When I upgraded from OS 11.2 to OS 11.4, I discovered that the network intrusion prevention system (IPS) is resetting my SSH connections. This did not happen with OS 11.2, and it doesn’t happen with RHEL 5 nor with Fedora 14. It did happen with Cygwin until I reverted form Cygwin OpenSSH 5.8p1 to 5.6p1. Fedora has OpenSSH_5.5p1 which does work. I don’t recall the version on RHEL 5, but I’m confident it’s older.
These are the last lines of output from susebox# ssh -vvv remotehost.domain
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Read from socket failed: Connection reset by peer
I know this is from the IPS because the reset has a different TTL than the remote host, and it only happens when I go through the IPS. Interestingly, I CAN ssh to the OS 11.4 host from the remote host. The IPS administrator was no help.
The IPS is an IBM Proventia 5108, or similar.
Any ideas?