Solved: SSH2

rmv72 · ‎08-16-2004

I'm trying to enable ssh2 at 1760 router.I have enabled ssh 1 before it-

!

...

ip ssh version 1

...

!

line vty 0 4

....

login local

transport input ssh

!

After it i made-

#ip ssh version 2

but i didn't write

# crypto key generate rsa ( maybe here my mistake. But i afraid to lost connection to router using ssh 1). I don't close open session used ssh 1 and try from another window access via ssh2 -here my debug messages-

*Mar 3 06:04:28.467: SSH1: starting SSH control process

*Mar 3 06:04:28.467: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

*Mar 3 06:04:28.471: SSH1: protocol version id is - SSH-2.0-3.0 SecureCRT (tm), a product of Van Dyke Technologies, Inc.

*Mar 3 06:04:28.475: SSH2 1: send: len 280 (includes padlen 4)

*Mar 3 06:04:28.475: SSH2 1: SSH2_MSG_KEXINIT sent

*Mar 3 06:04:28.479: SSH2 1: send: len 72 (includes padlen 7)

*Mar 3 06:04:28.579: SSH1: Session disconnected - error 0x00

Where is my fault?

Richard Burts · ‎08-16-2004

Assuming the RSA keys were generated when you configured SSH version 1 you should not need to generate them again when you configure version 2.

From the messages you posted it looks like you are using SecureCRT as your SSH client and looks like it may be probably version 3 something. I had problems using SecureCRT 3.3 for SSH version 2 to Cisco. I upgraded my SecureCRT to version 4.1 and it works just fine.

Perhaps your problem is in the version of SecureCRT rather than some problem on the router.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎08-16-2004

Assuming the RSA keys were generated when you configured SSH version 1 you should not need to generate them again when you configure version 2.

From the messages you posted it looks like you are using SecureCRT as your SSH client and looks like it may be probably version 3 something. I had problems using SecureCRT 3.3 for SSH version 2 to Cisco. I upgraded my SecureCRT to version 4.1 and it works just fine.

Perhaps your problem is in the version of SecureCRT rather than some problem on the router.

HTH

Rick

HTH

Rick

rmv72 · ‎08-18-2004

I tryed to use SecureCRT Version 4.1.2 and i connected via SSH2 sucessfuly. Thank you!

scottmac · ‎08-16-2004

According to another post, Cisco doesn't support SSH2 before 12.3(X)T - the "T" train must be used.

I've used SecureCRT since the early 3 versions and have never had a problem.

Good Luck

Scott

Richard Burts · ‎08-17-2004

I can confirm that for SSH version 2 support you need the T train of 12.3.

I am curious about your statement that you have used SecureCRT since early 3 versions. Are you saying that you have used version 3 to do SSH version 2 to a Cisco without problem? I agree that I have used SecureCRT v3 to do SSHv1 but when we went to SSHv2 I had a problem with SecureCRTv3 which was resolved when I upgraded to v4 of SecureCRT.

HTH

Rick

HTH

Rick

scottmac · ‎08-17-2004

I have used SecureCRT since the early 3's version. I did not use it for SSH2 to Cisco (Version 1 only, and it was a while before that was supported).

I used SSH for other administrative tasks not related to Cisco equipment.

It's one of my favorite programs. It's always worked well, the features are perfect for my needs, and it's a pretty reasonable price. I haven't had any problems with SSH V2 (for systems that support it) with either revision.

I am also now using Version 4 (4.09 ... probably a little old).

FWIW

Scott

suttonr · ‎08-20-2004

This is in reply to the SecureCRT statement about SSH2. I have used it for access into my Cisco DWDM network and it seemed to work fine (**LATE** 3.x version). I upgraded about 8 months ago to 4.0 and still w/out any issues. I am curious as to what kind of device you were trying to access (Cisco Only) using SSH2? Let me know, just curious.....

rmv72 · ‎08-22-2004

I use SSH2 for access to Cisco 1760 router.