Forum

ssh1 works to a cis...
 
Notifications
Clear all

ssh1 works to a cisco, ssh2 does not

0 Posts
3 Users
0 Reactions
846 Views
(@jcfranklin)
Active Member
Joined: 19 years ago
Posts: 3
Topic starter  

I can't connect to some Cisco switches with SSH2. SSH1 works, a co-worker can get to the same switches with AT using SSH2. Is there some connection debugging I can do in AT?

I can connect once to the switches with SSH2, accept and save the key, but the next connection attempt fails.

[size=1][ September 19, 2008, 07:50 AM: Message edited by: Brian T. Pence ][/size]


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

What version of AT are you using?


   
ReplyQuote
(@jcfranklin)
Active Member
Joined: 19 years ago
Posts: 3
Topic starter  

6.28
I did some debugging on the Cisco side and it looks like after the Cisco sends it's SSH ID, AT never sends a response with version info.


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

Can you try the version 7 beta? This sounds familiar.

<old link removed> Please download version 7.13 or newer.

This post was modified 7 months ago by bpence

   
ReplyQuote
(@jcfranklin)
Active Member
Joined: 19 years ago
Posts: 3
Topic starter  

I will! I will let you know Monday how it turns out.


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

Did you ever get a chance to try version 7? The current beta can be found here:

 

<old link removed> Please download version 7.13 or newer. 

This post was modified 7 months ago by bpence

   
ReplyQuote
(@ChrisFranklin)
Active Member
Joined: 18 years ago
Posts: 7
 

LOOOONG time no talk.
SSH2 has been working, and I upgraded my router. I am on 7.21 and now SSHv2 does not work, but it seems to bee just on my router. It appears to work on other devices, Cisco and non-cisco. The same thing is happening as before, it looks like the Cisco router sends it's ssh server string and AT is not responding.


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

Hello Chris!

Is there any chance I can access this router from the internet? Or, perhaps a different router of the same type that exhibits the same problem? I don't need username/password or anything, just the IP address.

Brian


   
ReplyQuote
(@ChrisFranklin)
Active Member
Joined: 18 years ago
Posts: 7
 

99.175.228.89
right now it is configured for SSH v2 only.


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

Chris, I think I have the answer to this... I believe I'd classify this as a bug in the SSH server implementation, but probably one that can be worked around. At the beginning of the SSH2 exchange, the client and server exchange a version string. According to RFC4253, an SSH2 server should send (and expect to receive) a carriage return/linefeed pair to define the end of the string. In SSH1, the version string would just be terminated by a linefeed alone. If Absolute sends a CR/LF pair to terminate the version string (ssh2 behavior). the connection gets nowhere. If I send a single linefeed instead (ssh1 behavior), the connection works fine. This tells me that the server is relying on SSH1 behavior and breaks when held strictly to SSH2 RFC4253 standards. With this in mind, I modified the AbsoluteTelnet logic a bit. I first watch for the server version string to arrive. I check to see whether the server uses CR/LF or just LF to terminate the version string. Whatever the server uses for the terminator is what Absolute will use when sending its own version string. This seems to work well for the Cisco and doesn't break compatibility on any other server I've tested. Give it a try here:

<old link removed> Please download version 7.54 or newer.

 

Let me know how it goes! Brian

This post was modified 7 months ago by bpence

   
ReplyQuote
(@ChrisFranklin)
Active Member
Joined: 18 years ago
Posts: 7
 

Works Like a champ!

My turn:
the SSH server ID on Cisco gear that was working is:
SSH-1.99-Cisco-1.25

The server ID on the ones that did not work:
SSH-2.0-Cisco-1.25

I hope this helps in any future builds.

Once again, AT Is the BEST Telnet, SSH, Direct serial, SFTP client I have ever used!

Great job!


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

The cisco software version is 1.25 on both. The "1.99" indicates a server running in compatibility mode for both v1 and v2 clients. The "2.0" server is configured only to accept connections from v2 clients.

Funny, though, that the server declares itself as a 2.0 server, but only works with line-termination of SSH1.

I wish I could see the source code.

Grian


   
ReplyQuote
(@ChrisFranklin)
Active Member
Joined: 18 years ago
Posts: 7
 

the version of IOS I am running on that router is REALLY buggy.
I am willing to bet a nickel's worth of bits that someone typo-ed and did not do very good regression testing.

MMMMM, good QA.


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

Is it an old version or something fairly recent?

Brian


   
ReplyQuote
(@ChrisFranklin)
Active Member
Joined: 18 years ago
Posts: 7
 

It was released in Feb. of '09.

I am going to try a new version of older code tonight - I will backrev from 12.4(20)T2 to 12.4(15)T9 from April of '09.


   
ReplyQuote
Page 1 / 2
Share: