https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4663#M3432 <HTML><HEAD></HEAD><BODY><P>I;m not sure right now, what was previous version but was working correctly.</P></BODY></HTML> Tue, 10 Dec 2013 22:11:06 GMT mariusz_sawczuk 2013-12-10T22:11:06Z https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4661#M3430 <HTML><HEAD></HEAD><BODY><P>After upgrade ssh server to OpenSSH_6.4p1-hpn14v2, OpenSSL 1.0.0j 10 May 2012 I can't connect to this server when using ssh decryption on Palo Alto.</P><P>Before ssh server upgrade, decryption was working correctly and I could connect and decrypt ssh traffic.</P><P>When I'm trying to connect from client PC I get response:'Server unexpectly closed network connection'.</P><P>I check that Palo Alto is sending this message to the client PC (as an SSH proxy) not the destination SSH server.</P><P>I also try to connect from the same client PC with SSH decryption turned off, and I could connect.</P><P>I'm using PA-3020 with 5.0.9 PAN-OS.</P></BODY></HTML> Tue, 10 Dec 2013 19:59:43 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4661#M3430 mariusz_sawczuk 2013-12-10T19:59:43Z https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4662#M3431 <HTML><HEAD></HEAD><BODY><P>Was the server's version &lt; 6.2 before the upgrade ?</P></BODY></HTML> Tue, 10 Dec 2013 20:18:51 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4662#M3431 goku123 2013-12-10T20:18:51Z https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4663#M3432 <HTML><HEAD></HEAD><BODY><P>I;m not sure right now, what was previous version but was working correctly.</P></BODY></HTML> Tue, 10 Dec 2013 22:11:06 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4663#M3432 mariusz_sawczuk 2013-12-10T22:11:06Z https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4664#M3433 <HTML><HEAD></HEAD><BODY><P>Do you have a decyption profile attached to the ssl decypt policy ? What have you configured for unsupported mode checks and failure checks.</P><P></P><P>Set up a filter and run ssl counters to get more info.</P><P></P><P>show counter global filter category ssl</P><P></P><P>Deepak</P></BODY></HTML> Thu, 12 Dec 2013 18:48:46 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4664#M3433 dpalani 2013-12-12T18:48:46Z https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4665#M3434 <HTML><HEAD></HEAD><BODY><P>Keep an eye out for PAN OS 5.0.10. A fix for an issue with some SSH proxy sessions not working to OpenSSH servers versions &gt; 6.2 is being published through fix # 57612</P><P>This fix, when available, may help you.</P></BODY></HTML> Thu, 19 Dec 2013 13:44:53 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4665#M3434 goku123 2013-12-19T13:44:53Z https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4666#M3435 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Look in Rn for version 5.0.10, there is:</P><P>57612—SSH sessions to servers running OpenSSH version 6.2 or newer through SSH </P><P>Decryption were failing in some instances when the computed Diffie-Hellman key is </P><P>4096 bits. </P><P></P><P>Hope help.</P><P></P><P>V.</P></BODY></HTML> Fri, 27 Dec 2013 08:10:07 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4666#M3435 VinceM 2013-12-27T08:10:07Z https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4667#M3436 <HTML><HEAD></HEAD><BODY><P>I've upgraded my PAN device even to PAN-OS 6.0, and still ssh decryption doesn't work properly.</P><P>I've tried with and without decryption profiles enabled.</P></BODY></HTML> Wed, 05 Feb 2014 13:34:29 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-with-ssh-decryption-after-ssh-server-upgrade/m-p/4667#M3436 mariusz_sawczuk 2014-02-05T13:34:29Z