SSH connection closed after issue command when not run in terminal

st-wong · ‎06-02-2017

Hi,

Sorry that I'm not network engineer. Just try to write scripts to query Cisco router to get information to display on our web site.

We have a simple script that ssh to a router, using public key authentication. Then issue command "sh bgp ipv6 unicast nei".

It works fine in shell, but the connection closed 'prematurely' - login is okay and command is run but only get partial output.

ssh -vvv shows the connection was closed by the router.

We tried to use "ssh -t -o SendEnv=LANG ..." with LANG= en_US.UTF-8 but still no help.

Would anyone please help?

Thanks a lot.

Regards

cofee · ‎06-02-2017

Please try the following :

* log in using the credentials that are used by the script and run the same show command just to see if router disconnects the session. Also check the ssh time out value .

* debug ip ssh . This may give you more information why the connection was terminated.

st-wong · ‎06-05-2017

Hi,

>log in using the credentials that are used by the script and run the same show command just to see if router disconnects the session.

Using public key authentication can complete without problem. The only difference is if running through web (script called by Apache) or running with nohup in background, only partial result is returned (thus authentication is okay and command can be issued).

Sorry that I don't have the credential. Maybe I'll ask for it to test.

>Also check the ssh time out value .

May not be the case since the command can finish in 2 seconds.

> debug ip ssh

Will try that out.

Thanks a lot.

vmlopez · ‎06-08-2017

I see this problem also.

- Wireshark shows router initiates termination via a packet with TCP FIN - a successful session shows the server issuing the TCP FIN.

- Router side SSH debug gives no clue as to the problem. Good and bad sessions have same debug info.

- Problems occurs with 2901 and ASR routers running 15.4 and is intermittent.

- Our server is running AIX and OpenSSH. It initiates a SSH connection to execute a show command. The output is received but afterwards the router intermittently initiates connection termination.

- SSH timeout is 60 seconds

- Manually executing command via an SSH session is always good.

cofee · ‎06-09-2017

- Wireshark shows router initiates termination via a packet with TCP FIN - a successful session shows the server issuing the TCP FIN.

- So the router informs the client that all requested information has been sent and been acknowledged by the client. Does client acknowledge the fin segment? also at this point tcp connection will remain half open until the client sends a fin packet.