Forum

Notifications
Clear all

ssh and pix

0 Posts
3 Users
0 Reactions
372 Views
 tim
(@tim)
New Member
Joined: 55 years ago
Posts: 1
Topic starter  

I am trying to use celestial's client to connect to my cisco pix box with no luck. I know the pix uses ssh1 and des encryption but as soon as I try to connect it tells me that you have been disconnected from the host do you want to exit. I know the pix is configured correctly because I can use other ssh clients. Any help would be great. Thanks.


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

Can you give me the IP address? You can e-mail it to (bpence at celestialsoftware.net)


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

Tim,

I've been looking at this server and I'm at a loss. Are you sure this thing is trying to do SSH on the standard port (22) (IP ADDRESS OMITTED)?? I'm having trouble determining the cause of the problem because there is absolutely ZERO communication between client and host at any level. The server seems to close the port as soon as it opens, even before initial key exchange which is quite strange. Any further info would be useful.

I've tried both AbsoluteTelnet and TeraTerm SSH, which is reported to work with the PIX from what I have read on deja.com.


   
ReplyQuote
(@msa)
Estimable Member
Joined: 23 years ago
Posts: 111
 

Just a thought: couldn't it be something else, like the pix filtering connection requests? It sounds a bit like Linux when you forget to add sshd: IP/MASK in /etc/hosts.allow...


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

Just a quick update about AbsoluteTelnet and the Cisco PIX... I've had a number of support calls since this original one, and they've all been fixed by turning compression all the way off in Options->Properties->Connection->SSH1. Future versions of Absolute (1.85 and greater) will turn off Compression by default to remain as compatible as possible 'out of the box'.

Unfortunately, anything but plain vanilla settings will give the PIX fits, so make sure that port forwarding, X11 forwarding, and compression are all disabled and that DES is at the top of the 'preferred cipher' list.


   
ReplyQuote
Share: