Hello, After upgrading a few old EX switches from 12.3R12-S12 to 12.3R12-S14 I found that I could no longer log in using SSH.
When the login attempt is made, the switch logs: sshd[1521]: fatal: ssh_dispatch_run_fatal: Connection to <client ip address>: unexpected internal error [preauth] The reason appears to be the cipher used. The SSH server in JunOS 12.3R12-S12 advertises support for the following ciphers: debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] While 12.3R12-S14 advertises: debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] Note the addition of [email protected] and [email protected]. These are advertised by 12.3R12-S13.1 as well. The Fedora OpenSSH client will use [email protected] by default when supported by the server, and this fails with the above error message. So does [email protected]. Explicitly selecting another cipher works, e.g.: ssh -o [email protected] <switch> Didn't find any KB article about this issue, so I thought I'd post here in case any Juniper employee would like to report it internally, as I'm guessing others will run into the same issue eventually. (My old switches are long out of support, so I can't open a JTAC case.) Tore _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
