Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSH Daemon - Did anything change from 1.2.2-RELEASE to 1.2.3?

    General pfSense Questions
    2
    4
    2.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Phobia
      last edited by

      Hello there,

      I'm troubleshooting an issue I've been experiencing with a J2ME SSH client I use from by Blackberry for remote administration purposes.

      I have found that I can no longer connect to 1.2.3-RELEASE pfSense boxes.  1.2-RELEASE and 1.2.2-RELEASE boxes continue to function just fine.

      The error I pull from my BB is :

      Name: BBSSH
      GUID: 3b876f970927ae00
      Time: Mar 05, 2010 11:27:38
      xxxxxxxx.dyndns.org:63777 reports: I/O operation attempted on closed stream/connection

      I don't see anything meaningful from the pfSense logs in the GUI.  I am NOT using a key - just username and password.

      Any help would be appreciated!

      – Phob

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        There were OS changes (From FreeBSD 7.0 to 7.2) and I'm fairly certain the underlying OpenSSH daemon was updated during that time because it's part of the base OS from FreeBSD.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          Phobia
          last edited by

          Thanks for the info jimp.

          I didn't initially detect the issue as I usually have access via a PC and Putty never stopped working.  My iPhone clients still work too, but the java SSH client I use on the BB isn't cooperating.

          Anyway - I guess I'll have to try to create a FreeBSD virtual machine at some point and fuss with the different combos…

          Thanks for the response.

          -- Phob

          1 Reply Last reply Reply Quote 0
          • P
            Phobia
            last edited by

            Hi again,

            Just thought I would post that a solution to this issue has been discovered.  It turns out that the default ciphers used in v1.2.3+ versions do not support the 3des-cbc cipher, which is what my SSH client uses.

            Manually editing /etc/sshd to add this cipher to the list solves my issue :

            Change the line :

            $sshconf = "Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc\n";

            … to this :

            $sshconf = "Ciphers 3des-cbc,aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc\n";

            I'll post this to the bug tracker as well.

            Thanks,

            -- Phob

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.