Hi,
My MX is in FIPS mode.
I try to SSH from an Device behind.
But no SSH is possible.
15:58:41 system,info log rule added by admin
15:58:43 ssh,debug transport state: 0 --> 1
15:58:43 ssh,debug transport state: 1 --> 2
15:58:43 ssh,debug,packet sending string
15:58:43 ssh,debug,packet SSH-2.0-ROSSSH\r
15:58:43 ssh,debug,packet
15:58:43 ssh,debug client version: SSH-2.0-OpenSSH_7.5
15:58:43 ssh,debug transport state: 2 --> 3
15:58:43 ssh,debug,packet packet create: 20
15:58:43 ssh,debug,packet ----- sending -----
15:58:43 ssh,debug,packet => offset:232 [0xe8]
15:58:43 ssh,debug,packet => size:e8 [0xe8]
15:58:43 ssh,debug,packet 0000 00e4 0b14 9928 1cb2 731e 61f0 e7fe
15:58:43 ssh,debug,packet 11c9 cfc1 dfd0 0000 0024 6469 6666 6965
15:58:43 ssh,debug,packet 2d68 656c 6c6d 616e 2d67 726f 7570 2d65
15:58:43 ssh,debug,packet 7863 6861 6e67 652d 7368 6132 3536 0000
15:58:43 ssh,debug,packet 0014 7373 682d 7273 612c 7273 612d 7368
15:58:43 ssh,debug,packet 6132 2d32 3536 0000 0020 6165 7331 3238
15:58:43 ssh,debug,packet 2d63 7472 2c61 6573 3139 322d 6374 722c
15:58:43 ssh,debug,packet 6165 7332 3536 2d63 7472 0000 0020 6165
15:58:43 ssh,debug,packet 7331 3238 2d63 7472 2c61 6573 3139 322d
15:58:43 ssh,debug,packet 6374 722c 6165 7332 3536 2d63 7472 0000
15:58:43 ssh,debug,packet 000d 686d 6163 2d73 6861 322d 3235 3600
15:58:43 ssh,debug,packet 0000 0d68 6d61 632d 7368 6132 2d32 3536
15:58:43 ssh,debug,packet 0000 0004 6e6f 6e65 0000 0004 6e6f 6e65
15:58:43 ssh,debug,packet 0000 0000 0000 0000 0000 0000 00ce e1a3
15:58:43 ssh,debug,packet a3b7 60d5 b48e a29d
15:58:43 ssh,debug,packet --------------------
15:58:43 ssh,debug,packet ----- recieved -----
15:58:43 ssh,debug,packet => offset:190 [0x190]
15:58:43 ssh,debug,packet => size:100 [0x100]
15:58:43 ssh,debug,packet 0000 018c 0a14 4b51 eee4 80b7 c3f0 3d4b
15:58:43 ssh,debug,packet 2c6c 61b6 c876 0000 0054 6469 6666 6965
15:58:43 ssh,debug,packet 2d68 656c 6c6d 616e 2d67 726f 7570 3134
15:58:43 ssh,debug,packet 2d73 6861 312c 6563 6468 2d73 6861 322d
15:58:43 ssh,debug,packet 6e69 7374 7032 3536 2c65 6364 682d 7368
15:58:43 ssh,debug,packet 6132 2d6e 6973 7470 3338 342c 6563 6468
15:58:43 ssh,debug,packet 2d73 6861 322d 6e69 7374 7035 3231 0000
15:58:43 ssh,debug,packet 0027 6563 6473 612d 7368 6132 2d6e 6973
15:58:43 ssh,debug,packet 7470 3338 342c 6563 6473 612d 7368 6132
15:58:43 ssh,debug,packet 2d6e 6973 7470 3338 3400 0000 3461 6573
15:58:43 ssh,debug,packet 3235 362d 6362 632c 6165 7331 3932 2d63
15:58:43 ssh,debug,packet 6263 2c33 6465 732d 6362 632c 6165 7331
15:58:43 ssh,debug,packet 3238 2d63 6263 2c61 6573 3132 382d 6374
15:58:43 ssh,debug,packet 7200 0000 3461 6573 3235 362d 6362 632c
15:58:43 ssh,debug,packet 6165 7331 3932 2d63 6263 2c33 6465 732d
15:58:43 ssh,debug,packet 6362 632c 6165 7331 3238 2d63 6263 2c61
15:58:43 ssh,debug,packet --------------------
15:58:43 ssh,debug host key algo: ecdsa-sha2-nistp384,ecdsa-sha2-nistp384
15:58:43 ssh,debug kex algo: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
15:58:43 ssh,debug enc algo CS: aes256-cbc,aes192-cbc,3des-cbc,aes128-cbc,aes128-ctr
15:58:43 ssh,debug mac algo CS: hmac-sha2-256,hmac-sha2-512
15:58:43 ssh,debug comp algo CS: none,
zlib@openssh.com15:58:43 ssh,debug packet follows: 0
15:58:43 ssh,debug agreed on: can't agree on:
15:58:43 ssh,debug cl: diffie-hellman-group-exchange-sha256
15:58:43 ssh,debug sl: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
15:58:43 ssh,debug code 0x0200000b closing..
15:58:43 ssh,debug,packet packet create: 1
15:58:43 ssh,debug,packet ----- sending -----
15:58:43 ssh,debug,packet => offset:24 [0x18]
15:58:43 ssh,debug,packet => size:18 [0x18]
15:58:43 ssh,debug,packet 0000 0014 0601 0000 000b 0000 0000 0000
15:58:43 ssh,debug,packet 0000 f150 8c23 ad43
15:58:43 ssh,debug,packet --------------------
15:58:43 ssh,debug transport state: 3 --> 0
15:58:43 ssh,debug closing connection: <> 192.168.1.1:22 (10)
What must i set on junos, to make an ssh connection go (safely)
Problem is:
15:58:43 ssh,debug cl: diffie-hellman-group-exchange-sha256
15:58:43 ssh,debug sl: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
15:58:43 ssh,debug code 0x0200000b closing..
What can i do, to make SSH to JunOS possible?
I Think, diffie-hellman-group-exchange-sha256 is not possible in FIPS mode.
tanks
Christian
------------------------------
CHRISTIAN KNOEFEL
------------------------------