Solved: Re: SSH issue

FrankFlintstone16044 · ‎05-29-2021

Hi

I am working through my CCNA at the moment. Using a Catalyst 3560 switch for testing.

On Chapter (official cert guide Volume 1) on SSH I can set up SSH on VTY 0 15 no problem the SH IP SSH tells me

SSH enabled v2.0

But SH SSH gives me this error

ALTUS2021#SHOW SSH
%No SSHv2 server connections running.
%No SSHv1 server connections running.

I need to set up SSH on client site in a few days and would appreciate any support to getting this issue resolved asap

Thanks

Martin L · ‎05-29-2021

Glad it works! i think windows 8 itself has lots of issues like encryption, normally, command is SSH -l username target only. Try now to see if it works without entering all diffie hellman sha stuff. normally once keys are generated , u do not need it repeating them. if it fails, at lest you got Putty.

you should create new topic for sslvpn issue.

Regards, ML
**Please Rate All Helpful Responses **

View solution in original post

marce1000 · ‎05-29-2021

Ref : https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html

Look for the

crypto key generate rsa

command, but look at the full document too.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

FrankFlintstone16044 · ‎05-29-2021

Quick update on this, looks like SSH is up and running but pc error message is

C:\Windows\system32>SSH 192.168.1.237
Unable to negotiate with 192.168.1.237 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

and switch error message is

*Mar 2 16:51:59.251: SSH0: starting SSH control process
*Mar 2 16:51:59.251: SSH0: sent protocol version id SSH-2.0-Cisco-1.25
*Mar 2 16:51:59.260: SSH0: protocol version id is - SSH-2.0-OpenSSH_for_Windows_8.1
*Mar 2 16:51:59.260: SSH2 0: send: len 280 (includes padlen 4)
*Mar 2 16:51:59.260: SSH2 0: SSH2_MSG_KEXINIT sent
*Mar 2 16:51:59.268: SSH2 0: ssh_receive: 1392 bytes received
*Mar 2 16:51:59.268: SSH2 0: input: packet len 1392
*Mar 2 16:51:59.268: SSH2 0: partial packet 8, need 1384, maclen 0
*Mar 2 16:51:59.268: SSH2 0: input: padlen 4
*Mar 2 16:51:59.268: SSH2 0: received packet type 20
*Mar 2 16:51:59.268: SSH2 0: SSH2_MSG_KEXINIT received
*Mar 2 16:51:59.268: SSH2 0: no matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,
*Mar 2 16:51:59.369: SSH0: Session disconnected - error 0x07

marce1000 · ‎05-29-2021

- Use :

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c aes256-ctr your-device

and or look at this thread for some informational info's :

https://community.cisco.com/t5/network-management/no-matching-key-exchange-method-found-their-offer-diffie-hellman/m-p/4410107

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

FrankFlintstone16044 · ‎05-29-2021

Hi

That did not work but this does

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc enduser@192.168.1.237

The issue now it won't accept my VTY password

I went back and erased the password and re-entered it but it stilldoes not accept it.

Any ideas?

FrankFlintstone16044 · ‎05-29-2021

*Mar 2 18:24:18.174: SSH2 0: ssh_receive: 16 bytes received
*Mar 2 18:24:18.174: SSH2 0: input: packet len 16
*Mar 2 18:24:18.174: SSH2 0: partial packet 8, need 8, maclen 0
*Mar 2 18:24:18.174: SSH2 0: input: padlen 10
*Mar 2 18:24:18.174: SSH2 0: newkeys: mode 0
*Mar 2 18:24:18.182: SSH2 0: received packet type 21
*Mar 2 18:24:18.182: SSH2 0: SSH2_MSG_NEWKEYS received
*Mar 2 18:24:18.182: SSH2 0: invalid old access type configured - 0x01
*Mar 2 18:24:18.375: SSH2 0: ssh_receive: 52 bytes received
*Mar 2 18:24:18.375: SSH2 0: input: packet len 32
*Mar 2 18:24:18.375: SSH2 0: partial packet 8, need 24, maclen 20
*Mar 2 18:24:18.375: SSH2 0: MAC #3 ok
*Mar 2 18:24:18.375: SSH2 0: input: padlen 10
*Mar 2 18:24:18.375: SSH2 0: received packet type 5
*Mar 2 18:24:18.375: SSH2 0: send: len 32 (includes padlen 10)
*Mar 2 18:24:18.375: SSH2 0: done calc MAC out #3

Martin L · ‎05-29-2021

I would not use Windows CMD to connect anywhere; I recommend SecureCRT or free Putty; or portable Putty.

Those will ask you at very first connection attempt to create keys. say yes, and that's it ! you should be connected now.

Regards, ML
**Please Rate All Helpful Responses **

FrankFlintstone16044 · ‎05-29-2021

Hi

Thanks for this, there is obviously some outdated registry issue but I can can connect through with either CMD or Putty BUT the issue is It does not recognise my password?

I am right in thinking that the password is the VTY password as configured below

line vty 0 15

password <password>

login

exit

I have gone back to line vty 0 15 and issued a no password command which then disabled all VTY lines but when I reconfigured I still cannot access through SSH!!!

FrankFlintstone16044 · ‎05-29-2021

FYI

Just went back and changed transport input to all

Telnet login on Putty and CMD line on W10 works

Passwords all work

Something with SSH?

marce1000 · ‎05-29-2021

Did you try other ssh- clients as suggested by Martin ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Martin L · ‎05-29-2021

ssh takes password from usename x password y

Have you followed steps from the CCNA book on switch to set uit up? 5 steps like Login local, Create Encryption Key, username and password, etc .. , right?

