[Bug 1279999] Re: ssh login no longer works over vpn

Robie Basak 1279999 at bugs.launchpad.net
Fri Feb 14 18:05:38 UTC 2014 

Thank you for taking the time to report this bug and helping to make
Ubuntu better.

I think it's entirely reasonable to change the ssh client to default to
a more secure set of ciphers and MACs in newer releases, in order to
make ssh connections more secure generally, and without information to
the contrary it seems likely that this is what has happened in your
case. Before we can evaluate whether this issue is a bug or not, I think
it's necessary to understand what specifics ciphers and/or MACs we are
talking about here.

Please could you identify the minimal set of specifically what ciphers
and MACs you had to enable to ssh to your server? Once done, please
change the bug status back to New.

** Changed in: openssh (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1279999

Title:
  ssh login no longer works over vpn

Status in “openssh” package in Ubuntu:
  Incomplete

Bug description:
  jlquinn at wyvern:~$ lsb_release -rd
  Description:	Ubuntu 13.10
  Release:	13.10

  
  I log into work over an AT&T vpn.  When I upgraded my client to Ubuntu 13.10, I was unable to ssh into my work machines.  The ssh version upgrade was

  2014-02-06 12:45:05 upgrade openssh-client:amd64 1:6.1p1-4
  1:6.2p2-6ubuntu0.1

    The ssh server machines are running CentOS 6.4.  I alternatively
  get:

  Read from socket failed: Connection reset by peer

  or a hang.  Enabling debugging shows:

  debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
  debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
  debug1: match: OpenSSH_5.3 pat OpenSSH_5*
  debug1: SSH2_MSG_KEXINIT sent
  Read from socket failed: Connection reset by peer

  or

  debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
  debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
  debug1: match: OpenSSH_5.3 pat OpenSSH_5*
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug1: kex: server->client aes128-ctr hmac-md5 none
  debug1: kex: client->server aes128-ctr hmac-md5 none
  debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
  debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

  
  After wandering the net, I found a suggestion to uncomment Ciphers and MACs in /etc/ssh/ssh_config.  Making this change lets me log in again.

  The default settings in ssh_config break a working system.

  ProblemType: Bug
  DistroRelease: Ubuntu 13.10
  Package: ssh 1:6.2p2-6ubuntu0.1
  ProcVersionSignature: Ubuntu 3.11.0-15.25-generic 3.11.10
  Uname: Linux 3.11.0-15-generic x86_64
  ApportVersion: 2.12.5-0ubuntu2.2
  Architecture: amd64
  Date: Thu Feb 13 15:50:41 2014
  InstallationDate: Installed on 2010-04-30 (1385 days ago)
  InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
  MarkForUpload: True
  PackageArchitecture: all
  SourcePackage: openssh
  UpgradeStatus: Upgraded to saucy on 2014-02-06 (7 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1279999/+subscriptions

More information about the foundations-bugs mailing list