secureCRT 3.3 -> openssh v3.7pl (checkpoint firewall)

Darren Tucker dtucker at
Thu Sep 16 14:32:59 EST 2004

Damien Miller wrote:
> Lou wrote:
>>Client - secureCRT 3.3 outside the firewall (Checkpoint)
>>Server - openssh v3.7 on an aix51 rs6k inside the fw
>>The firewall lets in the first packet but blocks the second with the
>>message: ssh 1.x not allowed.  The connection gets reset. Here is the
>>trace from the client:
> Your firewall is insane - it is mis-detecting the protocol version in
> use, despite the unambiguous version string:
>>[SSH LOCAL ONLY] : RECV : Remote Identifier = "SSH-2.0-OpenSSH_3.7p1"

Maybe securecrt is sending a "SSH-1.99-*" string?

Try configuring securecrt to connect *only* with protocol version 2. 
Failing that, try hitting your firewall with a large stick.  The latter 
won't solve your problem but it might make you feel better :-).

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list