Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

2950G-24-EI and SSH v2

Hello!

We use some 2950G-24-EI switches with IOS c2950-i6k2l2q4-mz.121-22.EA10a.bin.

We also use C3560-24-PS-S switches with IOS c3560-ipbasek9-mz.122-25.SEE4.bin and accesspoints (AP1242AG-E-K9) with IOS c1240-k9w7-mx.123-11.JA1.

On all devices we configured explicite "ip ssh version 2".

Output of "show ip ssh" is:

SSH Enabled - version 2.0

Authentication timeout: 120 secs; Authentication retries: 3

The problem is, that we can't connect from the 2950G switch to an accesspoint or to a C3560.

The failure is:

[Connection to switch aborted: error status 0]

Is there any difference between the SSH v2 on the 2950G and 3560?

The debug on the 2950G is:

Jun 11 15:26:59.295: SSH1: Session disconnected - error 0x07

Jun 11 15:26:59.443: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

Jun 11 15:26:59.451: SSH1: receive failure - status 0x07

Jun 11 15:26:59.551: SSH1: Session disconnected - error 0x07

Jun 11 15:27:00.983: SSH CLIENT0: protocol version id is - SSH-2.0-Cisco-1.25

Jun 11 15:27:00.983: SSH CLIENT0: protocol version exchange failure (code = 1)

Jun 11 15:27:00.983: SSH CLIENT0: Session disconnected - error 0x00

Jun 11 15:27:07.956: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

Jun 11 15:27:07.960: SSH1: protocol version id is - SSH-2.0-CmdSvc

Jun 11 15:27:18.728: SSH1: Session disconnected - error 0x07

The debug on the AP1242 is:

Jun 11 15:22:23.290: SSH1: starting SSH control process

Jun 11 15:22:23.290: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

Jun 11 15:22:23.321: SSH1: receive failure - status 0x07

Jun 11 15:22:23.426: SSH1: Session disconnected - error 0x07

Thanks for your help!

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Re: 2950G-24-EI and SSH v2

My bad , Edison is correct the SSH client end , (being able to ssh from the device appears to be SSH V1 only on the 2950 but it will accept a incoming ssh v2 connection.

5 REPLIES
Purple

Re: 2950G-24-EI and SSH v2

Try using the syntax "ssh -v 2 . I think it will use either unless you specify which one you want to use , probably 1 is default . We have set as V 1 but it will still send out a V2 request if you use that syntax. Not sure if you have ssh 2 as global . It should work with the above syntax though.

Bronze

Re: 2950G-24-EI and SSH v2

Thanks for your replay!

But there is no -v option on the 2950G switch.

2950G#ssh ?

-c Select encryption algorithm

-l Log in using this user name

-o Specify options

-p Connect to this port

WORD IP address or hostname of a remote system

Hall of Fame Super Bronze

Re: 2950G-24-EI and SSH v2

The output displayed in the original post indicates the switch supports SSH v2 server services, however the SSH v2 client is another piece.

If you go to http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp and click on 'Search by Feature', you will notice that some switches do support SSH v2 server, for instance the 2960 starting with 12.2(25)SEE4 IOS release.

HTH,

__

Edison.

Please rate helpful posts

Purple

Re: 2950G-24-EI and SSH v2

My bad , Edison is correct the SSH client end , (being able to ssh from the device appears to be SSH V1 only on the 2950 but it will accept a incoming ssh v2 connection.

Bronze

Re: 2950G-24-EI and SSH v2

Thanks for the replies and the link to the feature navigator!

I can't understand why the server is v2 and the client v1, but that is another question ;-)

1969
Views
10
Helpful
5
Replies
CreatePlease login to create content