Solved: Re: CLI Analyzer - %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived.

JonatanSitter · ‎03-31-2021

I just started using the Cisco CLI Analyzer as my default SSH-Client and I'm quite happy with all the tools and features it provides, but I've started noticing an error message in my log everytime I connect to one of my switches.
The error message looks like this:

%SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from <my client ip>

After researching a bit it seems like this message could be caused by an unclean disconnect.
Weird is that the error doesn't get written into log every time I disconnect but every time I connect to a switch using the CLI Analyzer. No error is logged when using PuTTY or KiTTY.

JonatanSitter · ‎04-01-2021

That's why I added the tag "Cisco CLI Analyzer" as I believe it's a bug in the analyzer tool.
Today I updated from 3.6.6 to 3.6.7 and I haven't seen the error in the log again.

I will keep an eye on it.

View solution in original post

JonatanSitter · ‎03-31-2021

The switch is a Catalyst C9200L-48P-4X running IOS-XE 16.12.4.

Here is an example extracted from log where you can see the errors.

001161 is the given error

001162 is the successfull login using the CLI Analyzer

001163 is the expiry notification of the ssh session

001164 is the logout message

001165 is the successfull login using KiTTY

001166 is the expire notification of the ssh session

001167 is the logout message

001161: Mar 31 10:12:40.513 MESZ: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from myclient
001162: Mar 31 10:12:40.755 MESZ: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: myuser] [Source: myclient] [localport: 22] at 10:12:40 MESZ Wed Mar 31 2021
001163: Mar 31 10:18:15.387 MESZ: %SYS-6-TTY_EXPIRE_TIMER: (exec timer expired, tty 3 (myclient)), user myuser
001164: Mar 31 10:18:15.387 MESZ: %SYS-6-LOGOUT: User myuser has exited tty session 3(myclient)
001165: Mar 31 10:19:03.390 MESZ: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: myuser] [Source: myclient] [localport: 22] at 10:19:03 MESZ Wed Mar 31 2021
001166: Mar 31 10:24:14.387 MESZ: %SYS-6-TTY_EXPIRE_TIMER: (exec timer expired, tty 2 (myclient)), user myuser
001167: Mar 31 10:24:14.388 MESZ: %SYS-6-LOGOUT: User myuser has exited tty session 2(myclient)

balaji.bandi · ‎03-31-2021

If the clients able to loging correctly and you only concerned about the logs ? or client not able to connect ?

if you see unknown client then Adding ACL will help you, people trying to connect if the port is open for every one.

if its only log issue, post complete config to look how it was configured.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

JonatanSitter · ‎03-31-2021

Hi Balaji,
thanks for your input on this issue.

I'm just concerned about the logs. There is no issue connecting via SSH, only the discrepancy in the logsbetween connecting using the CLI Analyzer and connecting using PuTTY.
When connecting via PuTTY there is no error

%SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from myclient

But when connecting via CLI Analyzer I get the given error.

To me it seems like a bug or bad configuration of the Cisco CLI Analyzer

balaji.bandi · ‎03-31-2021

not sure never used cli analuser, looks for me some issue with cli analyser , what version of cli anal ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

JonatanSitter · ‎04-01-2021

That's why I added the tag "Cisco CLI Analyzer" as I believe it's a bug in the analyzer tool.
Today I updated from 3.6.6 to 3.6.7 and I haven't seen the error in the log again.

I will keep an eye on it.

balaji.bandi · ‎04-01-2021

Glad we identified the issue. thanks all working as expected.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help