Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  OS X 10.5.5 update cannot SSH to firewall for administration?

    Posted 09-29-2008 07:33

    Does anyone else out here run Mac OS X with the latest update to 10.5.5. and found that they can no longer SSH to a NetScreen firewall to admin the device? We have 2 systems here that no longer work to either ScreenOS 5.4.x or 6.1.x firewalls, however SSH works to any other non-ScreenOS device (Linux, Solaris, etc.). Worked fine with OS X 10.5.4. 

     

    Has anyone else noticed this and if so have you found a fix yet. Did anyone update successfully and not have this problem?  Any Juniper reps, has anyone checked this out or contacted Apple about it?

     

    Thanks

     

    Ron

     



  • 2.  RE: OS X 10.5.5 update cannot SSH to firewall for administration?
    Best Answer

    Posted 09-29-2008 08:37

    Hi,

     

    Two options I have seen for a possible workaround,

     

    Change the ControlMaster to auto with something like this,

     

    ssh -oControlMaster=auto -oControlPath=/tmp/$USER.ssh-%r@%h.%p hostname

     

    Or

     

    ssh -q

     

    These will depend on the reason you aren't getting connected

     

    Or

     

    Open a case with JTAC, there is a known issue.  Get the patched software, seems like the reference bug ID is 312992

     

    Hope this helps,

     

    Ben



  • 3.  RE: OS X 10.5.5 update cannot SSH to firewall for administration?

    Posted 09-29-2008 08:38

    Oh yeah this is probably as a result of the changes to SSH when 10.5.5  updated to version 5.1.

     

    Laters

     

    Ben



  • 4.  RE: OS X 10.5.5 update cannot SSH to firewall for administration?

    Posted 09-29-2008 08:48

    Using ControlMaster=auto allows me to login now, however it displays "PTY allocation request failed on channel 0" after logging in. I just added it to my /etc/ssh_config so I can be productive again.

     

    Thanks for the reply, hope this one gets a proper fix soon.

     

    Ron

     



  • 5.  RE: OS X 10.5.5 update cannot SSH to firewall for administration?

    Posted 09-29-2008 09:16

    Hi,


    Add the -q to stop the messages, now I understand it 😄

     

    Laters

     

    Ben



  • 6.  RE: OS X 10.5.5 update cannot SSH to firewall for administration?

    Posted 10-01-2008 06:55

    I created KB12409 - Mac OS X 10.5.5 and Linux client running OpenSSH5.1 cannot SSH to firewall from your posting. It also includes the ScreenOS versions that will contain the fix.

     

    Thank you,
    Josine

    Message Edited by PentinProcessor on 10-01-2008 08:01 AM


  • 7.  RE: OS X 10.5.5 update cannot SSH to firewall for administration?

    Posted 10-01-2008 08:20

    I'm surprised to not see ScreenOS 5.4 listed. Any word on whether an update will be released for the older NS firewalls that cannot run 6.x?

     

    Ron

     



  • 8.  RE: OS X 10.5.5 update cannot SSH to firewall for administration?

    Posted 10-01-2008 14:24

    Ron,

    Good point. I updated the article with the 5.4 version, 5.4.0r12, that is targeted to have fix:

     

    KB12409 - Mac OS X 10.5.5 and Linux client running OpenSSH5.1 cannot SSH to firewall

     

    Regards,

    Josine



  • 9.  RE: OS X 10.5.5 update cannot SSH to firewall for administration?

    Posted 10-02-2008 20:37
    I'd like to add that this is not a symptom of only OS 10.5.5.  What's more important is to see what version of openssh the client is running.  For example, OS 10.4.11, which bundles Openssh 5.1, also has this issue.