Re: On automatic MAC selection in OpenSSH_6.7p1 + OpenSSL 1.0.1k

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue 2016-05-31 10:59:51 -0400, Dimitris Diochnos wrote:
> On another note, lowering the MTU size (which was another workaround for
> [1]) also allows me to pass successfully the key exchange phase in the
> direction where I normally have an issue (that is, country B --> country
> A). The maximum MTU size that would allow me to pass the key exchange
> negotiation was 1458 (that is, with a size of 1459 the key exchange got
> stuck).

This is the relevant hint for your connection.  It sounds like some
element along the network path from B to A is silently dropping packets
that are larger than 1458, and your network stack has not detected this
situation.

When you force the MAC algorithm to be the specific one, you are
probably making the ssh handshake negotiation packets each be small
enough to fit into the smaller MTU.

As such, i think this is a networking configuration issue, and not
something for ssh to try to fix.  Maybe the fix belongs in your TCP
stack, or in your network configuration?

Sounds frustrating!

          --dkg
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux