ssh2: Client hangs / times out after Host accepted

Client connecting times out, even with readyTimeout set to 99999.

I can connect to the host from the same machine with both FileZilla and the built-in SSH clients. Hoping someone much smarter than I has some insight into what might be the hang-up. I’ve tried many different algorithm settings as well with no luck.

Here is the debug output:

Remote ident: 'SSH-2.0-SilverSHielD'
Outbound: Sending KEXINIT
Inbound: Handshake in progress
Handshake: (local) KEX method: diffie-hellman-group1-sha1
Handshake: (remote) KEX method: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256
Handshake: KEX algorithm: diffie-hellman-group1-sha1
Handshake: (local) Host key format: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
Handshake: (remote) Host key format: ssh-rsa
Handshake: Host key format: ssh-rsa
Handshake: (local) C->S cipher: aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
Handshake: (remote) C->S cipher: 3des-cbc,blowfish-cbc,twofish256-cbc,twofish192-cbc,twofish128-cbc,aes256-cbc,aes192-cbc,aes128-cbc,serpent256-cbc,serpent192-cbc,serpent128-cbc,arcfour,idea-cbc,cast128-cbc,des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-ctr,blowfish-ctr,twofish128-ctr,twofish192-ctr,twofish256-ctr,serpent128-ctr,serpent192-ctr,serpent256-ctr,idea-ctr,cast128-ctr,arcfour128,arcfour256
Handshake: C->S Cipher: aes128-ctr
Handshake: (local) S->C cipher: aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
Handshake: (remote) S->C cipher: 3des-cbc,blowfish-cbc,twofish256-cbc,twofish192-cbc,twofish128-cbc,aes256-cbc,aes192-cbc,aes128-cbc,serpent256-cbc,serpent192-cbc,serpent128-cbc,arcfour,idea-cbc,cast128-cbc,des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-ctr,blowfish-ctr,twofish128-ctr,twofish192-ctr,twofish256-ctr,serpent128-ctr,serpent192-ctr,serpent256-ctr,idea-ctr,cast128-ctr,arcfour128,arcfour256
Handshake: S->C cipher: aes128-ctr
Handshake: (local) C->S MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Handshake: (remote) C->S MAC: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd,hmac-ripemd160@openssh.com,hmac-sha256@ssh.com,hmac-sha256-96@ssh.com,umac-32@openssh.com,umac-64@openssh.com,umac-96@openssh.com,umac-128@openssh.com
Handshake: C->S MAC: hmac-sha1
Handshake: (local) S->C MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Handshake: (remote) S->C MAC: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd,hmac-ripemd160@openssh.com,hmac-sha256@ssh.com,hmac-sha256-96@ssh.com,umac-32@openssh.com,umac-64@openssh.com,umac-96@openssh.com,umac-128@openssh.com
Handshake: S->C MAC: hmac-sha1
Handshake: (local) C->S compression: none,zlib@openssh.com,zlib
Handshake: (remote) C->S compression: none,zlib,zlib@openssh.com
Handshake: C->S compression: none
Handshake: (local) S->C compression: none,zlib@openssh.com,zlib
Handshake: (remote) S->C compression: none,zlib,zlib@openssh.com
Handshake: S->C compression: none
Outbound: Sending KEXDH_INIT
Received DH Reply
Host accepted by default (no verification)
Host accepted (verified)

After the set timeout, I get this error:

events.js:352
      throw er; // Unhandled 'error' event
      ^

Error: Timed out while waiting for handshake
    at Timeout._onTimeout (/Users/steve/.../node_modules/ssh2/lib/client.js:993:23)
    at listOnTimeout (internal/timers.js:557:17)
    at processTimers (internal/timers.js:500:7)
Emitted 'error' event on Client instance at:
    at Timeout._onTimeout (/Users/steve/.../node_modules/ssh2/lib/client.js:995:16)
    at listOnTimeout (internal/timers.js:557:17)
    at processTimers (internal/timers.js:500:7) {
  level: 'client-timeout'
}

About this issue

Original URL
State: closed
Created 3 years ago
Comments: 29 (12 by maintainers)

Most upvoted comments

To test that theory, can someone/everyone who’s having this problem try applying the following patch to their ssh2 v1.2.0?:

diff --git a/lib/protocol/kex.js b/lib/protocol/kex.js
index 59fb852..507c88a 100644
--- a/lib/protocol/kex.js
+++ b/lib/protocol/kex.js
@@ -778,18 +778,7 @@ const createKeyExchange = (() => {
           this._protocol._packetRW.write.finalize(packet, true)
         );
       }
-      if (!this._sentNEWKEYS) {
-        this._protocol._debug && this._protocol._debug(
-          'Outbound: Sending NEWKEYS'
-        );
-        const p = this._protocol._packetRW.write.allocStartKEX;
-        const packet = this._protocol._packetRW.write.alloc(1, true);
-        packet[p] = MESSAGE.NEWKEYS;
-        this._protocol._cipher.encrypt(
-          this._protocol._packetRW.write.finalize(packet, true)
-        );
-        this._sentNEWKEYS = true;
-      }
+      trySendNEWKEYS(this);
 
       const completeHandshake = () => {
         if (!this.sessionID)
@@ -1180,6 +1169,8 @@ const createKeyExchange = (() => {
                 this._hostVerified = true;
                 if (this._receivedNEWKEYS)
                   this.finish();
+                else
+                  trySendNEWKEYS(this);
               });
             }
             if (ret === undefined) {
@@ -1203,6 +1194,7 @@ const createKeyExchange = (() => {
               'Host accepted (verified)'
             );
             this._hostVerified = true;
+            trySendNEWKEYS(this);
           }
           ++this._step;
           break;
@@ -1798,6 +1790,21 @@ function dhEstimate(neg) {
   return 8192;
 }
 
+function trySendNEWKEYS(kex) {
+  if (!kex._sentNEWKEYS) {
+    kex._protocol._debug && kex._protocol._debug(
+      'Outbound: Sending NEWKEYS'
+    );
+    const p = kex._protocol._packetRW.write.allocStartKEX;
+    const packet = kex._protocol._packetRW.write.alloc(1, true);
+    packet[p] = MESSAGE.NEWKEYS;
+    kex._protocol._cipher.encrypt(
+      kex._protocol._packetRW.write.finalize(packet, true)
+    );
+    kex._sentNEWKEYS = true;
+  }
+}
+
 module.exports = {
   KexInit,
   kexinit,

mscdex on Aug 9, 2021

v1.3.0 released.

mscdex on Aug 17, 2021