX       192.168.1.2           SSHv2    [TCP 
Retransmission] Encrypted response packet len=48
     43 24.790047   192.168.1.2           XX.XX.XX.XX       TCP      [TCP Dup 
ACK 41#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87063040 
TSER=699450231
     44 32.150011   192.168.1.2           XX.XX.XX.XX       SSHv2    [TCP 
Retransmission] Encrypted request packet len=448
     45 40.995800   XX.XX.XX.XX       192.168.1.2           SSHv2    [TCP 
Retransmission] Encrypted response packet len=48
     46 40.995847   192.168.1.2           XX.XX.XX.XX       TCP      [TCP Dup 
ACK 44#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87079249 
TSER=699451851
     47 56.050372   192.168.1.2           XX.XX.XX.XX       SSHv2    [TCP 
Retransmission] Encrypted request packet len=448
     48 73.209089   XX.XX.XX.XX       192.168.1.2           SSHv2    [TCP 
Retransmission] Encrypted response packet len=48
     49 73.209136   192.168.1.2           XX.XX.XX.XX       TCP      [TCP Dup 
ACK 47#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87111467 
TSER=699455071
     50 103.851075  192.168.1.2           XX.XX.XX.XX       SSHv2    [TCP 
Retransmission] Encrypted request packet len=448
     51 137.214277  XX.XX.XX.XX       192.168.1.2           SSHv2    [TCP 
Retransmission] Encrypted response packet len=48
     52 137.214316  192.168.1.2           XX.XX.XX.XX       TCP      [TCP Dup 
ACK 50#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87175482 
TSER=699461471
     53 199.452509  192.168.1.2           XX.XX.XX.XX       SSHv2    [TCP 
Retransmission] Encrypted request packet len=448
     54 201.234866  XX.XX.XX.XX       192.168.1.2           SSHv2    [TCP 
Retransmission] Encrypted response packet len=48
     55 201.234933  192.168.1.2           XX.XX.XX.XX       TCP      [TCP Dup 
ACK 53#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87239512 
TSER=699467871
     56 221.838838  192.168.1.2           XX.XX.XX.XX       TCP      44894 > 
ssh [FIN, ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87260119 TSER=699467871
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list