Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1077
Views
0
Helpful
4
Replies

Problem with SSHv2 from Cisco 6500 to Nortel 8600

Go to solution
obrien-r
Level 1
Level 1

‎08-11-2009 07:15 PM - edited ‎03-06-2019 07:12 AM

I have a situation where a client has a mixed vendor network. The client needs to be able to open SSH v2 sessions from one device to another in a "hop-to-hop" situation in case of faults.

The issue arises when trying to SSH from a cat6500 to a Nortel 8600 where basically the SSH connection fails. If using SSH v1, the connection works, if using another SSH client to connect SSH v2 to the Nortel the connection succeeds. However, using the inbuilt SSH client on the cat 6500 fails with a "SSH CLIENTTO: key exchenge failure (code = 0)" in the Cisco debug and a "SSH ERROR no hostkey alg" in the Nortel Log.

Attached is a text file showing some of the debug output and log output from both devices.

The 6500 is running s222-ipservicesk9_wan-mz.122-18.SXF8.bin.

Any help would be appreciated. Including the fact I may have missed something obvious.

Note: I have a Nortel colleague also looking into this.

Cheers

Rob

Labels:
Preview file
7 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lucien Avramov
Level 10
Level 10
In response to obrien-r

‎08-12-2009 04:41 PM

Ok I looked this further.

The reason is that DSA based keys are not supported by IOS SSH. Nortel does not support RSA based keys for SSH, and hence the SSH from Cisco devices do not work.

There is an enhancement request for DSA support on cisco devices:

CSCej86682 Crypto: DSA is not supported in IOS

There is no ETA as far as when this will be fixed. But it will.

Let me know if you have other questions in order to resolve this post.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Lucien Avramov
Level 10
Level 10

‎08-11-2009 09:17 PM

There is a bug for this:

CSCsm76370 Unable to SSHv2 to Nortel switch (from cisco device)

the Cisco device is sending the correct version id for both v1 and v2, hence the problem is not with Cisco.

Cisco ssh is working fine with all the other clients like putty,open ssh and others.

Hence,the problem is with the Nortel Switch, this is why this defect is in a closed state.

Nortel have been notified in the past, you can work on this with them, if you need to pursue this further.

0 Helpful

Go to solution
obrien-r
Level 1
Level 1
In response to Lucien Avramov

‎08-12-2009 02:38 PM

Thanks for the info and bug ID.

Unfortunately, the Nortel switch also works fine with all of the other clients such as putty, open ssh and various other "unix" based clients, so from that perspective, the Nortel is also working.

So it would appear there is an incompatibility between the two vendor implementations.

Oh well, it may be a case of this is just not going to work.

0 Helpful

Go to solution
Lucien Avramov
Level 10
Level 10
In response to obrien-r

‎08-12-2009 04:41 PM

Ok I looked this further.

The reason is that DSA based keys are not supported by IOS SSH. Nortel does not support RSA based keys for SSH, and hence the SSH from Cisco devices do not work.

There is an enhancement request for DSA support on cisco devices:

CSCej86682 Crypto: DSA is not supported in IOS

There is no ETA as far as when this will be fixed. But it will.

Let me know if you have other questions in order to resolve this post.

0 Helpful

Go to solution
obrien-r
Level 1
Level 1
In response to Lucien Avramov

‎08-12-2009 08:03 PM

Thanks for the additional information. Very helpful.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card