Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1211
Views
0
Helpful
2
Replies

SG300 ssh strange error: "A client is already connected"

Tilman Schmidt
Level 1
Level 1

‎10-14-2013 07:14 AM - edited ‎03-07-2019 04:01 PM

Hi,

I've got a few SG300-52 small business switches running software version 1.3.0.62 which I configured for ssh management access with public key authentication via:

ip ssh server

ip ssh pubkey-auth auto-login

username mgmt password ... privilege 15

crypto key pubkey-chain ssh

user-key mgmt rsa

key-string ...

This is working fine if I connect interactively from my management system with:

ssh -i mgmt_id_rsa mgmt@switch

where mgmt_id_rsa is the name of a file containing the private key.

I get a privileged command prompt as intended, without being asked for a password.

However if I try to pass a command on the ssh command line like this:

ssh -i mgmt_id_rsa mgmt@switch show version

the command just hangs until I hit the Enter key a second time, and then emits the strange message:

Received disconnect from 10.11.12.13: 2:

A client is already connected

(Exactly like that, including the line break after the "2:" and the blank before "A client".)

This is unfortunate as the objective is to send commands to the switch from a script.

The same happens if I pipe the command I want to send into ssh like this:

echo show version | ssh -i mgmt_id_rsa mgmt@switch

except the error message appears immediately and I don't have to hit Enter a second time.

Looks like I hit another bug in Cisco's ssh implementation? Any idea for a workaround?

Thanks,

Tilman

2 people had this problem
Labels:
0 Helpful
2 Replies 2

Tilman Schmidt
Level 1
Level 1

‎10-15-2013 01:29 AM

A few more data points:

ssh -t -i mgmt_id_rsa mgmt@switch show version

(force pseudo-tty allocation) echos the "show version" command but does not execute it. The session then doesn't respond to any keyboard input except "~." to close the connection.

ssh -n -i mgmt_id_rsa mgmt@switch show version

echo show version | ssh -n -i mgmt_id_rsa mgmt@switch

(prevent reading from stdin) both hang until I hit ctrl/C to abort.

Trying to add the -t option to either -n or the pipe variant results in the message: "Pseudo-terminal will not be allocated because stdin is not a terminal."

SSH debug output (ssh -vvv ...) only shows the command being sent to the SG300 and no reply ever coming back.

0 Helpful

Joshua Hoke
Level 1
Level 1

‎05-11-2015 01:26 PM

I was able to duplicate this behavior on multiple switches running firmware version 1.4.1.3

 

Were you ever able to find a solution?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card