[Bug 2116] New: SSH to Nortel/Avaya switch fails

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Jun 5 01:07:06 EST 2013 

https://bugzilla.mindrot.org/show_bug.cgi?id=2116

            Bug ID: 2116
           Summary: SSH to Nortel/Avaya switch fails
           Product: Portable OpenSSH
           Version: 6.2p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jsneerin at gmail.com

Starting with version 6.2p1, ssh client connections to Nortel/Avaya ERS
5600 series switches fail. Connections with 6.1p1 and earlier do not
exhibit this problem. This is observed with the following switch models
and release versions:

* Avaya Ethernet Routing switch (ERS) 5698 and 5698-PoE
* OS version 6.2.1.003 with boot firmware 6.0.0.10
* OS version 6.3.0.013 with boot firmware 6.0.0.15
* http://www.avaya.com/usa/product/ethernet-routing-switch-5000-series

These switches actually run Mocana SSH server software, so it's
possible that other embedded devices using Mocana SSH are also
affected. It is unclear which version of Mocana these switches are
running, or if the different OS/FW firmware versions have different
versions of Mocana. Mocana SSH is described at:

* https://www.mocana.com/for-device-manufacturers/nanossh/

Affected OpenSSH versions observed:

* 6.2p1, 6.2p2, 6.2-SNAP-20130604

Unaffected OpenSSH versions observed:

* 5.9p1, 6.0p1, 6.1p1

Client operating systems tested:

* Linux r3239 3.2.0-44-generic #69-Ubuntu SMP Thu May 16 18:27:54 UTC
2013 i686 i686 i386 GNU/Linux
* CYGWIN_NT-6.1-WOW64 L3313 1.7.18(0.263/5/3) 2013-04-19 10:39 i686
Cygwin

I first noticed this problem under Cygwin. However, I have verified it
on Ubuntu by compiling versions 5.9p1, 6.0p1, 6.1p1, 6.2p1, and 6.2p2,
and the daily snapshot from 20130604 from source with no special
configuration options. Running ssh 6.2p1 and later with -v shows that
the connection gets as far as expecting SSH2_MSG_KEXDH_REPLY, then the
far end closes the connection. Versions 6.1p1 and earlier work
normally. Running ssh with additional -v flags, as well as running it
when compiled with the various DEBUG macros, does not yield any
additional information that is meaningful to me.

I will attached "ssh -vvv" output from 6.1p1 and 6.2p1 in the hope that
it will be helpful. If you do not have Nortel/Avaya or other hardware
running Mocana SSH at your disposal, I am willing to assist with
testing of alternate configurations or patches.

I've marked this as "major" because I've been unable to identify any
workaround with the affected versions. Rolling back to 6.1p1 is the
only fix I've found.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list