Solved: Can't ssh into netsim device without using ncs commands

jack-marik · ‎10-10-2024

Hi,

I'm probably missing something obvious, but as far as I know, I should be able to ssh into netsim simulated routers if I ssh to localhost with the right port for the particular device.

I can get response from ssh, but as soon as I login, the connection is closed. I know I'm using the right credentials (admin/admin), because if I try different, I get a couple retries. But when I use the right credentials, I the connection is closed immediately.

jack@nso:~/nso-its$ ssh admin@localhost -p 12029
The authenticity of host '[localhost]:12029 ([127.0.0.1]:12029)' can't be established.
ED25519 key fingerprint is SHA256:yr0yj/WTW4vmMmeOZiSVcA8WQqDB31iANUKpQ+V9NQ4.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:12029' (ED25519) to the list of known hosts.
admin@localhost's password: 
Connection to localhost closed.
jack@nso:~/nso-its$

I can login using the "ncs-netsim cli-c device-name" command.

Thanks for any help.

jack-marik · ‎10-10-2024

This was a dumb mistake. I was using the wrong port. 120** port is meant for netconf, so the ssh responds but won't give me cli. The ssh port used for cli is 100**.

View solution in original post

bigevilbeard · ‎10-10-2024

@jack-marik it could be a couple of things, first try and use the verbose flag with ssh, this should give you more clues to the issue, just add the -v flag after ssh, for example

ssh -v user@remote_host

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

jack-marik · ‎10-10-2024

Thanks,
here's the full log:

[jack@jacks core-rtr0]$ ssh -p 12025 admin@localhost -v
OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: Connecting to localhost [::1] port 12025.
debug1: connect to address ::1 port 12025: Connection refused
debug1: Connecting to localhost [127.0.0.1] port 12025.
debug1: Connection established.
debug1: identity file /home/jack/.ssh/id_rsa type -1
debug1: identity file /home/jack/.ssh/id_rsa-cert type -1
debug1: identity file /home/jack/.ssh/id_dsa type -1
debug1: identity file /home/jack/.ssh/id_dsa-cert type -1
debug1: identity file /home/jack/.ssh/id_ecdsa type -1
debug1: identity file /home/jack/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/jack/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/jack/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/jack/.ssh/id_ed25519 type -1
debug1: identity file /home/jack/.ssh/id_ed25519-cert type -1
debug1: identity file /home/jack/.ssh/id_ed25519_sk type -1
debug1: identity file /home/jack/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/jack/.ssh/id_xmss type -1
debug1: identity file /home/jack/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.7
debug1: Remote protocol version 2.0, remote software version Erlang/4.15.3.1
debug1: compat_banner: no match: Erlang/4.15.3.1
debug1: Authenticating to localhost:12025 as 'admin'
debug1: load_hostkeys: fopen /home/jack/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:Qfwp/Hlup8rsKxDtjdgkm+e5xcEPfi8yypSk4JPz0tc
debug1: load_hostkeys: fopen /home/jack/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[localhost]:12025' is known and matches the ED25519 host key.
debug1: Found key in /home/jack/.ssh/known_hosts:4
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/jack/.ssh/id_rsa 
debug1: Will attempt key: /home/jack/.ssh/id_dsa 
debug1: Will attempt key: /home/jack/.ssh/id_ecdsa 
debug1: Will attempt key: /home/jack/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/jack/.ssh/id_ed25519 
debug1: Will attempt key: /home/jack/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/jack/.ssh/id_xmss 
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/jack/.ssh/id_rsa
debug1: Trying private key: /home/jack/.ssh/id_dsa
debug1: Trying private key: /home/jack/.ssh/id_ecdsa
debug1: Trying private key: /home/jack/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/jack/.ssh/id_ed25519
debug1: Trying private key: /home/jack/.ssh/id_ed25519_sk
debug1: Trying private key: /home/jack/.ssh/id_xmss
debug1: Next authentication method: password
admin@localhost's password: 
Authenticated to localhost ([127.0.0.1]:12025) using "password".
debug1: pkcs11_del_provider: called, provider_id = (null)
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: filesystem full
debug1: channel 0: free: client-session, nchannels 1
Connection to localhost closed.
Transferred: sent 2064, received 876 bytes, in 0.0 seconds
Bytes per second: sent 1444012.0, received 612865.6
debug1: Exit status -1
[jack@jacks core-rtr0]$

There are no keys installed, but it looks like password goes through, it enters interactive session and drops right after.

bigevilbeard · ‎10-10-2024

@jack-marik so everything looks ok, and the only thing which jumps out is the error - pledge: filesystem full line which would suggest that the SSH endpoint is running out of resources or maybe encountering an error that prevents it from continuing the session itself. Can you show the SSH configuration/logs on the device?

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

jack-marik · ‎10-10-2024

This was a dumb mistake. I was using the wrong port. 120** port is meant for netconf, so the ssh responds but won't give me cli. The ssh port used for cli is 100**.

bigevilbeard · ‎10-10-2024

It's easy to overlook details like that, especially when working with multiple ports and protocols.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io