cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3209
Views
21
Helpful
3
Replies

Telnet SSH not working Strange

Hi all,

     I have a very strange issue here, after I read a lot of posting about the telnet problem no one resolving mine, actually I have everything configurated, well is not much, but I do not have any access list, no firewall between, only nat and I do not think this was the problem, the thing is that after telnet the IP I receive an Open, but almost instantly close the session, in the case of the SSH I receive the prompt for the password, but when I introduce the correct password the ssh session close. I do not receive any message, just that the foreing host closed.

Remote Router:

INTERNET_TMX#telnet 9.2.8.1
Trying 9.2.8.1 ... Open

[Connection to 9.2.8.1 closed by foreign host]
INTERNET_TMX#ss
INTERNET_TMX#ssh -l cisco 9.2.8.1

Password:

[Connection to 9.2.8.1 closed by foreign host]


Config;

ip nat inside source route-map nonat interface Dialer1 overload
!
ip access-list extended lan2lan
permit ip 192.168.225.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip 192.168.226.0 0.0.0.255 192.168.0.0 0.0.255.255
ip access-list extended nat
deny   ip 192.168.225.0 0.0.0.255 192.168.0.0 0.0.255.255
deny   ip 192.168.226.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip 192.168.225.0 0.0.0.255 any
permit ip 192.168.226.0 0.0.0.255 any
!
route-map nonat permit 1
match ip address nat

!

line con 0
logging synchronous
login local
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
login local
no exec
transport input telnet ssh
!
end

Debug:

GW_MONMORELOS#debug telnet

*Jul  9 22:53:13.974: Telnet67: 1 1 251 1
*Jul  9 22:53:13.974: TCP67: Telnet sent WILL ECHO (1)
*Jul  9 22:53:13.974: Telnet67: 2 2 251 3
*Jul  9 22:53:13.974: TCP67: Telnet sent WILL SUPPRESS-GA (3)
*Jul  9 22:53:13.974: Telnet67: 80000 80000 253 24
*Jul  9 22:53:13.974: TCP67: Telnet sent DO TTY-TYPE (24)
*Jul  9 22:53:13.974: Telnet67: 10000000 10000000 253 31
*Jul  9 22:53:13.974: TCP67: Telnet sent DO WINDOW-SIZE (31)

