[j-nsp] OpenSSH V5.1 with ScreenOS

Mark Kamichoff prox at prolixium.com
Tue Sep 2 13:22:42 EDT 2008


On Tue, Sep 02, 2008 at 04:51:51PM +0200, Marek Lukaszuk wrote:
> I tried different settings with OpenSSH, always the same results. It
> looks like a bug in ScreenOS.

I opened up a JTAC case on this, too, and posted it to the Debian
GNU/Linux bug report that was opened:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495917

It has to do with the session window size being increased in OpenSSH
5.1, supposedly (details in the URL).  ScreenOS apparently rejects this
option (or can't handle it, and disconnects the client as a security
measure).

The right fix (imo) would be for ScreenOS to handle this option, as I'm
guessing it's part of the SSHv2 protocol.  I have a feeling that the
OpenSSH team is going to have to add ScreenOS to their list of broken
SSH implementations so this window size option is disabled for servers
matching the "NetScreen" welcome banner.

- Mark

-- 
Mark Kamichoff
prox at prolixium.com
http://www.prolixium.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20080902/ec19002d/attachment.bin>


More information about the juniper-nsp mailing list