[linux] ssh SSH2_MSG_KEX_ECDH_REPLY 에서 멈추는 문제

문제점 및 증상

예전에 유사한 문제가 있었는데, ssh로 GitLab의 저장소를 복제하려는데, 이유없이 복제가 제대로 동작하지 않았습니다.

nvidia@nvidia-OrinNX16G:~$ git clone ssh://git@my.hanwh.kr/prj/blackbox
Cloning into 'blackbox'...
Connection closed by 192.168.0.109 port 22
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

---

원인 분석

문제가 되는 현상을 ssh의 -v 옵션을 통하여 보다 자세하게 살펴보면 다음과 같습니다.

nvidia@nvidia-OrinNX16G:~$ ssh -v git@my.hanwh.kr
OpenSSH_8.2p1 Ubuntu-4ubuntu0.9, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to my.hanwh.kr [192.168.0.109] port 22.
debug1: Connection established.
debug1: identity file /home/nvidia/.ssh/id_rsa type 0
debug1: identity file /home/nvidia/.ssh/id_rsa-cert type -1
debug1: identity file /home/nvidia/.ssh/id_dsa type -1
debug1: identity file /home/nvidia/.ssh/id_dsa-cert type -1
debug1: identity file /home/nvidia/.ssh/id_ecdsa type -1
debug1: identity file /home/nvidia/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/nvidia/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/nvidia/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/nvidia/.ssh/id_ed25519 type -1
debug1: identity file /home/nvidia/.ssh/id_ed25519-cert type -1
debug1: identity file /home/nvidia/.ssh/id_ed25519_sk type -1
debug1: identity file /home/nvidia/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/nvidia/.ssh/id_xmss type -1
debug1: identity file /home/nvidia/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to my.hanwh.kr:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:  compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:  compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 192.168.0.109 port 22

"SSH2_MSG_KEX_ECDH_REPLY" 메시지가 나온 이후로 한참을 응답이 없다가 결국에는 연결이 종료되어 버립니다.

구글을 통하여 여러 문서들을 검색해 봤지만, MTU 조정 말고는 딱히 이거다 하는 해결책이 없었습니다.

---

해결 방법

그러나, 우연히 위 로그를 보다가 "/etc/ssh/ssh_config" 파일을 참고한다고 하여, 해당 파일의 열어서 다음 부분의 주석을 풀어주고 연결을 시도해 봤더니 이상없이 정상적으로 연결이 되었습니다.

nvidia@nvidia-OrinNX16G:~$ sudo vi /etc/ssh/ssh_config


#   Port 22
   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~

위 설정을 적용한 후, GitLab의 저장소 복제가 정상적으로 수행되었습니다.

nvidia@nvidia-OrinNX16G:~$ git clone ssh://git@my.hanwh.kr/prj/blackbox
Cloning into 'blackbox'...
remote: Enumerating objects: 76, done.
remote: Counting objects: 100% (76/76), done.
remote: Compressing objects: 100% (65/65), done.
remote: Total 76 (delta 16), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (76/76), 126.21 MiB7.10 MiB/s, done.
Resolving deltas: 100% (16/16), done.
n

---

참고자료

• "SSH로 서버 접속 시, 멈추고 접속이 끊기는 문제":https://hbesthee.tistory.com/1682
• "Openssh-client stuck on SSH2_MSG_KEX_ECDH_REPLY":https://forum.openwrt.org/t/openssh-client-stuck-on-ssh2-msg-kex-ecdh-reply/171597/5
• "SSH connection problem":https://groups.google.com/g/gitblit/c/EaGIne93OJg