GW_MONMORELOS#debug ip ssh       
Incoming SSH debugging is on
GW_MONMORELOS#
GW_MONMORELOS#
GW_MONMORELOS#
*Jul  9 22:55:02.254: SSH0: starting SSH control process
*Jul  9 22:55:02.254: SSH0: sent protocol version id SSH-2.0-Cisco-1.25
*Jul  9 22:55:02.270: SSH0: protocol version id is - SSH-1.99-Cisco-1.25
*Jul  9 22:55:02.270: SSH2 0: send:packet of  length 344 (length also includes padlen of 5)
*Jul  9 22:55:02.270: SSH2 0: SSH2_MSG_KEXINIT sent
*Jul  9 22:55:02.274: SSH2 0: ssh_receive: 344 bytes received
*Jul  9 22:55:02.274: SSH2 0: input: total packet length of 344 bytes
*Jul  9 22:55:02.274: SSH2 0: partial packet length(block size)8 bytes,needed 336 bytes,
               maclen 0
*Jul  9 22:55:02.274: SSH2 0: input: padlength 5 bytes
*Jul  9 22:55:02.274: SSH2 0: SSH2_MSG_KEXINIT received
*Jul  9 22:55:02.274: SSH2:kex: client->server enc:aes128-cbc mac:hmac-sha1
*Jul  9 22:55:02.274: SSH2:kex: server->client enc:aes128-cbc mac:hmac-sha1
*Jul  9 22:55:02.294: SSH2 0: ssh_receive: 24 bytes received
*Jul  9 22:55:02.294: SSH2 0: input: total packet length of 24 b
GW_MONMORELOS#ytes
*Jul  9 22:55:02.294: SSH2 0: partial packet length(block size)8 bytes,needed 16 bytes,
               maclen 0
*Jul  9 22:55:02.294: SSH2 0: input: padlength 6 bytes
*Jul  9 22:55:02.294: SSH2 0: SSH2_MSG_KEX_DH_GEX_REQUEST received
*Jul  9 22:55:02.294: SSH2 0: Range sent by client is - 1024 < 2048 < 4096
*Jul  9 22:55:02.294: SSH2 0:  Modulus size established : 2048 bits
*Jul  9 22:55:02.294: SSH2 0: send:packet of  length 280 (length also includes padlen of 8)
*Jul  9 22:55:02.350: SSH2 0: expecting SSH2_MSG_KEX_DH_GEX_INIT
*Jul  9 22:55:02.486: SSH2 0: ssh_receive: 272 bytes received
*Jul  9 22:55:02.486: SSH2 0: input: total packet length of 272 bytes
*Jul  9 22:55:02.486: SSH2 0: partial packet length(block size)8 bytes,needed 264 bytes,
               maclen 0
*Jul  9 22:55:02.486: SSH2 0: input: padlength 5 bytes
*Jul  9 22:55:02.486: SSH2 0: SSH2_MSG_KEXDH_INIT received
*Jul  9 22:55:02.598: SSH2 0: signature length 143
*Jul  9 22:55:02.598: SSH2 0: send:packet of  length 576 (length also includes padlen of 7)
*Jul  9 22:55:02.602: SSH2: kex_derive_keys complete
*Jul  9 22:55:02.602: SSH2 0: send:packet of  length 16 (length also includes padlen of 10)
*Jul  9 22:55:02.602: SSH2 0: newkeys: mode 1
*Jul  9 22:55:02.602: SSH2 0: SSH2_MSG_NEWKEYS sent
*Jul  9 22:55:02.602: SSH2 0: waiting for SSH2_MSG_NEWKEYS
*Jul  9 22:55:02.858: SSH2 0: ssh_receive: 16 bytes received
*Jul  9 22:55:02.858: SSH2 0: input: total packet length of 16 bytes
*Jul  9 22:55:02.858: SSH2 0: partial packet length(block size)8 bytes,needed 8 bytes,
               maclen 0
*Jul  9 22:55:02.858: SSH2 0: input: padlength 10 bytes
*Jul  9 22:55:02.858: SSH2 0: newkeys: mode 0
*Jul  9 22:55:02.858: SSH2 0: SSH2_MSG_NEWKEYS received
*Jul  9 22:55:02.858: SSH2 0: ssh_receive: 52 bytes received
*Jul  9 22:55:02.858: SSH2 0: input: total packet length of 32 bytes
*Jul  9 22:55:02.858: SSH2 0: partial packet length(block size)16 bytes,needed 16 bytes,
               maclen 20
*Jul  9 22:55:02.858: SSH2 0: MAC compared for #4 :ok
*Jul  9 22:55:02.858: SSH2 0: input: padlength 10 bytes
*Jul  9 22:55:02.858: SSH2 0: send:packet of  length 32 (length also includes padlen of 10)
*Jul  9 22:55:02.858: SSH2 0: computed MAC for sequence no.#4
*Jul  9 22:55:02.874: SSH2 0: ssh_receive: 84 bytes received
*Jul  9 22:55:02.874: SSH2 0: input: total packet length of 64 bytes
*Jul  9 22:55:02.874: SSH2 0: partial packet length(block size)16 bytes,needed 48 bytes,
               maclen 20
*Jul  9 22:55:02.874: SSH2 0: MAC compared for #5 :ok
*Jul  9 22:55:02.874: SSH2 0: input: padlength 19 bytes
*Jul  9 22:55:02.874: SSH2 0: send:packet of  length 48 (length also includes padlen of 8)
*Jul  9 22:55:02.874: SSH2 0: computed MAC for sequence no.#5
*Jul  9 22:55:02.890: SSH2 0: ssh_receive: 116 bytes received
*Jul  9 22:55:02.890: SSH2 0: input: total packet length of 96 bytes
*Jul  9 22:55:02.894: SSH2 0: partial packet length(block size)16 bytes,needed 80 bytes,
               maclen 20
*Jul  9 22:55:02.894: SSH2 0: MAC compared for #6 :ok
