Mac OS X 10.5.5 and Linux client running OpenSSH 5.1 cannot SSH to firewall
| Knowledge Base ID: | KB12409 |
| Version: | 6.0 |
| Published: | 07 Oct 2008 |
| Updated: | 07 Oct 2008 |
| Categories: |
 Firewall/IPSec_VPN ScreenOS |
Mac OS X 10.5.5 and Linux client running OpenSSH 5.1 cannot SSH to firewall
Problem or Goal:
Symptoms:
Solution:- After updating Mac OS X with the latest update 10.5.5, customer can no longer SSH to firewalls. However, they can SSH to other non-ScreenOS devices. It worked fine with Mac OS X 10.5.4.
- Linux clients running OpenSSH5.1 cannot SSH to the firewall with SSH v2. SSH v1 works fine.
- Cannot SSH to firewall after upgrading client OS that uses OpenSSH 5.1 (Enter the OS command
ssh -Vto check OpenSSH version on the client.)
1. Work around. With SSH v2, use the following options to the firewall:
2. Work around. Use SSH v1.
OR
3. Upgrade to ScreenOS version with fix when they become available: ScreenOS 5.4.0r12, ScreenOS 6.0.0r8, or ScreenOS 6.1.0r5.
OR
4. Call JTAC to get ScreenOS patch with fix.
ORAdd -q to suppress any other error messages.ssh -oControlMaster=auto hostname
You can also edit your SSH client configuration file, and enter the following line if you want it to be global:
ControlMaster auto
SSH client configuration files:
(Mac OS) /etc/ssh_config
(Linux) # user’s configuration file (~/.ssh/config)
(Linux) # system-wide configuration file (/etc/ssh/ssh_config)
2. Work around. Use SSH v1.
OR
3. Upgrade to ScreenOS version with fix when they become available: ScreenOS 5.4.0r12, ScreenOS 6.0.0r8, or ScreenOS 6.1.0r5.
OR
4. Call JTAC to get ScreenOS patch with fix.
