Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k

strange cisco ssh behavior

Hello!

I have a strange behavior related to cisco ssh configure. I did:

"crypto key generate rsa" choose 1024,

enable under vty lines "transport input ssh" and when I want to connect I getting disconnected. The debug is below:

Sep 4 08:49:09 UTC: SSH1: starting SSH control process

Sep 4 08:49:09 UTC: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

Sep 4 08:49:09 UTC: SSH1: protocol version id is - SSH-2.0-OpenSSH_4.7

Sep 4 08:49:09 UTC: SSH2 1: send: len 280 (includes padlen 4)

Sep 4 08:49:09 UTC: SSH2 1: SSH2_MSG_KEXINIT sent

Sep 4 08:49:10 UTC: SSH2 1: ssh_receive: 792 bytes received

Sep 4 08:49:10 UTC: SSH2 1: input: packet len 792

Sep 4 08:49:10 UTC: SSH2 1: partial packet 8, need 784, maclen 0

Sep 4 08:49:10 UTC: SSH2 1: input: padlen 8

Sep 4 08:49:10 UTC: SSH2 1: received packet type 20

Sep 4 08:49:10 UTC: SSH2 1: SSH2_MSG_KEXINIT received

Sep 4 08:49:10 UTC: SSH2: kex: client->server aes128-cbc hmac-md5 none

Sep 4 08:49:10 UTC: SSH2: kex: server->client aes128-cbc hmac-md5 none

Sep 4 08:49:10 UTC: SSH2 1: expecting SSH2_MSG_KEXDH_INIT

Sep 4 08:49:10 UTC: SSH2 1: ssh_receive: 144 bytes received

Sep 4 08:49:10 UTC: SSH2 1: input: packet len 144

Sep 4 08:49:10 UTC: SSH2 1: partial packet 8, need 136, maclen 0

Sep 4 08:49:10 UTC: SSH2 1: input: padlen 5

Sep 4 08:49:10 UTC: SSH2 1: received packet type 30

Sep 4 08:49:10 UTC: SSH2 1: SSH2_MSG_KEXDH_INIT received

Sep 4 08:49:10 UTC: SSH2 1: RSA_sign: private key not found

Sep 4 08:49:10 UTC: SSH2 1: signature creation failed, status -1

Sep 4 08:49:10 UTC: SSH1: Session disconnected - error 0x00

I did "crypto key zeroize rsa" and reconfigure, but still the same behavior.

Do you have any idea why?

Thanks!

Cheers,

Calin

4 REPLIES

Re: strange cisco ssh behavior

Calin,

The error appears to be the moethod you are using to ssh to the device:-

Sep 4 08:49:10 UTC: SSH2 1: RSA_sign: private key not found

I suggest you try using a ssh client like PuTTY:-

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

HTH>

Re: strange cisco ssh behavior

Hi!

Trust me, I would be more than happy to be able to use putty or other ssh client, but unfortunately I cannot. The management machine is a text linux OS...so I'm stuck with this for the moment.

Any other ideas are welcome!

Thanks and cheers,

Calin

Re: strange cisco ssh behavior

Sorry - not a linux guru!

Re: strange cisco ssh behavior

I found the solution!

So, the person that worked before me on this switch, did the following:

-change the hostname from CAPITAL LETTERS to small letters

-generate a new rsa key

-the ssh stopped working because the ssh was never disable for the hostname with CAPITAL LETTERS

what I did:

-put back the hostname in CAPITAL LETTERS

-generate rsa key

-delete rsa key...in this moment I received:

%SSH-5-DISABLED: SSH 2.0 has been disabled

-change the name in small letters

-generate a new rsa key...in this moment I received:

%SSH-5-ENABLED: SSH 2.0 has been enabled

Now it is working!

Thanks all for support!

Calin

1887
Views
2
Helpful
4
Replies
CreatePlease to create content