Software version of the NE80: VRP3.10-2351P02
Symptom of the fault:
The access to the devices through Telnet was normal. However, when Telnet was changed to SSH, sometimes the device was accessible, sometimes it was not. When multiple accounts were registered, some accounts could access the device, but some could not.
The system prompted the SSH connection error. The client was disconnected by the SSH server.
1. Because the NE80 could sometimes be accessed through SSH, there must be nothing wrong with the configuration.
2. The SSH server prompted that the connection was shut down. Therefore, port 22 was not filtered out.
3. The packet capture showed that the packets were sent from the client normally.
4. The client used CRT for SSH connection. Because CRT adopted an SSH encryption algorithm different from the encryption algorithm of the NE80, sometimes the client installed with CRT could not access the NE80. After the client software was replaced with another, the SSH connection succeeded.
1. Problem with the SSH configuration of the NE80
2. The port number used by SSH was filtered out
3. The password sent by the client software was too long
4. The encrypted user names and passwords were inconsistent between the client software and the server.
The current VRP3.10 platform does not provide a solution to the problem that the SSH encryption algorithm is incompatible with that of CRT.