ScreenOS Firewalls (NOT SRX)
Reply
New User
jdpiguet
Posts: 2
Registered: ‎10-15-2009

SSH disconnection after authentication

Hi all,

 

I'm trying to configure ssh access for a SSG5.

 

I can connect via telnet, but when I try ssh I'm disconnected just after the password input.

 

Below, an example:

 

 

egweas ~ > ssh root@192.168.0.130
root@192.168.0.130's password:
Connection to 192.168.0.130 closed by remote host.
Connection to 192.168.0.130 closed.
egweas ~ >

 

In the SSG5 logs, I can see the following:

 

5GT_EAS1-> get event Total event entries = 1052 Date Time Module Level Type Description 2009-10-15 09:34:31 system warn 00528 SSH: Password authentication successful for admin user 'root' at host 192.168.0.32 2009-10-15 09:34:29 system warn 00528 SSH: Admin 'root' at host 192.168.0.32 attempted to be authenticated with no authentication methods enabled.

 

 

 

 My configuration looks like below:

 

 

5GT_EAS1-> get ssh SSH V2 is active SSH is enabled SSH is ready for connections Maximum sessions: 3 Active sessions: 0 Admin Ip Addr Vsys Auth Method Service ---------- --------------- ---------- ----------- -------- 5GT_EAS1-> get admin HTTP Port: 80, HTTPS Port: 443 TELNET Port: 23, SSH Port: 22 No Mng Host IP is specified Mail Alert: Off, Mail Server: E-Mail Address: E-Mail Traffic Log: Off Configuration Format: UNIX Device Reset: Enabled Hardware Reset: Enabled Admin privilege: read-write (Remote admin has read-write privileges) Max Failed Admin login attempts: 3 HTTP redirect: false 5GT_EAS1-> get interface A - Active, I - Inactive, U - Up, D - Down, R - Ready Interfaces in vsys Root: Name IP Address Zone MAC VLAN State VSD trust 192.168.0.129/24 Trust 0010.db7b.d3a2 - U - untrust xxx.xxx.xxx.xxx/27 Untrust 0010.db7b.d3a1 - U - serial 0.0.0.0/0 Null 0010.db7b.d3a6 - D - tun.1 unnumbered Trust trust - R - tun.2 unnumbered Trust trust - R - vlan1 0.0.0.0/0 VLAN 0010.db7b.d3af 1 D - null 0.0.0.0/0 Null 0000.5e00.0100 - U 0 5GT_EAS1-> get interface trust Interface trust: number 2, if_info 176, if_index 0, mode route link up, phy-link up/full-duplex vsys Root, zone Trust, vr trust-vr dhcp client disabled PPPoE disabled ip 192.168.0.129/24 mac 0010.db7b.d3a2 manage ip 192.168.0.130, mac 0010.db7b.d3a2 route-deny disable ping enabled, telnet enabled, SSH enabled, SNMP disabled web disabled, ident-reset disabled, SSL disabled DNS Proxy disabled, webauth disabled, webauth-ip 0.0.0.0 OSPF disabled BGP disabled RIP disabled mtrace disabled PIM: not configured IGMP not configured bandwidth: physical 100000kbps, configured 0kbps, current 0kbps total configured gbw 0kbps, total allocated gbw 0kbps DHCP-Relay disabled DHCP-server disabled 5GT_EAS1-> get system Product Name: NetScreen-5GT Serial Number: 0064092004003355, Control Number: 00000000 Hardware Version: 1010(0)-(00), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0) Software Version: 5.2.0r2.0, Type: Firewall+VPN Base Mac: 0010.db7b.d3a0 File Name: ns5gt.5.2.0r2.0, Checksum: 28fd00e6 Date 10/15/2009 09:36:51, Daylight Saving Time enabled The Network Time Protocol is Disabled Up 5375 hours 4 minutes 57 seconds Since 5 Mar 2009 09:31:54 Total Device Resets: 1, Last Device Reset at: 11/27/2001 05:40:31 Box in trust-untrust mode System in NAT/route mode. Use interface IP, Config Port: 80 User Name: root Interface trust: number 2, if_info 176, if_index 0, mode route link up, phy-link up/full-duplex vsys Root, zone Trust, vr trust-vr dhcp client disabled PPPoE disabled ip 192.168.0.129/24 mac 0010.db7b.d3a2 manage ip 192.168.0.130, mac 0010.db7b.d3a2 route-deny disable Interface untrust: number 1, if_info 88, if_index 0, mode route link up, phy-link up/full-duplex vsys Root, zone Untrust, vr untrust-vr dhcp client disabled PPPoE disabled *ip xxx.xxx.xxx.xxx/27 mac 0010.db7b.d3a1 *manage ip xxx.xxx.xxx.xxx, mac 0010.db7b.d3a1 route-deny disable Interface serial: number 6, if_info 528, if_index 0, mode route link down, phy-link down vsys Root, zone Null, vr untrust-vr *ip 0.0.0.0/0 mac 0010.db7b.d3a6 5GT_EAS1->

