Uncategorized

SSH Errors when connecting to a Juniper Netscreen SSG5-GT

Recently, I started working with Netscreens, which I haven’t done for 10 years or so. Things have changed a bit. As I’m learning ScreenOS, and trying to get around and configure these things, I’m getting really aggravated because while I’m RTFM’ing, the ssh session keeps disconnecting with this error:

buffer_get_ret: trying to get more bytes 4 than in buffer 0
buffer_get_int: buffer error

It only seems to happen after a very short period of inactivity though. Highly reproducible, and seems to happen from all my OSX clients I’ve tried. So, I try from a ubuntu box, and it doesn’t happen, which leads me to evaluate what is different between the two. Both are running the same OpenSSH version, but a different OpenSSL version. Oh, and the Ubuntu config is a stock vanilla config, while the OSX boxes all have a custom ~/.ssh/config that is used to set usernames and a few ssh options to make my life easier.

So, I renamed ~/.ssh/ on a OSX box, and the problem vanishes! This tells me it has to do with my ssh config. After a bit of troubleshooting, I isolated the problem in this portion of my ~/.ssh/config file:

Host *
ServerAliveInterval 30

I use this command to keep from timing out on SSH servers that boot you for inactivity. It works fine for all the servers I’ve used, until now. Apparently when the SSH client detects 30 seconds of inactivity, it sends some sort of stay alive message, which the Netscreen fails to handle and decides to immediately disconnect.

To work around this, set this value to 0 (to disable) on your Netscreen hosts in the ~/.ssh/config file:

Host vpn*
ServerAliveInterval 0

All my Netscreens are in my hostfile and begin with vpn-

You need to put the hostname, IP address with or without the asterisk wildcard for your situation.

Hope you found this helpful. I was unable to find ANYTHING on the net that explains this.

EDIT: Michael Newton has had success in adding the following options as well to the Host entry in the ssh config:

Host ns5gt
TCPKeepAlive no
ServerAliveInterval 0
HostKeyAlgorithms ssh-dss

Advertisements