Problem connecting with openssh-5.1-client to Juniper Eseries - openssh

This is a discussion on Problem connecting with openssh-5.1-client to Juniper Eseries - openssh ; After upgrading to 5.1, connections to our Juniper E-Series routers fail with: $ ssh -v eseries OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh_config debug1: Applying options for *-lns* debug1: Applying options for * debug1: Connecting to ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Problem connecting with openssh-5.1-client to Juniper Eseries

  1. Problem connecting with openssh-5.1-client to Juniper Eseries

    After upgrading to 5.1, connections to our Juniper E-Series routers
    fail with:

    $ ssh -v eseries
    OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007
    debug1: Reading configuration data /etc/ssh_config
    debug1: Applying options for *-lns*
    debug1: Applying options for *
    debug1: Connecting to eseries [1.2.3.4] port 22.
    debug1: fd 3 clearing O_NONBLOCK
    debug1: Connection established.
    debug1: identity file /home/user/.ssh/id_rsa type 1
    debug1: identity file /home/user/.ssh/id_rsa type 1
    debug1: Remote protocol version 2.0, remote software version 2.0.12
    debug1: match: 2.0.12 pat 2.0.11*,2.0.12*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.1
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client 3des-cbc hmac-md5 none
    debug1: kex: client->server 3des-cbc hmac-md5 none
    debug1: sending SSH2_MSG_KEXDH_INIT
    debug1: expecting SSH2_MSG_KEXDH_REPLY
    debug1: Host 'eseries' is known and matches the DSA host key.
    debug1: Found key in /home/user/.ssh/known_hosts:66
    debug1: ssh_dss_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentication succeeded (none).
    debug1: channel 0: new [client-session]
    debug1: Requesting no-more-sessions@openssh.com
    debug1: Entering interactive session.
    debug1: Received SSH2_MSG_UNIMPLEMENTED for 6
    Received disconnect from 62.104.2.13: 2:
    $

    This seems to be in response to the "no-more-sessions" request, if
    I disable the part of code that generates it, everything works fine
    as usual. By my understanding of the protocol, the server should
    respond with SSH_MSG_REQUEST_FAILURE and just go on instead of
    terminating the connection, can someone please confirm this?

    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFIvrNHQ9LxUob/ZA8RAjU5AJ9GIehpued4bPhnZbYKsWYDAMB6GACgwJ1r
    2X0tArm8HYsZ3kmfQnFVPEM=
    =2jVT
    -----END PGP SIGNATURE-----


  2. Re: Problem connecting with openssh-5.1-client to Juniper Eseries

    On Wed, 3 Sep 2008, Jens Rosenboom wrote:

    > After upgrading to 5.1, connections to our Juniper E-Series routers
    > fail with:
    >

    [snip]
    >
    > This seems to be in response to the "no-more-sessions" request, if
    > I disable the part of code that generates it, everything works fine
    > as usual. By my understanding of the protocol, the server should
    > respond with SSH_MSG_REQUEST_FAILURE and just go on instead of
    > terminating the connection, can someone please confirm this?


    Someone reported something similar for Netscreen:

    http://lists.mindrot.org/pipermail/o...st/026821.html

    It seems that someone at Junpier/Netscreen has been misreading the SSH
    protocol spec. Could you file a bug with them so we can figure out which
    versions of their products are affected? Once we know this, and their
    banner strings (yours is "SSH-2.0-2.0.12") then we can add a workaround.

    -d

    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


+ Reply to Thread