ssh stuck on SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent

Question

I can connect to vpn via networkmanager and openconnect plugin. But when I connect to company's server,I got logs below:

[root@XSign ssh]# ssh username@xxx -v
OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to xxx [x.x.x.x] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: Authenticating to xxx:22 as 'username'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent

Then it is stucked on last line.
I can connect to xxx server when I am in company.
I can connect this xxx server with my previous laptop via same network at home.
Difference between these 2 laptops are the softwares version.

Anybody knows y I got a stuck ?

Answer 1

MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160

undocument above line in /etc/ssh/ssh_config,solved the problem.

Answer 2

it appears that your target server does not support modern HMACs and only allows older (possibly insecure) HMACs. The default SSH client settings on your source machine is therefore preventing the connection.

You can override this on a case-by-case basis, eg:

ssh -m [email protected] targetserver
ssh -m hmac-sha1 targetserver
ssh -m hmac-md5 targetserver

.

Or, as suggested by @hacksign above, you can permanently allow the use of (possibly) insecure HMACs, by un-commenting the following line in /etc/ssh/ssh_config :

MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160