[Bug 818507] New: get "connection reset by peer" when connecting to certain networks.
https://bugzilla.novell.com/show_bug.cgi?id=818507 https://bugzilla.novell.com/show_bug.cgi?id=818507#c0 Summary: get "connection reset by peer" when connecting to certain networks. Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: x86-64 OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: zadeck@naturalbridge.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 The root cause of this bug appears to be that ssh can generate packets that are either malformed or appear to be malformed to certain routers. When the routers see these packets, they shut down the stream. This appears to be a difficult bug to reproduce in that if you do not have one the the offending routers in the path, you will never recreate the bug. This is almost certainly the same bug which is in later versions of ubuntu. See: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493 in my case, the bug occurs whenever i access the corporate network of my employer. The resolution suggested in this bug report, i.e limiting the list of ciphers, does work for me. My guess is that no one in suse/novell will ever fix this bug unless they or one of their paying customers hit it themselves. However, it is useful to have the bug report here since it contains a useful workaround. As far as i can tell, there is no known fix for the bug. The workaround is just a hack. At this point it seems to be infecting the cutting edge distros, when it gets into the for pay/trailing edge distros some one will pay to have someone fix it in their own corporate network. This bug does not happen in opensuse 11.4. Reproducible: Always Steps to Reproduce: 1. ssh to some machine that is one the other end of routers that do not like the bad packet. 2. the ssh will die quickly. 3. Actual Results: connection reset by peer Expected Results: you get to ssh in. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=818507 https://bugzilla.novell.com/show_bug.cgi?id=818507#c FeiXiang Zhang <fxzhang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |pcerny@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=818507 https://bugzilla.novell.com/show_bug.cgi?id=818507#c Petr Cerny <pcerny@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pcerny@suse.com AssignedTo|pcerny@suse.com |bnc-team-mozilla@forge.prov | |o.novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=818507 https://bugzilla.novell.com/show_bug.cgi?id=818507#c Petr Cerny <pcerny@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-mozilla@forge.prov |pcerny@suse.com |o.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=818507 https://bugzilla.novell.com/show_bug.cgi?id=818507#c1 Petr Cerny <pcerny@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |zadeck@naturalbridge.com --- Comment #1 from Petr Cerny <pcerny@suse.com> 2013-05-06 16:03:32 UTC --- As far as I understand the discussion on the devel mailing list, this is more of a router/firewall issue. Do you know/can you find out what router(s) are along the path or at least the MTU of that path? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=818507 https://bugzilla.novell.com/show_bug.cgi?id=818507#c2 --- Comment #2 from kenneth zadeck <zadeck@naturalbridge.com> 2013-05-06 16:36:26 UTC --- I do not think that anyone knows what the bug is. You need to bring two things together to answer what kind of question. you need someone with the skills to diagnose this bug and you need a network where the connections are failing. I work for a large company and have no access to the internals of my company's backbone network. Nor do i have the skills or the time to tear into this problem. I think that it is possible that this is a firewall/router problem, but there are discussions that seem to indicate that the effected machine is sending out a packet that is bad in a way that only a few routers bother to check. There are several threads that indicate that just the length of the list of ciphers can trigger the failure. if that is the case, it seems less plausible to blame the routers. There is a blog that seems to summarize what is known about this bug. http://www.held.org.il/blog/2011/05/the-myterious-case-of-broken-ssh-client-... However, even if it is an overly zealous (brand, version, setting of) router, you are stuck with the problem that ssh does not work in these environments and fixing those routers that are buried in some corporate/university infrastructure is generally not an option. As i said, i mostly submitted this bugzilla so that it would be easy for others to find the workaround. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com