SCP/SSH Shell Error

pmettewie · ‎10-03-2007

I am investigating the use of SCP/SSH for accessing of key routers/switches in our environment. I have followed the Cisco document at:

http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087b18.html#wp1053625

for configuring server-side SCP on a 1760 router in our lab - and as far as I can tell from running SSH and SCP debugs everything is going fine at first using WinSCP as a client (see log -->)

SSH:

Incoming SSH debugging is on

Incoming SCP debugging is on

LABROUTER_1760#terminal monitor

LABROUTER_1760#

*Feb 28 19:32:09: SSH1: starting SSH control process

*Feb 28 19:32:09: SSH1: sent protocol version id SSH-1.99-Cisco-1.25

*Feb 28 19:32:09: SSH1: protocol version id is - SSH-1.5-WinSCP_release_4.0.4

*Feb 28 19:32:09: SSH1: SSH_SMSG_PUBLIC_KEY msg

*Feb 28 19:32:09: SSH1: SSH_CMSG_SESSION_KEY msg - length 144, type 0x03

*Feb 28 19:32:09: SSH: RSA decrypt started

*Feb 28 19:32:09: SSH: RSA decrypt finished

*Feb 28 19:32:09: SSH: RSA decrypt started

*Feb 28 19:32:10: SSH: RSA decrypt finished

*Feb 28 19:32:10: SSH1: sending encryption confirmation

*Feb 28 19:32:10: SSH1: keys exchanged and encryption on

*Feb 28 19:32:10: SSH1: SSH_CMSG_USER message received

*Feb 28 19:32:10: SSH1: authentication request for userid *******

*Feb 28 19:32:10: SSH1: SSH_SMSG_FAILURE message sent

*Feb 28 19:32:10: SSH1: SSH_CMSG_AUTH_PASSWORD message received

*Feb 28 19:32:10: SSH1: authentication successful for *******

*Feb 28 19:32:10: SSH1: SSH_CMSG_EXEC_SHELL message received

*Feb 28 19:32:10: SSH1: starting shell for vty

*Feb 28 19:32:46: SSH1: Session disconnected - error 0x07

In real time, the 'starting shell for vty' message being written to the log is followed by a pause of several seconds and then finally by an error from WinSCP that says cryptically 'Error skipping startup application. Your shell is probably incompatible with the application (BASH is recommended).' Clicking on the 'OK' button to close out the WINSCP dialog box then will bring up the final line of debug output from the router - Session disconnected - error 0x07.

as you can tell from the debug logging, it looks like the server side is almost without issue (there is the SSH_SMSG_FAILURE error but things seem to proceed fine after that) but it seems that the session times out because for some reason WinSCP won't open the shell?

Thanks in advance for any advice.

- Paul

Collin Clark · ‎10-05-2007

Paul-

What are you using WinSCP to connect to? Are you just verifying SSH/SCP on the server? From the router you will create an SSH connection to the server and then SCP will ride over that to transfer the files.

pmettewie · ‎10-05-2007

I am using WinSCP on my XP Pro workstation to connect to a 1760 router running a Crypto version of 12.4(17). That router has SSH and SCP enabled as per the document cited in my original post. I have tried using both SFTP and SCP options in the WinSCP startup option field and neither one succeeds although SFTP (with SCP as backup) comes closest, producing the debug shown in the original post.

From debugs it seems that SSH is established and then it times out, being somehow unable to launch an appropriate shell?

Or is something else happening?

Thanks.

- Paul

Collin Clark · ‎10-05-2007

I assumed the same thing when I was trying this, but you should not be connecting to the router. It can not handle SCP (think of it as one way, from the router to the server only). From the router, can you connect to the server with SSH? If yes then try copying something from the router to the server with SCP.

copy running-confg scp:

Let me know how it goes.