06-07-2018 03:32 AM - edited 03-12-2019 05:21 AM
I am unable to ssh to a cisco 800 series LTE router.
I am able to do so when connected over crypto tunnel via internet link (LTE)
But when connected over crypto via Ethernet link (Direct LAN), the ssh fails.
My source/jump server does not responds to ssh command
And my destination/router, shows below debug logs.
TestRouter-LTE#
Jun 6 16:00:02.294: SSH0: starting SSH control process
Jun 6 16:00:02.294: SSH0: sent protocol version id SSH-2.0-Cisco-1.25
Jun 6 16:00:04.922: SSH0: protocol version id is - SSH-2.0-OpenSSH_5.3
Jun 6 16:00:04.922: SSH2 0: Server certificate trustpoint not found. Skipping hostkey algo = x509v3-ssh-rsa
Jun 6 16:00:04.922: SSH2 0: kexinit sent: hostkey algo = ssh-rsa
Jun 6 16:00:04.922: SSH2 0: kexinit sent: encryption algo = aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
Jun 6 16:00:04.926: SSH2 0: kexinit sent: mac algo = hmac-sha1,hmac-sha1-96
Jun 6 16:00:04.926: SSH2 0: send:packet of length 368 (length also includes padlen of 5)
Jun 6 16:00:04.926: SSH2 0: SSH2_MSG_KEXINIT sent
Jun 6 16:00:04.926: SSH2 0: ssh_receive: 536 bytes received
Jun 6 16:00:04.926: SSH2 0: input: total packet length of 960 bytes
Jun 6 16:00:04.926: SSH2 0: partial packet length(block size)8 bytes,needed 952 bytes,
maclen 0
Jun 6 16:00:04.930: SSH2 0: ssh_receive: 424 bytes received
Jun 6 16:00:04.930: SSH2 0: partial packet length(block size)8 bytes,needed 9
TestRouter-LTE52 bytes,
maclen 0
Jun 6 16:00:04.930: SSH2 0: input: padlength 4 bytes
Jun 6 16:00:04.930: SSH2 0: SSH2_MSG_KEXINIT received
Jun 6 16:00:04.930: SSH2 0: kex: client->server enc:aes128-ctr mac:hmac-sha1
Jun 6 16:00:04.930: SSH2 0: kex: server->client enc:aes128-ctr mac:hmac-sha1
Jun 6 16:00:04.930: SSH2 0: Using kex_algo = diffie-hellman-group-exchange-sha1#
TestRouter-LTE#
Jun 6 16:00:15.434: SSH2 0: ssh_receive: 24 bytes received
Jun 6 16:00:15.434: SSH2 0: input: total packet length of 24 bytes
Jun 6 16:00:15.434: SSH2 0: partial packet length(block size)8 bytes,needed 16 bytes,
maclen 0
Jun 6 16:00:15.434: SSH2 0: input: padlength 6 bytes
Jun 6 16:00:15.434: SSH2 0: SSH2_MSG_KEX_DH_GEX_REQUEST received
Jun 6 16:00:15.434: SSH2 0: Range sent by client is - 1024 < 2048 < 8192
Jun 6 16:00:15.434: SSH2 0: Modulus size established : 2048 bits
Jun 6 16:00:15.434: SSH2 0: send:packet of length 280 (length also includes padlen of 8)
Jun 6 16:00:15.490: SSH2 0: expecting SSH2_MSG_KEX_DH_GEX_INIT
TestRouter-LTE#
Jun 6 16:00:36.439: SSH2 0: ssh_receive: 272 bytes received
Jun 6 16:00:36.439: SSH2 0: input: total packet length of 272 bytes
Jun 6 16:00:36.439: SSH2 0: partial packet length(block size)8 bytes,needed 264 bytes,
maclen 0
Jun 6 16:00:36.439: SSH2 0: input: padlength 6 bytes
Jun 6 16:00:36.439: SSH2 0: SSH2_MSG_KEXDH_INIT received
Jun 6 16:00:36.531: SSH2 0: signature length 271
Jun 6 16:00:36.531: SSH2 0: send:packet of length 832 (length also includes padlen of 8)
Jun 6 16:00:36.531: SSH0: TCP send failed enqueueing
Jun 6 16:01:18.576: SSH2: kex_derive_keys complete
Jun 6 16:01:18.576: SSH2 0: send:packet of length 16 (length also includes padlen of 10)
Jun 6 16:01:18.576: SSH2 0: newkeys: mode 1
Jun 6 16:01:18.576: SSH2 0: SSH2_MSG_NEWKEYS sent
Jun 6 16:01:18.576: SSH2 0: waiting for SSH2_MSG_NEWKEYS
Jun 6 16:02:00.584: SSH2 0: SSH ERROR closing the connection
Jun 6 16:02:00.584: SSH2 0: send:packet of length 80 (length also includes padlen of 15)
Jun 6 16:02:00.584: SSH2 0: computed MAC for sequence no.#4 type 1
Jun 6 16:02:00.584: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from 192.168.20.21
Jun 6 16:02:00.684: SSH0: Session disconnected - error 0x00
=======================================================
Can someone go through the logs and guide why is SSH failing.
I have tried re-creating the rsa key and making changes in the Linux jump server (modifying key path). It still fails.
06-07-2018 12:58 PM
Estimated!
How many bytes are you rsa? I recommend you to test with 1024.
Please do not forget to rate useful post.
Best Regards,
06-12-2018 01:26 AM
It is 2048.
06-13-2018 10:12 AM
Please provide your IOS version.
Best Regards,
08-16-2020 02:47 PM
was this ever solved?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide