Unable to SSH into VCS

Gerardo Del Valle · ‎06-18-2013

Hi,

Here is my situation. I am trying to SSH from a 3560 switch into my VCS but I get the follwing error:

" Switch#ssh 172.16.200.19 [Connection to 172.16.200.19 aborted: error status 0]"

debug ip ssh output:

Jun 18 2013 14:47:01.127 UTC: SSH CLIENT0: protocol version id is - SSH-2.0-OpenSSH_5.9

Jun 18 2013 14:47:01.127 UTC: SSH CLIENT0: sent protocol version id SSH-2.0-Cisco-1.25

Jun 18 2013 14:47:01.127 UTC: SSH2 CLIENT 0: send: len 280 (includes padlen 4)

Jun 18 2013 14:47:01.127 UTC: SSH2 CLIENT 0: SSH2_MSG_KEXINIT sent

Jun 18 2013 14:47:01.135 UTC: SSH2 CLIENT 0: ssh_receive: 536 bytes received

Jun 18 2013 14:47:01.135 UTC: SSH2 CLIENT 0: input: packet len 968

Jun 18 2013 14:47:01.135 UTC: SSH2 CLI

Switch#ENT 0: partial packet 8, need 960, maclen 0

Jun 18 2013 14:47:01.135 UTC: SSH2 CLIENT 0: ssh_receive: 432 bytes received

Jun 18 2013 14:47:01.135 UTC: SSH2 CLIENT 0: partial packet 8, need 960, maclen 0

Jun 18 2013 14:47:01.135 UTC: SSH2 CLIENT 0: input: padlen 11

Jun 18 2013 14:47:01.135 UTC: SSH2 CLIENT 0: received packet type 20

Jun 18 2013 14:47:01.135 UTC: SSH2 CLIENT 0: SSH2_MSG_KEXINIT received

Jun 18 2013 14:47:01.135 UTC: SSH2: kex: server->client aes128-cbc hmac-sha1 none

Jun 18 2013 14:47

Switch#:01.135 UTC: SSH2: kex: client->server aes128-cbc hmac-sha1 none

Jun 18 2013 14:47:01.135 UTC: SSH2 CLIENT 0: hostkey algo not supported: client ssh-rsa, server ssh-dss

Jun 18 2013 14:47:01.135 UTC: SSH CLIENT0: Session disconnected - error 0x00

I'm not very familiar with SSH but could it be that the switch is running RSA keys and from the debug output, it looks like the VCS uses DSS.

The switch is running SSHv2. VCS SSH is enabled.

mahkrish · ‎06-20-2013

Hi, Can you let us know the exact requirement to perform ssh from switch to VCS ? are you able to ssh from your desktop/laptop using ssh clients ?

BR, Mahesh Adithiyha

Gerardo Del Valle · ‎06-21-2013

The current setup doesn't allow us to ssh from a laptop or desktop. I have remote access to a switch, which has a router, MCU, and VCS connected to. From there, I would like to ssh to the VCS. SSH is working in the switch because I can ssh into the router from it.

ahmashar · ‎06-21-2013

This looks like you hit this bug CSCtc58970

Regards,

Ahmad

Gerardo Del Valle · ‎06-21-2013

Ahmad,

The link is not coming up.

ahmashar · ‎06-21-2013

sorry about that.

what version of IOS are you running?

Gerardo Del Valle · ‎06-21-2013

The switch is running c3560-ipservicesk9-mz.122-55.SE1. The VCS is version 7.2, I think (don't have access to the equipment at the moment). Router is 15.1.4M6.

Martin Koch · ‎06-21-2013

I am not 100% sure if its a bug or a feature. If the switch simply does not support dss and the vcs not ssh you cant do much besides hoping hat the cisco switch will support it in future versions.

Think of using a vpn / firewall opening / portforward to use it or think of using the dual interface option

or some out of band management (serial port / vmware / ...)

Please remember to rate helpful responses and identify

ahmashar · ‎06-21-2013

it means there is a mismatch in key negotiation algorithms so it couldn't handshake the connection.

so the workaround would be SSH from a Linux/Unix/Windows client to either box and it will work as this is a key negotiation issue between switch and VCS.

Gerardo Del Valle · ‎06-26-2013

Thank you for your input.

shkn · ‎06-26-2013

Hi ,

Try the Putty software for ssh into the device

Regards

Shyam