openssh unix dev - Sep 2008 - Problem connecting with openssh-5.1-client to Juniper Eseries

After upgrading to 5.1, connections to our Juniper E-Series routers
fail with:

$ ssh -v eseries
OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *-lns*
debug1: Applying options for *
debug1: Connecting to eseries [1.2.3.4] port 22.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: Remote protocol version 2.0, remote software version 2.0.12
debug1: match: 2.0.12 pat 2.0.11*,2.0.12*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'eseries' is known and matches the DSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:66
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentication succeeded (none).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: Received SSH2_MSG_UNIMPLEMENTED for 6
Received disconnect from 62.104.2.13: 2: 
$

This seems to be in response to the "no-more-sessions" request, if
I disable the part of code that generates it, everything works fine
as usual. By my understanding of the protocol, the server should
respond with SSH_MSG_REQUEST_FAILURE and just go on instead of
terminating the connection, can someone please confirm this?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080903/d0090c6f/attachment.bin

On Wed, 3 Sep 2008, Jens Rosenboom wrote:
> After upgrading to 5.1, connections to our Juniper E-Series routers
> fail with:
> 
[snip]
>
> This seems to be in response to the "no-more-sessions" request,
if
> I disable the part of code that generates it, everything works fine
> as usual. By my understanding of the protocol, the server should
> respond with SSH_MSG_REQUEST_FAILURE and just go on instead of
> terminating the connection, can someone please confirm this?
Someone reported something similar for Netscreen:

http://lists.mindrot.org/pipermail/openssh-unix-dev/2008-August/026821.html

It seems that someone at Junpier/Netscreen has been misreading the SSH
protocol spec. Could you file a bug with them so we can figure out which
versions of their products are affected? Once we know this, and their
banner strings (yours is "SSH-2.0-2.0.12") then we can add a
workaround.

-d