Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
Blue

SSH authentication method(s) with Cisco devices

I'm trying to ssh into devices with Hummingbird Exceed + Secure Shell Pack. Exceed lists four authentication types for SSH (Use Entered Password/Keyboard Interactive/Use Selected User Key/Kerberos). I find I can auth with UNIX (Solaris + OpenSSH) hosts using the Keyboard Interactive method. Use Entered Password invariably fails. I assume it's because of the following sshd_config:

# To disable tunneled clear text passwords, change to no here!

PasswordAuthentication no

#PermitEmptyPasswords no

On the other hand, Keyboard Interactive does't work with Cisco devices (both CatOS/IOS). I have to revert to Use Entered Password. Here's the verbose Exceed log of the failed attempt SSH login attempt to a Cisco device, with Keyboard Interactive/Use Selected User Key/Kerberos checked, and Use Entered Password unchecked. Does it mean Cisco's SSH implementation permits "tunneled clear text passwords" by default (as cautioned by OpenSSH above)? If so, any way to have the devices disallow that?

[11:03:46.273] *** Tunnel.Handle_SSH2_MSG_USERAUTH_FAILURE: partial success flag=0, server reports valid authentications are: "password" TID=0x4D0

[11:03:46.273] *** Tunnel.Handle_SSH2_MSG_USERAUTH_FAILURE: authentication method "password" not supported by server, disabling, TID=0x4D0

[11:03:46.273] *** Tunnel.Handle_SSH2_MSG_USERAUTH_FAILURE: authentication method "publickey" not supported by server, disabling, TID=0x4D0

[11:03:46.273] *** Tunnel.Handle_SSH2_MSG_USERAUTH_FAILURE: authentication method "hostbased" not supported by server, disabling, TID=0x4D0

[11:03:46.273] *** Tunnel.Handle_SSH2_MSG_USERAUTH_FAILURE: authentication method "keyboard-interactive" not selected by user, skipping, TID=0x4D0

[11:03:46.273] *** Tunnel.Handle_SSH2_MSG_USERAUTH_FAILURE: authentication method "gssapi-with-mic" not selected by user, skipping, TID=0x4D0

[11:03:46.288] *** Tunnel.Handle_SSH2_MSG_USERAUTH_FAILURE: authentication method "password" not selected by user, skipping, TID=0x4D0

[11:03:46.288] *** Tunnel.Handle_SSH2_MSG_USERAUTH_FAILURE: authentication method "publickey" not selected by user, skipping, TID=0x4D0

[11:03:46.288] *** Tunnel.Handle_SSH2_MSG_USERAUTH_FAILURE: authentication method "gssapi" not selected by user, skipping, TID=0x4D0

[11:03:46.288] *** Tunnel.Handle_SSH2_MSG_USERAUTH_FAILURE: authentication method "gssapi-keyex" not selected by user, skipping, TID=0x4D0

[11:03:46.288] *** Tunnel.Handle_SSH2_MSG_USERAUTH_FAILURE: no more authentication methods, TID=0x4D0

[11:03:46.288] *** Tunnel Authentication Failure: shutting down tunnel TID=0x4D0

698
Views
0
Helpful
0
Replies
CreatePlease to create content