10-21-2009 06:57 AM - edited 03-04-2019 06:27 AM
Would anyone please let me know what is below log for ME3400,
Oct 20 18:33:35.040 EST: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection
Oct 20 18:38:55.823 EST: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection
Oct 20 18:44:13.688 EST: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection
Oct 20 18:49:28.481 EST: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection
Oct 21 06:22:07.154 EST: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection
Oct 21 06:33:59.772 EST: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection
10-21-2009 07:03 AM
Hello Ehsan,
this is an error message of severity 4 produced by SSH IOS code.
An unexpected SSH version 2 message has been received on a currently running SSH session.
For this reason the session is terminated.
To be noted that first messages appear almost every 5 minutes that can be the activity timeout on your VTY sessions.
Do you see SSH sessions terminated abnormally in corrispondence with above messages?
What SSH client software are you using?
Hope to help
Giuseppe
10-21-2009 07:10 AM
Hello Giuseppe,
No I don't expereince my SSH sessions going down for now but I will keep any eye on it.
We are using Vndyke Secure CRT Version 5.2.1 build 256
Thanks,
Ehsan
10-21-2009 08:23 AM
Hello Giuseppe,
I found the problem, as this box was upgraded recently and we have rancid in our network for backingup the config.
Since the crypto key was changed during upgrade so I removed the known host file from rancid and now I am not getting that message.
Thanks for your help,
Ehsan
10-21-2009 08:25 AM
Hello Ehsan,
good to know you have found the suffering SSH client it was an access made by a server.
Hope to help
Giuseppe
10-21-2009 08:26 AM
Ehsan
I am glad that you figured out what was causing your problem. Thank you for posting back to the forum explaining what was the problem and what you did to resolve it. It makes the forum more useful when people can read the symptoms of a problem and can then find what caused the problem and what was the solution.
HTH
Rick
07-24-2012 06:53 AM
Hi Everyone,
I know this post is a little bit old, but just wanted to let you know that the terminal message might be from a brute force attack.
If you are experiencing brute force attack, than under Router# type "who" command , and you will see that anytime you type the "who" comamnd, the users will be changed.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide