Ssh hangs when trying to connect to GitHub

nanodeath · October 16, 2021, 4:04am

Hi all,

I’ve been trying to get my git clone to work, and…something seems to have broken, as it just hangs indefinitely.

Here’s what I know:

I don’t think it’s DNS – github.com loads and pings just fine.
ssh -T git@github.com hangs indefinitely.
ssh -T -p 443 git@ssh.github.com also hangs indefinitely.
I’ve tried with -o IdentitiesOnly=yes
I haven’t tried ssh’ing into anywhere else.

Here’s what the verbose logging looks like:

➜  ~ ssh -o IdentitiesOnly=yes -Tvvv git@github.com 
OpenSSH_8.6p1, OpenSSL 1.1.1l  FIPS 24 Aug 2021
debug1: Reading configuration data /home/nanodeath/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host github.com originally github.com
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /home/nanodeath/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host github.com originally github.com
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/nanodeath/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/nanodeath/.ssh/known_hosts2'
debug2: resolving "github.com" port 22
debug3: ssh_connect_direct: entering
debug1: Connecting to github.com [192.30.255.112] port 22.
debug3: set_sock_tos: set socket 4 IP_TOS 0x48

This machine also has Windows installed, and if I reboot into Windows and fire up Git Bash, the above commands run fine. So it’s not my router.

firewalld is running:

➜  ~ sudo firewall-cmd --state                     
running
➜  ~ sudo systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2021-10-15 20:42:41 PDT; 18min ago
       Docs: man:firewalld(1)
   Main PID: 1465 (firewalld)
      Tasks: 2 (limit: 38029)
     Memory: 47.5M
        CPU: 749ms
     CGroup: /system.slice/firewalld.service
             └─1465 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid

Oct 15 20:42:41 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Oct 15 20:42:41 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.

SELinux is disabled:

➜  ~ sestatus                       
SELinux status:                 disabled

I’ve tried reinstalling ssh using sudo dnf reinstall openssh-clients.

Any help would be appreciated, I’m running out of ideas.

Thanks!

ilikelinux · October 16, 2021, 12:28pm

I propose you try with an new created user if you get same hang.
How about the new installation of ssh, did you remove and or backup your config files in ~/.ssh /etc/ssh ?

Are you using gnome as your de?

nanodeath · October 16, 2021, 3:29pm

Tried a new user account, same thing.
I’ve tried deleting ~/.ssh/*, which meant losing my keys but I only use them on GitHub and GitLab anyway so it’s easy to import the new keys.

I do have one interesting new data point. If I activate my VPN, literally everything works. Which, to me, suggests that my ISP (CenturyLink) is interfering somehow? But how could they interfere with commands like ssh -T -p 443 git@ssh.github.com, unless they’re like…doing deep packet sniffing and blocking ssh specifically? And also I can connect just fine without the VPN from Windows, but I’ll double-check that again.

tjdoyle · October 16, 2021, 3:37pm

Hi,

Please try with out the ‘-T’, not sure what it does. But when I try with my local servers, it causes a hang.

Thanks Tom.

nanodeath · October 16, 2021, 3:39pm

-T Disable pseudo-terminal allocation.

I think it’s necessary because we’re not trying to actually ssh into github.

# with VPN on, as mentioned before
➜  ~ ssh git@github.com 
PTY allocation request failed on channel 0
Hi nanodeath! You've successfully authenticated, but GitHub does not provide shell access.
Connection to ssh.github.com closed.
➜  ~ ssh -T git@github.com
Hi nanodeath! You've successfully authenticated, but GitHub does not provide shell access.

nanodeath · October 16, 2021, 3:51pm

Ugh…

So I rebooted my router and now I can ssh into things. Man wtf, it was as simple as turning something off and on again? SIGH.

(Netgear XR500)

Thanks folks who actually spent part of their day giving me tips