Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3480
Views
0
Helpful
4
Replies

SSH connection closed after issue command when not run in terminal

st-wong
Level 1
Level 1

‎06-02-2017 04:37 AM - edited ‎03-05-2019 08:38 AM

Hi,

Sorry that I'm not network engineer.  Just try to write scripts to query Cisco router to get information to display on our web site.

We have a simple script that ssh to a router, using public key authentication.  Then issue command "sh bgp ipv6 unicast nei".

It works fine in shell, but the connection closed 'prematurely' - login is okay and command is run but only get partial output.

ssh -vvv shows the connection was closed by the router.

We tried to use "ssh -t -o SendEnv=LANG ..." with LANG= en_US.UTF-8 but still no help.

Would anyone please help?

Thanks a lot.

Regards

1 person had this problem
Labels:
0 Helpful
4 Replies 4

cofee
Level 5
Level 5

‎06-02-2017 06:07 AM

Please try the following :

* log in using the credentials that are used by the script and run the same show command just to see if router disconnects the session. Also check the ssh time out value .

* debug ip ssh . This may give you more information why the connection was terminated.

0 Helpful

st-wong
Level 1
Level 1
In response to cofee

‎06-05-2017 10:38 PM

Hi,

>log in using the credentials that are used by the script and run the same show command just to see if router disconnects the session.

Using public key authentication can complete without problem.   The only difference is if running through web (script called by Apache) or running with nohup in background, only partial result is returned (thus authentication is okay and command can be issued).

Sorry that I don't have the credential. Maybe I'll ask for it to test.


>Also check the ssh time out value .

May not be the case since the command can finish in 2 seconds.

> debug ip ssh

Will try that out.  

Thanks a lot.

0 Helpful

vmlopez
Level 1
Level 1
In response to cofee

‎06-08-2017 02:01 PM

I see this problem also. 

- Wireshark shows router initiates termination via a packet with TCP FIN - a successful session shows the server issuing the TCP FIN. 

- Router side SSH debug gives no clue as to the problem.  Good and bad sessions have same debug info.

- Problems occurs with 2901 and ASR routers running 15.4 and is intermittent. 

- Our server is running AIX and OpenSSH.  It initiates a SSH connection to execute a show command.  The output is received but afterwards the router intermittently initiates connection termination.

- SSH timeout is 60 seconds

- Manually executing command via an SSH session is always good.

0 Helpful

cofee
Level 5
Level 5
In response to vmlopez

‎06-09-2017 09:17 AM

- Wireshark shows router initiates termination via a packet with TCP FIN - a successful session shows the server issuing the TCP FIN. 

- So the router informs the client that all requested information has been sent and been acknowledged by the client. Does client acknowledge the fin segment? also at this point tcp connection will remain half open until the client sends a fin packet. 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card