2950G-24-EI and SSH v2

Answered Question
Jun 11th, 2008
User Badges:
  • Bronze, 100 points or more

Hello!


We use some 2950G-24-EI switches with IOS c2950-i6k2l2q4-mz.121-22.EA10a.bin.


We also use C3560-24-PS-S switches with IOS c3560-ipbasek9-mz.122-25.SEE4.bin and accesspoints (AP1242AG-E-K9) with IOS c1240-k9w7-mx.123-11.JA1.


On all devices we configured explicite "ip ssh version 2".


Output of "show ip ssh" is:

SSH Enabled - version 2.0

Authentication timeout: 120 secs; Authentication retries: 3


The problem is, that we can't connect from the 2950G switch to an accesspoint or to a C3560.


The failure is:

[Connection to switch aborted: error status 0]


Is there any difference between the SSH v2 on the 2950G and 3560?


The debug on the 2950G is:

Jun 11 15:26:59.295: SSH1: Session disconnected - error 0x07

Jun 11 15:26:59.443: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

Jun 11 15:26:59.451: SSH1: receive failure - status 0x07

Jun 11 15:26:59.551: SSH1: Session disconnected - error 0x07

Jun 11 15:27:00.983: SSH CLIENT0: protocol version id is - SSH-2.0-Cisco-1.25

Jun 11 15:27:00.983: SSH CLIENT0: protocol version exchange failure (code = 1)

Jun 11 15:27:00.983: SSH CLIENT0: Session disconnected - error 0x00

Jun 11 15:27:07.956: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

Jun 11 15:27:07.960: SSH1: protocol version id is - SSH-2.0-CmdSvc

Jun 11 15:27:18.728: SSH1: Session disconnected - error 0x07



The debug on the AP1242 is:

Jun 11 15:22:23.290: SSH1: starting SSH control process

Jun 11 15:22:23.290: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

Jun 11 15:22:23.321: SSH1: receive failure - status 0x07

Jun 11 15:22:23.426: SSH1: Session disconnected - error 0x07



Thanks for your help!

Correct Answer by glen.grant about 9 years 1 month ago

My bad , Edison is correct the SSH client end , (being able to ssh from the device appears to be SSH V1 only on the 2950 but it will accept a incoming ssh v2 connection.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
glen.grant Wed, 06/11/2008 - 05:43
User Badges:
  • Purple, 4500 points or more

Try using the syntax "ssh -v 2 . I think it will use either unless you specify which one you want to use , probably 1 is default . We have set as V 1 but it will still send out a V2 request if you use that syntax. Not sure if you have ssh 2 as global . It should work with the above syntax though.

Sven Hruza Wed, 06/11/2008 - 05:51
User Badges:
  • Bronze, 100 points or more

Thanks for your replay!


But there is no -v option on the 2950G switch.


2950G#ssh ?

-c Select encryption algorithm

-l Log in using this user name

-o Specify options

-p Connect to this port

WORD IP address or hostname of a remote system


Edison Ortiz Wed, 06/11/2008 - 07:50
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

The output displayed in the original post indicates the switch supports SSH v2 server services, however the SSH v2 client is another piece.


If you go to http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp and click on 'Search by Feature', you will notice that some switches do support SSH v2 server, for instance the 2960 starting with 12.2(25)SEE4 IOS release.


HTH,


__


Edison.


Please rate helpful posts



Correct Answer
glen.grant Wed, 06/11/2008 - 08:22
User Badges:
  • Purple, 4500 points or more

My bad , Edison is correct the SSH client end , (being able to ssh from the device appears to be SSH V1 only on the 2950 but it will accept a incoming ssh v2 connection.

Sven Hruza Thu, 06/12/2008 - 00:20
User Badges:
  • Bronze, 100 points or more

Thanks for the replies and the link to the feature navigator!


I can't understand why the server is v2 and the client v1, but that is another question ;-)

Actions

This Discussion