 

 

 

Any hints to go further?

 

BR, Jacques-D.

 

 

 

Super Contributor
mehdi
Posts: 240
Registered: ‎08-19-2008
0

Re: SSH disconnection after authentication

[ Edited ]

hello

 

could you try the SSH connection to your SSG from Windows ? i think you have some mistake with you local linux  certificate

 

thnaks  

Message Edited by mehdi on 10-15-2009 10:54 AM
**If this reply solved your problem click on Kudos **
Kind Regard
http://www.linkedin.com/in/mkhitmane
personal mail: mehdi.khitmane@gmail.com
New User
jdpiguet
Posts: 2
Registered: ‎10-15-2009

Re: SSH disconnection after authentication

Hi Mehdi,

 

1. What do you mean with "local linux certificate"?

 

2. I partially solved the problem with the help of another post:

 

egweas ~ > ssh -oControlMaster=auto root@192.168.0.130 root@192.168.0.130's password: PTY allocation request failed on channel 0 Remote Management Console 5GT_EAS1-> 5GT_EAS1-> get clock Date 10/15/2009 12:24:59, Daylight Saving Time enabled The Network Time Protocol is Disabled Up 5377 hours 53 minutes 5 seconds Since 5 Mar 2009 09:31:54 1255609499.720374 seconds since 1/1/1970 0:0:0 GMT GMT time zone area 1:00 GMT time zone offset -2:00 5GT_EAS1-> 5GT_EAS1-> exitConnection to 192.168.0.130 closed. egweas ~ >

 

 The question is now why did I get this message "PTY allocation request failed on channel 0"?

BR, Jacques-D.

 

Trusted Contributor
Optimist
Posts: 60
Registered: ‎09-09-2009

Re: SSH disconnection after authentication

will you see this output:

 

get admin ssh all
Admin Name                      SSH PWA enabled SSH PKA keys
------------------------------- --------------- ------------
root                                  yes             0

 

If "SSH PWA enabled" is no do:

 

set admin ssh password enable username root

 

best regards

Thorsten

If this worked for you please flag my post as an "Accepted Solution" so others can benefit.
A kudo would be cool if you think I earned it.

Visitor
chris.kruslicky@lvhn.org
Posts: 4
Registered: ‎08-15-2011

Re: SSH disconnection after authentication

[ Edited ]

> The question is now why did I get this message "PTY allocation request failed on channel 0"?


This hit me after upgrading ubuntu - except the client was disconnecting at that point. I was able to get around that error by disabling pseudo-tty allocation (ssh -T user@host) when connecting to older netscreen's. Screenos 6.2.x appears to behave in a way that I do not see that error.

Visitor
kylebe
Posts: 1
Registered: ‎08-30-2011
0

Re: SSH disconnection after authentication

I'm not the author of this thread, but ssh -T fixed the problem for me after I've tried many different solutions over a couple years.  Thanks for your post.

Visitor
tc0nn
Posts: 1
Registered: ‎01-24-2012
0

Re: SSH disconnection after authentication

Same solution for me: ssh -T x.y.z.a

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.