*Jul  9 22:55:02.894: SSH2 0: input: padlength 16 bytes
*Jul  9 22:55:02.894: SSH2 0: send:packet of  length 48 (length also includes padlen of 11)
*Jul  9 22:55:02.894: SSH2 0: computed MAC for sequence no.#6
*Jul  9 22:55:05.778: SSH2 0: ssh_receive: 52 bytes received
*Jul  9 22:55:05.778: SSH2 0: input: total packet length of 32 bytes
*Jul  9 22:55:05.778: SSH2 0: partial packet length(block size)16 bytes,needed 16 bytes,
               maclen 20
*Jul  9 22:55:05.778: SSH2 0: MAC compared for #7 :ok
*Jul  9 22:55:05.778: SSH2 0: input: padlength 7 bytes
*Jul  9 22:55:05.782: SSH2 0: send:packet of  length 16 (length also includes padlen of 10)
*Jul  9 22:55:05.782: SSH2 0: computed MAC for sequence no.#7
*Jul  9 22:55:05.786: SSH2 0: authentication successful for citrofrut
*Jul  9 22:55:05.798: SSH2 0: ssh_receive: 68 bytes received
*Jul  9 22:55:05.798: SSH2 0: input: total packet length of 48 bytes
*Jul  9 22:55:05.798: SSH2 0: partial packet length(block size)16 bytes,needed 32 bytes,
               maclen 20
*Jul  9 22:55:05.802: SSH2 0: MAC compared for #8 :ok
*Jul  9 22:55:05.802: SSH2 0: input: padlength 19 bytes
*Jul  9 22:55:05.802: SSH2 0: channel open request
*Jul  9 22:55:05.802: SSH2 0: send:packet of  length 32 (length also includes padlen of 10)
*Jul  9 22:55:05.802: SSH2 0: computed MAC for sequence no.#8
*Jul  9 22:55:05.818: SSH2 0: ssh_receive: 84 bytes received
*Jul  9 22:55:05.818: SSH2 0: input: total packet length of 64 bytes
*Jul  9 22:55:05.818: SSH2 0: partial packet length(block size)16 bytes,needed 48 bytes,
               maclen 20
*Jul  9 22:55:05.818: SSH2 0: MAC compared for #9 :ok
*Jul  9 22:55:05.818: SSH2 0: input: padlength 13 bytes
*Jul  9 22:55:05.818: SSH2 0: send:packet of  length 16 (length also includes padlen of 6)
*Jul  9 22:55:05.818: SSH2 0: computed MAC for sequence no.#9
*Jul  9 22:55:05.818: SSH2 0: pty-req request
*Jul  9 22:55:05.818: SSH2 0: setting TTY - requested: height 47, width 132; set: height 47, width 132
*Jul  9 22:55:05.830: SSH2 0: ssh_receive: 52 bytes received
*Jul  9 22:55:05.830: SSH2 0: input: total packet length of 32 bytes
*Jul  9 22:55:05.834: SSH2 0: partial packet length(block size)16 bytes,needed 16 bytes,
               maclen 20
*Jul  9 22:55:05.834: SSH2 0: MAC compared for #10 :ok
*Jul  9 22:55:05.834: SSH2 0: input: padlength 12 bytes
*Jul  9 22:55:05.834: SSH2 0: send:packet of  length 16 (length also includes padlen of 6)
*Jul  9 22:55:05.834: SSH2 0: computed MAC for sequence no.#10
*Jul  9 22:55:05.834: SSH2 0: shell request
*Jul  9 22:55:05.834: SSH2 0: shell message received
*Jul  9 22:55:05.834: SSH2 0: starting shell for vty
*Jul  9 22:55:05.934: SSH2 0: send:packet of  length 48 (length also includes padlen of 18)
*Jul  9 22:55:05.934: SSH2 0: computed MAC for sequence no.#11
*Jul  9 22:55:05.934: SSH2 0: send:packet of  length 16 (length also includes padlen of 6)
*Jul  9 22:55:05.934: SSH2 0: computed MAC for sequence no.#12
*Jul  9 22:55:05.934: SSH2 0: send:packet of  length 16 (length also includes padlen of 6)
*Jul  9 22:55:05.934: SSH2 0: computed MAC for sequence no.#13
*Jul  9 22:55:05.934: SSH0: Session terminated normally

Any advice...

Thanks, Cesar

3 Replies 3

nbhandarkar
Level 1
Level 1

Hi Cezar,

Your "no exec" command on the vty lines seems to be a problem. Issue "exec" command on the vty lines and check if you are able to telnet or ssh. This should solve your problem.

Hope this helps.

Dipesh Patel
Level 2
Level 2

Dear Cesar,

Your configuration seams there should not be cmd "" no exec ""

This will disable the exec mode of the Router / Switch  as same way as ""no login"".

When you want to allow an outgoing connection only for a line (no incoming) use the ""no exec"" command. When a user tries to Telnet to a line with the no exec command configured, the user will get no response when pressing the Return key at the login screen.

Find the link for your refference.

Hope it will help you and do not forget the rate to helpful posts.

Regards,

Oh Man !!! I sure I probe with the exec line... but you both right... thanks !!!

Review Cisco Networking for a $25 gift card