[fw-wiz] PIX denying SSH Access - until I run PDM?

From: Paul Pershing (streamfile_at_gmail.com)
Date: 08/23/05

  • Next message: Keith A. Glass: "Re: [fw-wiz] UPS Worldship connection problems with new firewall device" 
    To: firewall-wizards@honor.icsalabs.com
Date: Tue, 23 Aug 2005 16:25:58 -0400

    Hi,

    I have run across a problem several times with different PIX models
    and on different networks; and I'm wondering if I just don't mix well
    with PIX's - or if someone else has seen the same issue?

    All of the PIX's have been running at least 6.x code and all have had
    PDM run against them at some point. I have tried open source and
    commercial SSH clients on the same PIX's - no change. Also get the
    same results whether attaching to the outside or inside interface.

    The symptom is that a few weeks will pass since I last logged onto the
    fw using ssh; and I'll attempt to; but instead of being prompted for a
    userid/password the client will simply sit there and stare at me while
    doing nothing - no errors. If I'm using Kermit (usual) it'll just sit
    on the blank black screen until it times out. Other clients produce
    similar behavior.

    The odd part is that I discovered through trial and error that if
    access the PIX via PDM after the failed SSH attempt - even if the PDM
    connection is not completed - I can then attach via SSH.

    This is such a bizarre problem that I've been reluctant to post it;
    but I've encountered it so many times now that my curiousity has
    gotten the better of me!

    Just curious,
    Paul
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Keith A. Glass: "Re: [fw-wiz] UPS Worldship connection problems with new firewall device"

    Relevant Pages

    • RE: Commentary on the seven words
      ... When I was an operating systems programmer we all too often forgot that the Operating system existed to support the application, not the other way around. ... A Because the application that we run uses a telnet client that doesn't support ssh - and that's why I can't run ssh on this system. ... I administrate one system that has 128 clients on it and it's ...
      (RedHat)
    • OpenSSH 3.7.1p2 With NIS+ Password Authentication Problem
      ... > only windows SSH clients (I've tried SecureCRT and SSH.com's SSH ... > authentication, it works, but it asks me TWICE ... Your Windows clients are using password authentication. ... But if you run NIS+ at security level 2 the user ...
      (SunManagers)
    • RE: Commentary on the seven words
      ... operating system and utility advice and assistance and there ... I wrote in with a complaint that Linux will allow a process ... I administrate one system that has 128 clients ... want to without the 262 additional levels of complication that ssh ...
      (RedHat)
    • Re: Mitigate FTP
      ... if you use ssh (server) with scp (in clients) using cryptographic key ... Security Trends Report from Cenzic ...
      (Pen-Test)
    • RE: Commentary on the seven words
      ... I wrote in with a complaint that Linux will allow a process (like Tar, ... I administrate one system that has 128 clients ... Why can't I log on to Root from one of those ... want to without the 262 additional levels of complication that ssh ...
      (RedHat)