View Issue Details

IDProjectCategoryView StatusLast Update
0005095Kali LinuxGeneral Bugpublic2019-09-04 12:36
Reporterfastchar Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionopen 
Product Version2018.4 
Summary0005095: SSH over NAT fails with broken pipe message
Description

For all versions after OpenSSH_7.7p1, when using a NAT connection, any attempts to connect over SSH fail with an error message 'Broken pipe'

Relationships

has duplicate 0005212 closedrhertzog I'm unable to ssh while using gnome terminal 

Activities

SexWarrior

SexWarrior

2018-11-27 13:33

reporter   ~0010024

It's hard to tell with a description this brief, but this is almost certainly related to a known VMware bug[1]. If the reporter could confirm that this was observed in a VMware VM with NAT, that would be very helpful. That said, I was able to successfully reproduce the issue with those assumptions.

In short, as of OpenSSH 7.8 the default IPQoS values have changed to DSCP AF21 for interactive traffic and CS1 for bulk traffic[2][3]. vmnat does not support these, and breaks the connection immediately after ssh auth completes.

As far as I can tell, there are four possible solutions:

1) Wait for VMware to fix vmnat (no sign of this happening in sight, this bug has been present for months)
2) Patch OpenSSH to revert the changes in [3] while waiting for 1) to happen.
3) Alter /etc/ssh/ssh_config to override the default QoS settings. "IPQoS throughput" will do the trick, and the QoS implications are minor.
4) Downgrade OpenSSH (which sounds like a bad idea, but it technically resolves the issue. It's what Ubuntu are doing, so it must be good, right?)

[1] - https://communities.vmware.com/thread/590825
[2] - https://www.openssh.com/txt/release-7.8
[3] - https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/readconf.c.diff?r1=1.283&r2=1.284&f=h

fastchar

fastchar

2018-11-28 00:29

reporter   ~0010028

This was using vmWare Fusion 8.5.10 on a Mac with a Kali VM with a NAT connection. I can confirm that using "IPQoS=throughput" on the command line when using SSH works. Thanks

g0tmi1k

g0tmi1k

2019-09-04 12:36

administrator   ~0010989

Due to the age of the OS (Kali Moto [v1], Kali Safi [v2], Kali Rolling <= 2018.4), these legacy versions are no longer supported.
We will be closing this ticket due to inactivity.

Please could you see if you are able to replicate this issue with the latest version of Kali Linux - https://www.kali.org/downloads/)?

If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing, and also give information about your setup?
For more information, please read: https://kali.training/topic/filing-a-good-bug-report/

Issue History

Date Modified Username Field Change
2018-11-14 01:45 fastchar New Issue
2018-11-27 13:33 SexWarrior Note Added: 0010024
2018-11-28 00:29 fastchar Note Added: 0010028
2019-01-18 15:09 rhertzog Relationship added has duplicate 0005212
2019-09-04 12:36 g0tmi1k Note Added: 0010989
2019-09-04 12:36 g0tmi1k Status new => closed