SSH로 서버 접속시, 멈추고 접속이 성공되지 못하는 문제

문제점 및 증상

라즈베리파이에서 특정 서버에 SSH로 접속하려 하면, 정상적으로 접속이 진행되지 않았습니다.

# ssh -p22 -vvv git@ssh_error.net
OpenSSH_7.4p1 Raspbian-10+deb9u7, OpenSSL 1.0.2l  25 May 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ssh_error.net [xxx.xxx.xxx.xxx] port 18022.
debug1: Connection established.
debug1: identity file /home/pi/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH* compat 0x04000000
debug1: Authenticating to ssh_error.net:18022 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

해당 서버에 SSH 연결은 되었으나, 암호화 키를 주고 받는 과정에서 더이상 진행되지 않고 계속 멈추어 있습니다.

이것 저것 SSH 서버의 설정 등도 변경해 보았으나, 별 소용이 없었고, 특정 클라이언트에서만 위와 같은 문제가 발생하였습니다.

해결 방안

SSH 접속에 문제가 발생하는 클라이언트에서, 다음과 같이 MTU 값을 조정하였더니 SSH 접속 문제가 해결되었습니다.

# sudo ip li set mtu 1200 dev wlan0
# or
# sudo ifconfig wlan0 mtu 1200

위와 같이 MTU 값을 수정 적용해 놓으면, SSH 연결이 정상적으로 수행됩니다.

# ssh -p22 git@ssh_error.net
The authenticity of host '[ssh_error.net]:22 ([xxx.xxx.xxx.xxx]:22)' can't be established.
ECDSA key fingerprint is SHA256:ZIBP0LbUb8cK5l2+eqLYFSBhf6IMX7npxMwq/6uWsoc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[ssh_error.net]:22,[xxx.xxx.xxx.xxx]:22' (ECDSA) to the list of known hosts.
PTY allocation request failed on channel 0
Welcome to GitLab, @sensorserver!
Connection to ssh_error.net closed.

참고자료

"Cannot SSH: debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY":https://serverfault.com/questions/210408