Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

SG300 ssh strange error: "A client is already connected"

Unanswered Question
Oct 14th, 2013
User Badges:


I've got a few SG300-52 small business switches running software version which I configured for ssh management access with public key authentication via:

ip ssh server

ip ssh pubkey-auth auto-login

username mgmt password ... privilege 15

crypto key pubkey-chain ssh

user-key mgmt rsa

key-string ...

This is working fine if I connect interactively from my management system with:

ssh -i mgmt_id_rsa [email protected]

where mgmt_id_rsa is the name of a file containing the private key.

I get a privileged command prompt as intended, without being asked for a password.

However if I try to pass a command on the ssh command line like this:

ssh -i mgmt_id_rsa [email protected] show version

the command just hangs until I hit the Enter key a second time, and then emits the strange message:

Received disconnect from 2:

A client is already connected

(Exactly like that, including the line break after the "2:" and the blank before "A client".)

This is unfortunate as the objective is to send commands to the switch from a script.

The same happens if I pipe the command I want to send into ssh like this:

echo show version | ssh -i mgmt_id_rsa [email protected]

except the error message appears immediately and I don't have to hit Enter a second time.

Looks like I hit another bug in Cisco's ssh implementation? Any idea for a workaround?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Tilman Schmidt Tue, 10/15/2013 - 01:29
User Badges:

A few more data points:

ssh -t -i mgmt_id_rsa [email protected] show version

(force pseudo-tty allocation) echos the "show version" command but does not execute it. The session then doesn't respond to any keyboard input except "~." to close the connection.

ssh -n -i mgmt_id_rsa [email protected] show version

echo show version | ssh -n -i mgmt_id_rsa [email protected]

(prevent reading from stdin) both hang until I hit ctrl/C to abort.

Trying to add the -t option to either -n or the pipe variant results in the message: "Pseudo-terminal will not be allocated because stdin is not a terminal."

SSH debug output (ssh -vvv ...) only shows the command being sent to the SG300 and no reply ever coming back.

Joshua Hoke Mon, 05/11/2015 - 13:26
User Badges:

I was able to duplicate this behavior on multiple switches running firmware version


Were you ever able to find a solution?


This Discussion

Related Content