IP Stories

“A Written IP Related Activities”

«
»

[Cisco-Juniper] SSH from Cisco Router to Juniper OS

Posted by a. Rahman Isnaini r. Sutan on September 1, 2008

Spending my time…
Trying to limit login from certain hosts include Cisco routers (OS Version Image : c7200-jk9o3s-mz.123-13.bin”) on a Juniper. The connection allowed is ssh.

Allowing cisco routers doesn’t seem to give a remote login successfully connected.

Cisco#ssh -l boss 192.168.1.145 [connection error:0]

Got this SSH log error on Juniper show log message tailed :

Sep  1 10:21:47  JunOS-GW sshd[38925]: Did not receive identification string from 192.168.1.146
Sep  1 10:21:47  JunOS-GW inetd[2541]: /usr/sbin/sshd[38925]: exit status 0xff00
Sep  1 10:22:15  JunOS-GW sshd[38926]: Did not receive identification string from 192.168.1.146
Sep  1 10:22:15  JunOS-GW inetd[2541]: /usr/sbin/sshd[38926]: exit status 0xff00
Sep  1 10:22:18  JunOS-GW sshd[38927]: Did not receive identification string from 192.168.1.146
Sep  1 10:22:18  JunOS-GW inetd[2541]: /usr/sbin/sshd[38927]: exit status 0xff00
Sep  1 10:22:23  JunOS-GW sshd[38928]: Did not receive identification string from 192.168.1.146
Sep  1 10:22:23  JunOS-GW inetd[2541]: /usr/sbin/sshd[38928]: exit status 0xff00
Sep  1 10:35:52  JunOS-GW sshd[39135]: Did not receive identification string from 192.168.1.146
Sep  1 10:35:52  JunOS-GW inetd[2541]: /usr/sbin/sshd[39135]: exit status 0xff00
Sep  1 10:36:03  JunOS-GW sshd[39136]: Did not receive identification string from 192.168.1.146
Sep  1 10:36:03  JunOS-GW inetd[2541]: /usr/sbin/sshd[39136]: exit status 0xff00
Sep  1 10:36:04  JunOS-GW sshd[39137]: Did not receive identification string from 192.168.1.146
Sep  1 10:36:04  JunOS-GW inetd[2541]: /usr/sbin/sshd[39137]: exit status 0xff00
Sep  1 10:36:05  JunOS-GW sshd[39138]: Did not receive identification string from 192.168.1.146
Sep  1 10:36:05  JunOS-GW inetd[2541]: /usr/sbin/sshd[39138]: exit status 0xff00

The symptom : Your outbound SSH on Cisco Router is version 1, while your juniper by default is version 2. Please add/enable ssh protocol-version 2 (v2) as well.. on your Juniper.

You@JunOS-GW# show
ssh {
root-login deny;
protocol-version [ v2 v1 ];
connection-limit 10;
}

[edit system services]

you@JunOS#set system services ssh protocol-version v1
you@JunOS#set system services ssh protocol-version v2
you@JunOS#set system services ssh protocol-version v1 v2 (nope sure this one :) ) try it)

Then commit ! [Thanks to Ang Kah from Bangky.Net for Inspiring]

a. rahman isnaini r.sutan

This entry was posted on September 1, 2008 at 8:19 am and is filed under Juniper, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»