[j-nsp] OpenSSH V5.1 with ScreenOS
Rich Schultz
rich at tellme.com
Tue Sep 2 14:00:27 EDT 2008
> Looks like something changed during a recent upgrade to OpenSSH V5.1.
> When connecting to ScreenOS firewalls, the firewalls closes the
> connection as soon as authentication has passed.
I ran into something similar when using ServerAliveInterval in OpenSSH.
(This is a very useful feature of SSHv2 when your ssh session traverses a
firewall with short session timeouts.) ScreenOS drops the connection as soon
as one of the keepalive packets shows up. In this case, the connection
works for a while because keepalive packets get sent only on an otherwise
idle connection.
There is also an OpenSSH bug (OpenSSH_4.3p2 Debian-9etch2) where, if you set
ServerAliveInterval for any host in the ssh config file, it gets set for all
of them, including the default, so you may have it set without realizing it.
I don't know if the bug is fixed in later versions.
Rich Schultz
Tellme Networks
More information about the juniper-nsp
mailing list