Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12645
Views
4
Helpful
6
Replies

ME3400 log

ehsan-khan
Level 1
Level 1

‎10-21-2009 06:57 AM - edited ‎03-04-2019 06:27 AM

Would anyone please let me know what is below log for ME3400,

Oct 20 18:33:35.040 EST: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection

Oct 20 18:38:55.823 EST: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection

Oct 20 18:44:13.688 EST: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection

Oct 20 18:49:28.481 EST: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection

Oct 21 06:22:07.154 EST: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection

Oct 21 06:33:59.772 EST: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection

1 person had this problem
Labels:
0 Helpful
6 Replies 6

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-21-2009 07:03 AM

Hello Ehsan,

this is an error message of severity 4 produced by SSH IOS code.

An unexpected SSH version 2 message has been received on a currently running SSH session.

For this reason the session is terminated.

To be noted that first messages appear almost every 5 minutes that can be the activity timeout on your VTY sessions.

Do you see SSH sessions terminated abnormally in corrispondence with above messages?

What SSH client software are you using?

Hope to help

Giuseppe

0 Helpful

ehsan-khan
Level 1
Level 1
In response to Giuseppe Larosa

‎10-21-2009 07:10 AM

Hello Giuseppe,

No I don't expereince my SSH sessions going down for now but I will keep any eye on it.

We are using Vndyke Secure CRT Version 5.2.1 build 256

Thanks,

Ehsan

0 Helpful

ehsan-khan
Level 1
Level 1
In response to ehsan-khan

‎10-21-2009 08:23 AM

Hello Giuseppe,

I found the problem, as this box was upgraded recently and we have rancid in our network for backingup the config.

Since the crypto key was changed during upgrade so I removed the known host file from rancid and now I am not getting that message.

Thanks for your help,

Ehsan

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to ehsan-khan

‎10-21-2009 08:25 AM

Hello Ehsan,

good to know you have found the suffering SSH client it was an access made by a server.

Hope to help

Giuseppe

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to ehsan-khan

‎10-21-2009 08:26 AM

Ehsan

I am glad that you figured out what was causing your problem. Thank you for posting back to the forum explaining what was the problem and what you did to resolve it. It makes the forum more useful when people can read the symptoms of a problem and can then find what caused the problem and what was the solution.

HTH

Rick

HTH

Rick
0 Helpful

kushtrim dautaga
Level 1
Level 1

‎07-24-2012 06:53 AM

Hi Everyone,

I know this post is a little bit old, but just wanted to let you know that the terminal message might be from a brute force attack.

If you are experiencing brute force attack, than under Router# type "who" command , and you will see that anytime you type the "who" comamnd, the users will be changed.

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card