cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
2088
Views
0
Helpful
5
Replies
HCL Support
Beginner

%SSH-4-SSH2_UNEXPECTED_MSG

Hi Team, 

We are getting below given massage from 2960 switch, please analysis and suggest: 

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2016.01.08 16:05:37 =~=~=~=~=~=~=~=~=~=~=~=
sh log
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.


Console logging: level debugging, 1550 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 4 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 1550 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled

No active filter modules.

Trap logging: level informational, 1553 message lines logged
Logging to 10.100.11.70 (udp port 514, audit disabled,
authentication disabled, encryption disabled, link up),
1439 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled

Log Buffer (4096 bytes):
ate to up
.Nov 28 05:59:53.945: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/34, changed state to down
.Nov 28 05:59:55.938: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/34, changed state to up
.Nov 28 05:59:57.778: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/34, changed state to down
.Nov 28 05:59:59.781: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/34, changed state to up
.Nov 28 06:00:02.109: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/34, changed state to down
.Nov 28 06:00:04.111: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/34, changed state to up
.Nov 28 06:00:12.023: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/34, changed state to down
.Nov 28 06:00:13.024: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/34, changed state to down
.Nov 28 06:00:15.421: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/34, changed state to up
.Nov 28 06:00:16.422: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/34, changed state to up
.Nov 28 06:06:19.012: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/34, changed state to down
.Nov 28 06:06:20.019: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/34, changed state to down
.Nov 28 06:06:22.567: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/34, changed state to up
.Nov 28 06:06:23.568: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/34, changed state to up
.Dec 4 04:22:17.694: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/26, changed state to down
.Dec 4 04:22:17.736: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/28, changed state to down
.Dec 4 04:22:18.701: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/26, changed state to down
.Dec 4 04:22:18.743: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/28, changed state to down
.Dec 4 04:22:41.246: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/28, changed state to up
.Dec 4 04:22:41.293: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/26, changed state to up
.Dec 4 04:22:42.295: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/26, changed state to up
.Dec 4 04:22:44.182: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/28, changed state to down
.Dec 4 04:22:44.324: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/26, changed state to down
.Dec 4 04:22:45.330: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/26, changed state to down
.Dec 4 04:22:46.547: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/28, changed state to up
.Dec 4 04:22:47.548: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/28, changed state to up
.Dec 4 04:22:47.637: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/26, changed state to up
.Dec 4 04:22:48.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/26, changed state to up
.Dec 4 04:25:49.497: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/26, changed state to down
.Dec 4 04:25:49.984: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/28, changed state to down
.Dec 4 04:25:50.503: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/26, changed state to down
.Dec 4 04:25:50.991: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/28, changed state to down
Dec 4 04:25:52.758: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/26, changed state to up
Dec 4 04:25:53.282: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/28, changed state to up
Dec 4 04:25:53.759: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/26, changed state to up
Dec 4 04:25:54.284: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/28, changed state to up
Jan 8 08:08:21.270: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection
Jan 8 08:08:24.065: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection
Jan 8 08:12:57.974: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection
IB_DC_SW5#exi
IB_DC_SW5#exit

5 REPLIES 5
Richard Burts
Hall of Fame Guru

Clearly this is about attempts to SSH on the device. As a starting point could you post the output of show ip ssh

HTH

Rick

HTH

Rick

have you got ssh version 2 running ? that could be the issue if your set to 1 in running config and the client is trying to connect using version 2 or an issue with the rsa key it could be old key stored in client  you could try resetting them on the switch

Hi Richard, 

Show ip ssh uploaded..

Thanks for posting the output of the command. It does verify that SSH is enabled and that it will accept SSHv2 and would reject an attempt to SSH using version 1. Would you attempt to SSH to the 2960 using SSHv1 and see if perhaps this message is just an indicator that someone attempted to use a version of SSH that this device does not accept?

HTH

Rick

HTH

Rick
nicolasccc
Enthusiast

Hello HCL support,

Have a look at this thread:

https://supportforums.cisco.com/discussion/12093046/ssh-4-ssh2unexpectedmsg-unexpected-message-type-has-arrived-terminating

You can follow the recommandation from the Cisco Guide to Harden Cisco IOS Devices (http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html).
Make sure that you follow the recommandation to secure your management session.

Have a good day.

Best regards.