×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

SG300 ssh strange error: "A client is already connected"

Unanswered Question
Oct 14th, 2013
User Badges:

Hi,


I've got a few SG300-52 small business switches running software version 1.3.0.62 which I configured for ssh management access with public key authentication via:


ip ssh server

ip ssh pubkey-auth auto-login

username mgmt password ... privilege 15

crypto key pubkey-chain ssh

user-key mgmt rsa

key-string ...


This is working fine if I connect interactively from my management system with:


ssh -i mgmt_id_rsa [email protected]


where mgmt_id_rsa is the name of a file containing the private key.

I get a privileged command prompt as intended, without being asked for a password.

However if I try to pass a command on the ssh command line like this:


ssh -i mgmt_id_rsa [email protected] show version


the command just hangs until I hit the Enter key a second time, and then emits the strange message:


Received disconnect from 10.11.12.13: 2:

A client is already connected


(Exactly like that, including the line break after the "2:" and the blank before "A client".)

This is unfortunate as the objective is to send commands to the switch from a script.

The same happens if I pipe the command I want to send into ssh like this:


echo show version | ssh -i mgmt_id_rsa [email protected]


except the error message appears immediately and I don't have to hit Enter a second time.


Looks like I hit another bug in Cisco's ssh implementation? Any idea for a workaround?


Thanks,

Tilman

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tilman Schmidt Tue, 10/15/2013 - 01:29
User Badges:

A few more data points:


ssh -t -i mgmt_id_rsa [email protected] show version


(force pseudo-tty allocation) echos the "show version" command but does not execute it. The session then doesn't respond to any keyboard input except "~." to close the connection.


ssh -n -i mgmt_id_rsa [email protected] show version

echo show version | ssh -n -i mgmt_id_rsa [email protected]


(prevent reading from stdin) both hang until I hit ctrl/C to abort.


Trying to add the -t option to either -n or the pipe variant results in the message: "Pseudo-terminal will not be allocated because stdin is not a terminal."


SSH debug output (ssh -vvv ...) only shows the command being sent to the SG300 and no reply ever coming back.

Joshua Hoke Mon, 05/11/2015 - 13:26
User Badges:

I was able to duplicate this behavior on multiple switches running firmware version 1.4.1.3

 

Were you ever able to find a solution?

Actions

This Discussion

Related Content