Unable to SSH to FI but can browse UCSM

Markus5849 · ‎04-19-2023

I'm unable to SSH into the Fabric Interconnect Cluster IP and also each Fabric Interconnect A & B. Have tried with telnet FI cluster IP, FI-A and FI-B to port 22 all passed. Can browse to UCSM website as well. From UCSM, under communications management the SSH is already enabled.

When using Putty to SSH into FI cluster IP, FI-A, and FI-B, it shows "remote site unexpectedly closed network connection".

Any advice?

Kirk J · ‎04-19-2023

Greetings.

Try disabling/re-enabling SSH admin setting.

Have seen some instances where shell client didn't have newer ciphers that later versions of UCSM was expecting.

Make sure you have latest version of putty/mobaxterm/secureCRT, etc.

I recently had something similar in lab, and was resolved after I pulled down the latest putty (i.e. .78)

What type of FI is yours?

Kirk...

Kirk J · ‎04-19-2023

Occasionally, as part of vulnerability updates, SSH/SSHD will get updated, which appears there was recent update on 4.22a and higher.

Looking at release notes https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/release/notes/cisco-ucs-manager-rn-4-2.html there were a few different CVEs relating to openssh, and looks like this was bumped up to version 8.

Along with newer openssh/sshd comes some changes in ciphers, requiring updated ssh clients.

Kirk...

Venkatesh poreddy · ‎02-03-2025

Use Putty 0.75 or later Use MobaXterm 22.1 or later

The above versions are the most common SSH clients, but update other 3rd party SSH clients as needed. Refer to the 3rd Party vendors for which versions will support OpenSSL 1.1 key exchanges.