Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

SG300 ssh strange error: "A client is already connected"

Hi,

I've got a few SG300-52 small business switches running software version 1.3.0.62 which I configured for ssh management access with public key authentication via:

ip ssh server

ip ssh pubkey-auth auto-login

username mgmt password ... privilege 15

crypto key pubkey-chain ssh

user-key mgmt rsa

key-string ...

This is working fine if I connect interactively from my management system with:

ssh -i mgmt_id_rsa mgmt@switch

where mgmt_id_rsa is the name of a file containing the private key.

I get a privileged command prompt as intended, without being asked for a password.

However if I try to pass a command on the ssh command line like this:

ssh -i mgmt_id_rsa mgmt@switch show version

the command just hangs until I hit the Enter key a second time, and then emits the strange message:

Received disconnect from 10.11.12.13: 2:

A client is already connected

(Exactly like that, including the line break after the "2:" and the blank before "A client".)

This is unfortunate as the objective is to send commands to the switch from a script.

The same happens if I pipe the command I want to send into ssh like this:

echo show version | ssh -i mgmt_id_rsa mgmt@switch

except the error message appears immediately and I don't have to hit Enter a second time.

Looks like I hit another bug in Cisco's ssh implementation? Any idea for a workaround?

Thanks,

Tilman

Everyone's tags (4)
2 REPLIES
Community Member

Re: SG300 ssh strange error: "A client is already connected"

A few more data points:

ssh -t -i mgmt_id_rsa mgmt@switch show version

(force pseudo-tty allocation) echos the "show version" command but does not execute it. The session then doesn't respond to any keyboard input except "~." to close the connection.

ssh -n -i mgmt_id_rsa mgmt@switch show version

echo show version | ssh -n -i mgmt_id_rsa mgmt@switch

(prevent reading from stdin) both hang until I hit ctrl/C to abort.

Trying to add the -t option to either -n or the pipe variant results in the message: "Pseudo-terminal will not be allocated because stdin is not a terminal."

SSH debug output (ssh -vvv ...) only shows the command being sent to the SG300 and no reply ever coming back.

Community Member

I was able to duplicate this

I was able to duplicate this behavior on multiple switches running firmware version 1.4.1.3

 

Were you ever able to find a solution?

369
Views
0
Helpful
2
Replies
CreatePlease to create content