06-22-2011 01:43 AM
Hi,
At the beginning, our client network was composed by a lot of C2811 Cisco router.
We used a Plink command (with Putty) from our management console to connect on C2811 and launch some CLI commands.
The plink SSv2 command was :
plink -ssh -use_vintela_gui_w_pwd -pw logingenerique login@XXX.XXX.XXX.XXX
All works very good.
But, we just deploy new version of Cisco router C2911.
Now, our Plink command doesn't work.
When we launch the ssv2 Plink command, we have a pop-up "incoming packet was garbled" as you can see on attached file.
We try to change some Putty options but the result is the same and command doesn't work on C2911.
If we use a SSv1 option, the plink command works on C2911 but not in SSHv2.
Is there a big change between 2811 and 2911 about SSHv2 interpretation ?
Can you help me ?
Best regards,
Julien
06-22-2011 03:51 AM
just a quick thought when reading over the thread:
what version of putty are you using?
if you use a 0.5x version try to do the same with putty version 0.6x. I had some issues with putty 0.58 (i I remember well) and ssh also...
06-22-2011 05:48 AM
Hi,
yes, we use the 0.6 Putty version.
the problem is due to the router evolution from C2811 to C2911.
something is different
06-22-2011 12:01 PM
Hi
What is the output of plink -ssh
Are all your 2911s running the same IOS?
Do they all have the same problem?
Does a regular SSH session complete?
A short Google search yielded:
There is a known problem when OpenSSH has been built against an incorrect version of OpenSSL; the quick workaround is to configure PuTTY to use SSH protocol 2 and the Blowfish cipher.
For more details and OpenSSH patches, see bug 138 in the OpenSSH BTS.
This is not a PuTTY-specific problem; if you try to connect with another client you'll likely have similar problems. (Although PuTTY's default cipher differs from many other clients.)
OpenSSH 3.1p1: configurations known to be broken (and symptoms):
OpenSSH 3.4p1: as of 3.4p1, only the problem with SSH 1 and Blowfish remains. Rebuild your server, apply the patch linked to from bug 138 above, or use another cipher (e.g., 3DES) instead.
Other versions: we occasionally get reports of the same symptom and workarounds with older versions of OpenSSH, although it's not clear the underlying cause is the same.
06-23-2011 07:30 AM
Hi,
The ouptut of plink is :
"FATAL ERROR: Incoming packet was garbled on decryption"
I have only two 2911 with the same IOS.
Other routers are 2811 routers and all is ok with 2811
Yes, the problem appears only on 2911
I can make a SSHv2 connection manually with Putty but not by using a plink automatic connection.
About the bug you described :
yes, we try to configure SSH protocol 2 and the Blowfish cipher.
but the result is not good.
the bug you described is about a server problem.
but my server is the cisco 2911 and my client is plink.
so i can't apply any patches to ssh server cisco 2911
for the moment, only sshv2 is working
06-23-2011 08:34 AM
Hi,
Since you can can make a SSHv2 connection manually, the only suggestion I have is that you need to update plink as putty is working for you.
However, to pursue a device side issue:
Try browsing http://cisco.com/go/fn and search by feature.
Related documentation:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_secure_shell_v2.html
http://www.cisco.com/en/US/docs/ios/ios_xe/netmgmt/configuration/guide/nm_cns_netconf_xe.html
06-24-2011 05:18 AM
Hi,
We didn't want to use SSHv2 manually. All actions need to be done automatically with plink.
I ever check features ... but no solutions found ...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide