Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2227
Views
2
Helpful
4
Replies

strange cisco ssh behavior

Calin C.
Level 5
Level 5

‎09-04-2008 12:52 AM

Hello!

I have a strange behavior related to cisco ssh configure. I did:

"crypto key generate rsa" choose 1024,

enable under vty lines "transport input ssh" and when I want to connect I getting disconnected. The debug is below:

Sep 4 08:49:09 UTC: SSH1: starting SSH control process

Sep 4 08:49:09 UTC: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

Sep 4 08:49:09 UTC: SSH1: protocol version id is - SSH-2.0-OpenSSH_4.7

Sep 4 08:49:09 UTC: SSH2 1: send: len 280 (includes padlen 4)

Sep 4 08:49:09 UTC: SSH2 1: SSH2_MSG_KEXINIT sent

Sep 4 08:49:10 UTC: SSH2 1: ssh_receive: 792 bytes received

Sep 4 08:49:10 UTC: SSH2 1: input: packet len 792

Sep 4 08:49:10 UTC: SSH2 1: partial packet 8, need 784, maclen 0

Sep 4 08:49:10 UTC: SSH2 1: input: padlen 8

Sep 4 08:49:10 UTC: SSH2 1: received packet type 20

Sep 4 08:49:10 UTC: SSH2 1: SSH2_MSG_KEXINIT received

Sep 4 08:49:10 UTC: SSH2: kex: client->server aes128-cbc hmac-md5 none

Sep 4 08:49:10 UTC: SSH2: kex: server->client aes128-cbc hmac-md5 none

Sep 4 08:49:10 UTC: SSH2 1: expecting SSH2_MSG_KEXDH_INIT

Sep 4 08:49:10 UTC: SSH2 1: ssh_receive: 144 bytes received

Sep 4 08:49:10 UTC: SSH2 1: input: packet len 144

Sep 4 08:49:10 UTC: SSH2 1: partial packet 8, need 136, maclen 0

Sep 4 08:49:10 UTC: SSH2 1: input: padlen 5

Sep 4 08:49:10 UTC: SSH2 1: received packet type 30

Sep 4 08:49:10 UTC: SSH2 1: SSH2_MSG_KEXDH_INIT received

Sep 4 08:49:10 UTC: SSH2 1: RSA_sign: private key not found

Sep 4 08:49:10 UTC: SSH2 1: signature creation failed, status -1

Sep 4 08:49:10 UTC: SSH1: Session disconnected - error 0x00

I did "crypto key zeroize rsa" and reconfigure, but still the same behavior.

Do you have any idea why?

Thanks!

Cheers,

Calin

Labels:
0 Helpful
4 Replies 4

andrew.prince
Level 10
Level 10

‎09-04-2008 02:18 AM

Calin,

The error appears to be the moethod you are using to ssh to the device:-

Sep 4 08:49:10 UTC: SSH2 1: RSA_sign: private key not found

I suggest you try using a ssh client like PuTTY:-

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

HTH>

Calin C.
Level 5
Level 5
In response to andrew.prince

‎09-04-2008 02:35 AM

Hi!

Trust me, I would be more than happy to be able to use putty or other ssh client, but unfortunately I cannot. The management machine is a text linux OS...so I'm stuck with this for the moment.

Any other ideas are welcome!

Thanks and cheers,

Calin

0 Helpful

andrew.prince
Level 10
Level 10
In response to Calin C.

‎09-04-2008 02:38 AM

Sorry - not a linux guru!

0 Helpful

Calin C.
Level 5
Level 5
In response to andrew.prince

‎09-04-2008 04:42 AM

I found the solution!

So, the person that worked before me on this switch, did the following:

-change the hostname from CAPITAL LETTERS to small letters

-generate a new rsa key

-the ssh stopped working because the ssh was never disable for the hostname with CAPITAL LETTERS

what I did:

-put back the hostname in CAPITAL LETTERS

-generate rsa key

-delete rsa key...in this moment I received:

%SSH-5-DISABLED: SSH 2.0 has been disabled

-change the name in small letters

-generate a new rsa key...in this moment I received:

%SSH-5-ENABLED: SSH 2.0 has been enabled

Now it is working!

Thanks all for support!

Calin

0 Helpful
Customers Also Viewed These Support Documents