Clark, Bill W.
2004-Jan-16 17:47 UTC
FYI Incompatibilities between recent versions of OpenSSH and Sun SSH
These problem aren't bugs per se but rather major version differences. Sun has finally published a FAQ on their SSH two days ago http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=finfodoc%2F50465&zone_32 =sshd The problem is rooted in the fact that Sun developed their SSH based on OpenSSH 2.5.1p1 That version came out in February of 2001. There have been a number of changes since then and that has caused timeout problems in past for uses when interacting from Solaris 9 to other systems that are running OpenSSH. We have observed session ending abruptly after 15 minutes even when actively using the session. Also we have seen automated SSH file transfers hang. Sun has released one patch for their version of SSH, but it does not address this issue. Patch-ID# 113273-04 Here is a little matrix where problems occur. Haven't done the test with 3.7.1 yet as we assume the same problem will exist as it is based on the fact that Sun is using 2.5.1 code. Here is a little matrix: Disconnect Problem Client Server ------------------------------ ---------- ---------------- No Putty OpenSSH 3.5 No Putty SunSSH 1.0 No SecureCRT OpenSSH 3.5 No SecureCRT SunSSH 1.0 No OpenSSH 3.5 OpenSSH 3.5 No OpenSSH 3.5 SunSSH 1.0 No SunSSH 1.0 SunSSH 1.0 Yes SunSSH 1.0 OpenSSH 3.5 Looks like Sun doesn't understand the following definitions: ClientAliveInterval 30 ClientCountMax 30 That would normally disconnect you after 15 minutes of inactivity. It times out after 15 minutes of activity or inactivity. What I recommend is Stop using Sun SSH or changing all the OpenSSH servers to have the following definitions: ClientAliveInterval 1800 ClientCountMax 3 Bill W. Clark PGP ID: 0xC8447EB1 SMTP:bill.clark at umb.com
Apparently Analagous Threads
- [Bug 738] OpenSSH 3.7.1p2 Password Authentication Failure Through NIS+ on Non-Master Server
- OpenSSH Authentication on Solaris w/ NIS+ Problem
- SecureCRT and Wine 0.9.4
- proposal: new DisableBanner client side option
- secureCRT 3.3 -> openssh v3.7pl (checkpoint firewall)