Bug#639376: ssh key exchange blocked by checkpoint firewall

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#639376: ssh key exchange blocked by checkpoint firewall
From: Erwan David <edavid@nds.com>
Date: Fri, 26 Aug 2011 17:21:39 +0200
Message-id: <20110826152139.18389.7340.reportbug@nux19222.fr.nds.com>
Reply-to: Erwan David <edavid@nds.com>, 639376@bugs.debian.org

Package: openssh-client
Version: 1:5.8p1-7
Severity: normal
Tags: wheezy

Since some weeks my ssh to machines outside our firewall (checkpoint FW-1) are blocked
It comes from the rule :
http://www.checkpoint.com/defense/advisories/public/2006/cpai-18-Jun.html

ssh from fedora 14 works, as do puTTY.

Maybe there is a workaround ?

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing-proposed-updates
  APT policy: (900, 'testing-proposed-updates'), (900, 'testing'), (700, 'proposed-updates'), (400, 'unstable'), (200, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.39-2-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser              3.113               add and remove users and groups
ii  debconf [debconf-2.0 1.5.40              Debian configuration management sy
ii  dpkg                 1.16.0.3            Debian package management system
ii  libc6                2.13-16             Embedded GNU C Library: Shared lib
ii  libedit2             2.11-20080614-2     BSD editline and history libraries
ii  libgssapi-krb5-2     1.9.1+dfsg-1        MIT Kerberos runtime libraries - k
ii  libselinux1          2.0.98-1.1          SELinux runtime shared libraries
ii  libssl1.0.0          1.0.0d-3            SSL shared libraries
ii  passwd               1:4.1.4.2+svn3283-3 change and administer password and
ii  zlib1g               1:1.2.3.4.dfsg-3    compression library - runtime

Versions of packages openssh-client recommends:
ii  openssh-blacklist             0.4.1      list of default blacklisted OpenSS
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.6-1  X authentication utility

Versions of packages openssh-client suggests:
pn  keychain                     <none>      (no description available)
ii  ksshaskpass [ssh-askpass]    0.5.3-1+b1  interactively prompt users for a p
pn  libpam-ssh                   <none>      (no description available)
pn  monkeysphere                 <none>      (no description available)
ii  ssh-askpass                  1:1.2.4.1-9 under X, asks user for a passphras

-- no debconf information

This message is confidential and intended only for the addressee. If you have received this message in error, please immediately notify the postmaster@nds.com and delete it from your system as well as any copies. The content of e-mails as well as traffic data may be monitored by NDS for employment and security purposes.
To protect the environment please do not print this e-mail unless necessary.

An NDS Group Limited company. www.nds.com

Reply to:

Follow-Ups:
- Bug#639376: ssh key exchange blocked by checkpoint firewall
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Bug#639330: openssh-server doesn't check if user's shell is listed in /etc/shells
Next by Date: Bug#639376: ssh key exchange blocked by checkpoint firewall
Previous by thread: Bug#639330: openssh-server doesn't check if user's shell is listed in /etc/shells
Next by thread: Bug#639376: ssh key exchange blocked by checkpoint firewall
Index(es):
- Date
- Thread