<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>I've never been able to SSH from a Brocade XMR.<br><br>As an example. I have an SRX enabled for SSH on the port connected to a switch and then the Brocade. If I try to SSH from the Cisco switch, I can log right in. If I try to login via the Brocade, it refuses to work:<br><br><b>SSH@xxxxxx#ssh 10.21.0.180<br>User name:darreno<br>Password:<br>Connecting to remote host......<br><br>Connection Closed</b><br><br><br>Checking the SRX log, I see the following:<br><br><b>*** messages ***<br>Feb 12 17:43:59 cfxx-xxxxx.xxx sshd[2416]: error: buffer_get_ret: trying to get more bytes 4 than in buffer 0 [preauth]<br>Feb 12 17:43:59 cfxx-xxxxx.xxx sshd[2416]: fatal: buffer_get_int: buffer error [preauth]</b><br><br><br>When I SSH in from the switch (same subnet) I log right in with no such message.<br><br><br>Telnet does work though.<br><br>I'm currently running 5.4E and keen to get this fixed.<br><br><br>Thanks<br>Darren<br><a href="http://www.mellowd.co.uk/ccie" target="_blank">http://www.mellowd.co.uk/ccie</a><br><br><br><br><div>> Date: Tue, 11 Feb 2014 10:12:33 -0700<br>> From: esk-puck.nether.net@esk.cs.usu.edu<br>> To: foundry-nsp@puck.nether.net<br>> Subject: Re: [f-nsp] SSH or Telnet from mlx to mlx<br>> <br>> Apparently I sent this from the wrong address for the list server to<br>> accept it.<br>> <br>> Tias,<br>> <br>> Are you able to connect at all? Does it get to the point of asking for<br>> a password? Or is it just behaving differently than you expect after<br>> you log in?<br>> <br>> <br>> If you are unable to connect at all, is it possible the router is using<br>> a different source address than you expect? You can fix this with:<br>> ip ssh source-interface <interface><br>> or<br>> ip telnet source-interface <interface><br>> (I think the default is the address of the interface the traffic will be<br>> sent out of.)<br>> <br>> <br>> Are you using an ACL for ssh/telnet access? Look for:<br>> ssh access-group <acl><br>> or<br>> telnet access-group <acl><br>> <br>> <br>> Also check for statements like:<br>> ip ssh client <address><br>> Which have a similar functionality to the ACLs.<br>> <br>> <br>> Do ssh/telnet work from other locations?<br>> <br>> <br>> -- <br>> Eldon Koyle<br>> <br>> <br>> On Feb 11 16:44+0100, Mathias Wolkert wrote:<br>> > Anything special about this?<br>> > Does not seem to work as expected. But I may be wrong. <br>> > <br>> > /Tias<br>> > _______________________________________________<br>> > foundry-nsp mailing list<br>> > foundry-nsp@puck.nether.net<br>> > http://puck.nether.net/mailman/listinfo/foundry-nsp<br>> > <br>> <br>> -- <br>> Eldon Koyle<br>> -- <br>> BOFH excuse #42:<br>> spaghetti cable cause packet failure<br>> _______________________________________________<br>> foundry-nsp mailing list<br>> foundry-nsp@puck.nether.net<br>> http://puck.nether.net/mailman/listinfo/foundry-nsp<br></div> </div></body>
</html>