SSH -l username target should be command from cmd

Regards, ML
**Please Rate All Helpful Responses **

FrankFlintstone16044 · ‎05-29-2021

Yes, I have done pages 131 to 133. I have not set local on the switch becuase it goes in to production on 8th and all access will be remote

1. Can the switch handle remote AND local access?

2. If so shall I configure the local access as per page 134

3. Are you saying this is what SSH uses?

I thought it was the VTY information the SSH protocol used?

FrankFlintstone16044 · ‎05-29-2021

Okay, so just reset the username and password on the switch in global config and still no joy with SSH

marce1000 · ‎05-29-2021

Post ascii-log of what you are doing or screenshots. If possible
ascii-outputs.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

FrankFlintstone16044 · ‎05-29-2021

C:\Windows\system32>ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc enduser@192.168.1.237
enduser@192.168.1.237's password:
Permission denied, please try again.
enduser@192.168.1.237's password:
Permission denied, please try again.
enduser@192.168.1.237's password:
enduser@192.168.1.237: Permission denied (password).

*Mar 2 19:15:05.746: SSH2 0: ssh_receive: 148 bytes received
*Mar 2 19:15:05.746: SSH2 0: input: packet len 128
*Mar 2 19:15:05.746: SSH2 0: partial packet 8, need 120, maclen 20
*Mar 2 19:15:05.746: SSH2 0: MAC #7 ok
*Mar 2 19:15:05.746: SSH2 0: input: padlen 65
*Mar 2 19:15:05.746: SSH2 0: received packet type 50
*Mar 2 19:15:05.746: SSH0: password authentication failed for enduser
*Mar 2 19:15:07.751: SSH2 0: send: len 24 (includes padlen 5)
*Mar 2 19:15:07.751: SSH2 0: done calc MAC out #7
*Mar 2 19:15:07.760: SSH2 0: send: len 72 (includes padlen 7)
*Mar 2 19:15:07.760: SSH2 0: done calc MAC out #8
*Mar 2 19:15:07.860: SSH0: Session disconnected - error 0x00
*Mar 2 19:15:21.173: SSH0: starting SSH control process
*Mar 2 19:15:21.173: SSH0: sent protocol version id SSH-2.0-Cisco-1.25
*Mar 2 19:15:21.173: SSH0: protocol version id is - SSH-2.0-OpenSSH_for_Windows_8.1
*Mar 2 19:15:21.173: SSH2 0: send: len 280 (includes padlen 4)
*Mar 2 19:15:21.173: SSH2 0: SSH2_MSG_KEXINIT sent
*Mar 2 19:15:21.173: SSH2 0: ssh_receive: 1224 bytes received
*Mar 2 19:15:21.173: SSH2 0: input: packet len 1224
*Mar 2 19:15:21.173: SSH2 0: partial packet 8, need 1216, maclen 0
*Mar 2 19:15:21.173: SSH2 0: input: padlen 9
*Mar 2 19:15:21.173: SSH2 0: received packet type 20
*Mar 2 19:15:21.173: SSH2 0: SSH2_MSG_KEXINIT received
*Mar 2 19:15:21.173: SSH2: kex: client->server 3des-cbc hmac-sha1 none
*Mar 2 19:15:21.182: SSH2: kex: server->client 3des-cbc hmac-sha1 none
*Mar 2 19:15:21.232: SSH2 0: expecting SSH2_MSG_KEXDH_INIT
*Mar 2 19:15:21.374: SSH2 0: ssh_receive: 144 bytes received
*Mar 2 19:15:21.374: SSH2 0: input: packet len 144
*Mar 2 19:15:21.374: SSH2 0: partial packet 8, need 136, maclen 0
*Mar 2 19:15:21.374: SSH2 0: input: padlen 5
*Mar 2 19:15:21.374: SSH2 0: received packet type 30
*Mar 2 19:15:21.374: SSH2 0: SSH2_MSG_KEXDH_INIT received
*Mar 2 19:15:21.576: SSH2 0: signature length 143
*Mar 2 19:15:21.576: SSH2 0: send: len 448 (includes padlen
*Mar 2 19:15:21.576: SSH2: kex_derive_keys complete
*Mar 2 19:15:21.576: SSH2 0: send: len 16 (includes padlen 10)
*Mar 2 19:15:21.576: SSH2 0: newkeys: mode 1
*Mar 2 19:15:21.584: SSH2 0: SSH2_MSG_NEWKEYS sent
*Mar 2 19:15:21.584: SSH2 0: waiting for SSH2_MSG_NEWKEYS
*Mar 2 19:15:21.593: SSH2 0: ssh_receive: 16 bytes received
*Mar 2 19:15:21.593: SSH2 0: input: packet len 16
*Mar 2 19:15:21.593: SSH2 0: partial packet 8, need 8, maclen 0
*Mar 2 19:15:21.593: SSH2 0: input: padlen 10
*Mar 2 19:15:21.593: SSH2 0: newkeys: mode 0
*Mar 2 19:15:21.601: SSH2 0: received packet type 21
*Mar 2 19:15:21.601: SSH2 0: SSH2_MSG_NEWKEYS received
*Mar 2 19:15:21.794: SSH2 0: ssh_receive: 52 bytes received
*Mar 2 19:15:21.794: SSH2 0: input: packet len 32
*Mar 2 19:15:21.794: SSH2 0: partial packet 8, need 24, maclen 2