• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

SSH Login Stuck At : “debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP” CentOS/RHEL 7

By admin

The Problem

Trying to login via SSH, the session hangs. Adding “-vvv” option, shows that it hangs with below messages:

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

The Solution

MTU was set to 9000 :

# ip add| grep -i eth0
2: eth0:  mtu 9000 qdisc pfifo_fast state UP group default qlen 1000
inet x.x.x.x/24 brd x.x.x.x scope global noprefixroute eth0

Tcpdump captured for both nodes shows that a packet whose length is greater than 1500 was being retransmitted.

5 11:13:10.261757 x.x.x.x y.y.y.y TCP 66 44545 → 22 [ACK] Seq=3850969779 Ack=2311909736 Win=26880 Len=0 TSval=232224265 TSecr=231193894
6 11:13:10.264136 x.x.x.x y.y.y.y SSHv2 87 Client: Protocol (SSH-2.0-OpenSSH_7.4)
7 11:13:10.266977 x.x.x.x y.y.y.y TCP 66 22 → 44545 [ACK] Seq=2311909736 Ack=3850969800 Win=26880 Len=0 TSval=231193904 TSecr=232224268
8 11:13:10.813477 x.x.x.x y.y.y.y SSHv2 87 Server: Protocol (SSH-2.0-OpenSSH_7.4)
9 11:13:10.813678 x.x.x.x y.y.y.y TCP 66 44545 → 22 [ACK] Seq=3850969800 Ack=2311909757 Win=26880 Len=0 TSval=232224817 TSecr=231194452
10 11:13:10.814416 x.x.x.x y.y.y.y SSHv2 1562 Client: Key Exchange Init
11 11:13:10.924128 x.x.x.x y.y.y.y SSHv2 1346 Server: Key Exchange Init
12 11:13:10.963964 x.x.x.x y.y.y.y TCP 66 44545 → 22 [ACK] Seq=3850971296 Ack=2311911037 Win=29440 Len=0 TSval=232224968 TSecr=231194563
13 11:13:11.020996 x.x.x.x y.y.y.y SSHv2 114 Client: Diffie-Hellman Key Exchange Init
14 11:13:11.021435 x.x.x.x y.y.y.y TCP 78 [TCP Window Update] 22 → 44545 [ACK] Seq=2311911037 Ack=3850969800 Win=28032 Len=0 TSval=231194660 TSecr=232224817 SLE=3850971296 SRE=3850971344
15 11:13:11.022944 x.x.x.x y.y.y.y TCP 1562 [TCP Out-Of-Order] 44545 → 22 [PSH, ACK] Seq=3850969800 Ack=2311911037 Win=29440 Len=1496 TSval=232225027 TSecr=231194660
16 11:13:11.228988 x.x.x.x y.y.y.y TCP 1562 [TCP Retransmission] 44545 → 22 [PSH, ACK] Seq=3850969800 Ack=2311911037 Win=29440 Len=1496 TSval=232225233 TSecr=231194660
17 11:13:11.641942 x.x.x.x y.y.y.y TCP 1562 [TCP Retransmission] 44545 → 22 [PSH, ACK] Seq=3850969800 Ack=2311911037 Win=29440 Len=1496 TSval=232225646 TSecr=231194660
18 11:13:12.467981 x.x.x.x y.y.y.y TCP 1562 [TCP Retransmission] 44545 → 22 [PSH, ACK] Seq=3850969800 Ack=2311911037 Win=29440 Len=1496 TSval=232226472 TSecr=231194660
19 11:13:14.119969 x.x.x.x y.y.y.y TCP 1562 [TCP Retransmission] 44545 → 22 [PSH, ACK] Seq=3850969800 Ack=2311911037 Win=29440 Len=1496 TSval=232228124 TSecr=231194660
20 11:13:15.566176 x.x.x.x y.y.y.y TCP 78 22 → 44544 [FIN, ACK] Seq=4255038057 Ack=3492427307 Win=219 Len=0 TSval=231199205 TSecr=232109567 SLE=3492428803 SRE=3492428852
21 11:13:15.566249 x.x.x.x y.y.y.y TCP 54 44544 → 22 [RST] Seq=3492427307 Win=0 Len=0
22 11:13:17.419955 x.x.x.x y.y.y.y TCP 1562 [TCP Retransmission] 44545 → 22 [PSH, ACK] Seq=3850969800 Ack=2311911037 Win=29440 Len=1496 TSval=232231424 TSecr=231194660
23 11:13:24.027991 x.x.x.x y.y.y.y TCP 1562 [TCP Retransmission] 44545 → 22 [PSH, ACK] Seq=3850969800 Ack=2311911037 Win=29440 Len=1496 TSval=232238032 TSecr=231194660
24 11:13:37.259952 x.x.x.x y.y.y.y TCP 1562 [TCP Retransmission] 44545 → 22 [PSH, ACK] Seq=3850969800 Ack=2311911037 Win=29440 Len=1496 TSval=232251264 TSecr=231194660
25 11:14:03.691987 x.x.x.x y.y.y.y TCP 1562 [TCP Retransmission] 44545 → 22 [PSH, ACK] Seq=3850969800 Ack=2311911037 Win=29440 Len=1496 TSval=232277696 TSecr=231194660
26 11:14:10.067551 x.x.x.x y.y.y.y TCP 66 44545 → 22 [FIN, ACK] Seq=3850971344 Ack=2311911037 Win=29440 Len=0 TSval=232284071 TSecr=231194660
27 11:14:10.067984 x.x.x.x y.y.y.y TCP 78 [TCP Dup ACK 7#1] 22 → 44545 [ACK] Seq=2311911037 Ack=3850969800 Win=28032 Len=0 TSval=231253707 TSecr=232224817 SLE=3850971296 SRE=3850971345

In order to resolve the issue, set the MTU to 1500 in the network configuration files in /etc/sysconfig/network-scripts/ for the respective interfaces.

Note : If 9k is required for each NIC then all network devices need to be set to 9k and support it.

Filed Under: CentOS/RHEL 7, Linux, OEL 7

Some more articles you might also be interested in …

  1. lvdisplay error: “Failed to create directory /var/lock/lvm. File-based locking initilisation failed.”
  2. How to Disable Daylight Savings Time (DST), and Modify the Timezone on Linux
  3. CentOS / RHE 7 : How to Prevent Users from Using the Last 10 Passwords
  4. CentOS / RHEL 7 : How to Change Timezone
  5. ifconfig command not found – CentOS/RHEL 7
  6. How to use wget to download file via proxy
  7. CentOS / RHEL 7 : Beginners guide to systemd service units
  8. How to Check Btrfs FileSystem Usage and Perform Balancing
  9. Basic “chmod” Command examples in Linux
  10. How to use tar command under Linux

You May Also Like

Primary Sidebar

Recent Posts

  • MySQL: how to figure out which session holds which table level or global read locks
  • Recommended Configuration of the MySQL Performance Schema
  • MySQL: Identify what user and thread are holding on to a meta data lock that is preventing other queries from running
  • MySQL: How to kill a Long Running Query using max_execution_time
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary