2950G-24-EI and SSH v2

Answered Question
Jun 11th, 2008

Hello!

We use some 2950G-24-EI switches with IOS c2950-i6k2l2q4-mz.121-22.EA10a.bin.

We also use C3560-24-PS-S switches with IOS c3560-ipbasek9-mz.122-25.SEE4.bin and accesspoints (AP1242AG-E-K9) with IOS c1240-k9w7-mx.123-11.JA1.

On all devices we configured explicite "ip ssh version 2".

Output of "show ip ssh" is:

SSH Enabled - version 2.0

Authentication timeout: 120 secs; Authentication retries: 3

The problem is, that we can't connect from the 2950G switch to an accesspoint or to a C3560.

The failure is:

[Connection to switch aborted: error status 0]

Is there any difference between the SSH v2 on the 2950G and 3560?

The debug on the 2950G is:

Jun 11 15:26:59.295: SSH1: Session disconnected - error 0x07

Jun 11 15:26:59.443: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

Jun 11 15:26:59.451: SSH1: receive failure - status 0x07

Jun 11 15:26:59.551: SSH1: Session disconnected - error 0x07

Jun 11 15:27:00.983: SSH CLIENT0: protocol version id is - SSH-2.0-Cisco-1.25

Jun 11 15:27:00.983: SSH CLIENT0: protocol version exchange failure (code = 1)

Jun 11 15:27:00.983: SSH CLIENT0: Session disconnected - error 0x00

Jun 11 15:27:07.956: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

Jun 11 15:27:07.960: SSH1: protocol version id is - SSH-2.0-CmdSvc

Jun 11 15:27:18.728: SSH1: Session disconnected - error 0x07

The debug on the AP1242 is:

Jun 11 15:22:23.290: SSH1: starting SSH control process

Jun 11 15:22:23.290: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

Jun 11 15:22:23.321: SSH1: receive failure - status 0x07

Jun 11 15:22:23.426: SSH1: Session disconnected - error 0x07

Thanks for your help!

I have this problem too.
0 votes
Correct Answer by glen.grant about 8 years 5 months ago

My bad , Edison is correct the SSH client end , (being able to ssh from the device appears to be SSH V1 only on the 2950 but it will accept a incoming ssh v2 connection.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
glen.grant Wed, 06/11/2008 - 05:43

Try using the syntax "ssh -v 2 . I think it will use either unless you specify which one you want to use , probably 1 is default . We have set as V 1 but it will still send out a V2 request if you use that syntax. Not sure if you have ssh 2 as global . It should work with the above syntax though.

Sven Hruza Wed, 06/11/2008 - 05:51

Thanks for your replay!

But there is no -v option on the 2950G switch.

2950G#ssh ?

-c Select encryption algorithm

-l Log in using this user name

-o Specify options

-p Connect to this port

WORD IP address or hostname of a remote system

Edison Ortiz Wed, 06/11/2008 - 07:50

The output displayed in the original post indicates the switch supports SSH v2 server services, however the SSH v2 client is another piece.

If you go to http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp and click on 'Search by Feature', you will notice that some switches do support SSH v2 server, for instance the 2960 starting with 12.2(25)SEE4 IOS release.

HTH,

__

Edison.

Please rate helpful posts

Correct Answer
glen.grant Wed, 06/11/2008 - 08:22

My bad , Edison is correct the SSH client end , (being able to ssh from the device appears to be SSH V1 only on the 2950 but it will accept a incoming ssh v2 connection.

Sven Hruza Thu, 06/12/2008 - 00:20

Thanks for the replies and the link to the feature navigator!

I can't understand why the server is v2 and the client v1, but that is another question ;-)

Actions

This Discussion