Skip to content

Instantly share code, notes, and snippets.

@gilangvperdana

gilangvperdana/README.md

Forked from thomasn/ssh-mtu-errors.md
Last active February 22, 2023 02:17
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gilangvperdana/b6d62769af9bbc8fb9c0a77f09abfa8c to your computer and use it in GitHub Desktop.
Save gilangvperdana/b6d62769af9bbc8fb9c0a77f09abfa8c to your computer and use it in GitHub Desktop.
Download ZIP
Fix ssh error : SSH2_MSG_KEX_ECDH_REPLY
Raw
README.md

General

I once had a problem with an instance running on Openstack, namely that it could not ssh to other nodes, but other nodes could ssh to the said node. It turns out that this is because the MTU is different at the instance or at the server host level, please check the MTU again on each interface related to openstack's neutron external.

From some machines (with latest openssh) ssh to muddy fails -

  • ssh -vvv -p $MUDDYPORT $MUDDYIP
  • hangs at expecting SSH2_MSG_KEX_ECDH_REPLY

Quick Check

ping node2 -c 8000

- If result RTO, this is cause MTU not set properly on Instance or Sever Nodes. 
- Please adjust `8000` to our enviroment MTU. 
- In my case i use 8950 MTU for Instance & 9000 for Server Host level.

Quick fix:

$ sudo ifconfig enp71s0 mtu 9000
$ ssh -p $MUDDYPORT $MUDDYIP
...
thomasn@muddy:~$ 

## Verify
$ ping -M do $MUDDYIP -s 8000
PING 81.155.215.123 (81.155.215.123) 8000(8028) bytes of data.
1208 bytes from 81.155.215.123: icmp_seq=1 ttl=50 time=46.1 ms
1208 bytes from 81.155.215.123: icmp_seq=2 ttl=50 time=46.5 ms

$ ping -M do $MUDDYIP -s 8000
...
From 10.10.10.31: icmp_seq=1 Frag needed and DF set (mtu = 1500)
From 10.10.10.31: icmp_seq=1 Frag needed and DF set (mtu = 1500)^C

--- 81.155.215.123 ping statistics ---
0 packets transmitted, 0 received, +92331 errors

Reference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment