cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8104
Views
0
Helpful
7
Replies

SSH fail access on IOS XR, ASR9000

saul.reyes
Level 1
Level 1

Hi

actually we have a trouble with the operation with SSH an access to ASR9000, we installed and actived the PX.PIE packet for security on version 4.2.3 but the debug info es the following:

Wed Jun 26 11:13:32.919 pst

  Node 0/RSP0/CPU0 [RP] [SDR: Owner]

    Boot Device: disk0:

    Boot Image: /disk0/asr9k-os-mbi-4.2.3.CSCuc79084-1.0.0/0x100305/mbiasr9k-rsp3.vm

    Active Packages:

      disk0:asr9k-mini-px-4.2.3

      disk0:asr9k-k9sec-px-4.2.3

      disk0:asr9k-mpls-px-4.2.3

      disk0:asr9k-px-4.2.3.CSCuc79084-1.0.0

  Node 0/RSP1/CPU0 [RP] [SDR: Owner]

    Boot Device: disk0:

    Boot Image: /disk0/asr9k-os-mbi-4.2.3.CSCuc79084-1.0.0/0x100305/mbiasr9k-rsp3.vm

    Active Packages:

      disk0:asr9k-mini-px-4.2.3

     disk0:asr9k-k9sec-px-4.2.3

      disk0:asr9k-mpls-px-4.2.3

      disk0:asr9k-px-4.2.3.CSCuc79084-1.0.0

  Node 0/0/CPU0 [LC] [SDR: Owner]

    Boot Device: mem:

    Boot Image: /disk0/asr9k-os-mbi-4.2.3.CSCuc79084-1.0.0/lc/mbiasr9k-lc.vm

    Active Packages:

      disk0:asr9k-mini-px-4.2.3

      disk0:asr9k-mpls-px-4.2.3

      disk0:asr9k-px-4.2.3.CSCuc79084-1.0.0

  Node 0/1/CPU0 [LC] [SDR: Owner]

    Boot Device: mem:

    Boot Image: /disk0/asr9k-os-mbi-4.2.3.CSCuc79084-1.0.0/lc/mbiasr9k-lc.vm

    Active Packages:

      disk0:asr9k-mini-px-4.2.3

      disk0:asr9k-mpls-px-4.2.3

      disk0:asr9k-px-4.2.3.CSCuc79084-1.0.0

  Node 0/2/CPU0 [LC] [SDR: Owner]

    Boot Device: mem:

    Boot Image: /disk0/asr9k-os-mbi-4.2.3.CSCuc79084-1.0.0/lc/mbiasr9k-lc.vm

    Active Packages:

      disk0:asr9k-mini-px-4.2.3

      disk0:asr9k-mpls-px-4.2.3

      disk0:asr9k-px-4.2.3.CSCuc79084-1.0.0

  Node 0/3/CPU0 [LC] [SDR: Owner]

    Boot Device: mem:

    Boot Image: /disk0/asr9k-os-mbi-4.2.3.CSCuc79084-1.0.0/lc/mbiasr9k-lc.vm

    Active Packages:

      disk0:asr9k-mini-px-4.2.3

      disk0:asr9k-mpls-px-4.2.3

      disk0:asr9k-px-4.2.3.CSCuc79084-1.0.0

RP/0/RSP0/CPU0:ED_MEX_1(config)#ssh server vrf gat

RP/0/RSP0/CPU0:ED_MEX_1(config)#ssh timeout 120

RP/0/RSP0/CPU0:ED_MEX_1(config)#ssh server session-limit 10

RP/0/RSP0/CPU0:ED_MEX_1(config)#end

Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:yes

RP/0/RSP0/CPU0:Jun 26 11:11:37.838 : SSHD_[1144]: SSHD debug detail

RP/0/RSP0/CPU0:Jun 26 11:11:37.886 : SSHD_[1144]: SSH v4 socket is blocked for all traffic :32

RP/0/RSP0/CPU0:Jun 26 11:11:37.886 : SSHD_[1144]: SSH v6 socket is blocked for all traffic :33

RP/0/RSP0/CPU0:Jun 26 11:11:37.896 : SSHD_[1144]: (ssh_sysdb_get_items) no vrf configured, item_count:-1

RP/0/RSP0/CPU0:Jun 26 11:11:37.896 : SSHD_[1144]: No vrf set yet

RP/0/RSP0/CPU0:Jun 26 11:11:38.738 : SSHD_[1144]: (sshd_notify_default_func)

RP/0/RSP0/CPU0:Jun 26 11:11:38.742 : SSHD_[1144]: (sshd_notify_vrf) vrf:gat

RP/0/RSP0/CPU0:Jun 26 11:11:38.742 : SSHD_[1144]: (sshd_add_vrf) vrf-name:gat, vrf-id

RP/0/RSP0/CPU0:Jun 26 11:11:38.743 : SSHD_[1144]: (sshd_add_vrf) Added 1st entry to vrf-list:gat

RP/0/RSP0/CPU0:Jun 26 11:11:38.743 : SSHD_[1144]: set_acl_sockopt: VRF:gat, V4-ACL:(null), V6-ACL:(null)

RP/0/RSP0/CPU0:Jun 26 11:11:38.743 : SSHD_[1144]: set_acl_sockopt: VRF:gat vrfid is not yet set, fwd referencing

RP/0/RSP0/CPU0:Jun 26 11:11:38.743 : SSHD_[1144]: (sshd_register_vrf_with_rsi) ... , vrf:gat

RP/0/RSP0/CPU0:Jun 26 11:11:38.744 : SSHD_[1144]: (sshd_register_vrf_with_rsi) rsi init done (rc:No error)

RP/0/RSP0/CPU0:Jun 26 11:11:38.745 : SSHD_[1144]: (sshd_register_vrf_with_rsi) rsi added vrf (gat)

RP/0/RSP0/CPU0:Jun 26 11:11:38.745 : SSHD_[1144]: (sshd_rsi_reg_vrf_upd) vrfname: gat, vrf_id :60000002

RP/0/RSP0/CPU0:Jun 26 11:11:38.745 : SSHD_[1144]: (sshd_add_vrf) vrf-name:gat, vrf-id :60000002

RP/0/RSP0/CPU0:Jun 26 11:11:38.745 : SSHD_[1144]: (sshd_add_vrf) vrf:gat already exists, updating vrf_id to 60000002

RP/0/RSP0/CPU0:Jun 26 11:11:38.745 : SSHD_[1144]: Server listening on port 22

RP/0/RSP0/CPU0:Jun 26 11:11:38.745 : SSHD_[1144]: (sshd_register_vrf_with_rsi) rsi registered(vrf:gat)

RP/0/RSP0/CPU0:Jun 26 11:11:38.745 : SSHD_[1144]: (sshd_notify_default_func)

RP/0/RSP0/CPU0:Jun 26 11:11:38.745 : SSHD_[1144]: (sshd_notify_default_func)

RP/0/RSP0/CPU0:ED_MEX_1#

RP/0/RSP0/CPU0:ED_MEX_1#

RP/0/RSP0/CPU0:ED_MEX_1#

RP/0/RSP0/CPU0:ED_MEX_1#

RP/0/RSP0/CPU0:ED_MEX_1#RP/0/RSP0/CPU0:Jun 26 11:11:52.728 : SSHD_[1144]: ratelimit_msecs:1000.000000, ratelimit_count:1

RP/0/RSP0/CPU0:Jun 26 11:11:52.728 : SSHD_[1144]: elapsed:1372245112728.478027, ratelimit_msecs:1000.000000, count:0

RP/0/RSP0/CPU0:Jun 26 11:11:52.733 : SSHD_[1144]: Spawned new child process 565314

RP/0/RSP0/CPU0:Jun 26 11:11:52.773 : SSHD_[65602]: Client sockfd 3

RP/0/RSP0/CPU0:Jun 26 11:11:52.774 : SSHD_[65602]: Setting IP_TOS value:64

RP/0/RSP0/CPU0:Jun 26 11:11:52.774 : SSHD_[65602]: After setting socket options, sndbuf33792, rcvbuf - 33792

RP/0/RSP0/CPU0:Jun 26 11:11:52.775 : SSHD_[65602]: Connection from 172.16.14.5 port 25922

RP/0/RSP0/CPU0:Jun 26 11:11:52.776 : SSHD_[65602]: (addrem_ssh_info_tuple) user:()

RP/0/RSP0/CPU0:Jun 26 11:11:52.777 : SSHD_[65602]: Session id 0

RP/0/RSP0/CPU0:Jun 26 11:11:52.777 : SSHD_[65602]: Exchanging versions

RP/0/RSP0/CPU0:Jun 26 11:11:52.777 : SSHD_[65602]: Transmission:Original: len = 19

RP/0/RSP0/CPU0:Jun 26 11:11:52.777 : SSHD_[65602]: 0000 - 53 53 48 2d 31 2e 39 39-2d 43 69 73 63 6f 2d 32   SSH-1.99-Cisco-2

RP/0/RSP0/CPU0:Jun 26 11:11:52.777 : SSHD_[65602]: 0010 - 2e 30 0a                                          .0.

RP/0/RSP0/CPU0:Jun 26 11:11:52.777 : SSHD_[65602]: Transmitting data in Str mode

RP/0/RSP0/CPU0:Jun 26 11:11:52.777 : SSHD_[65602]: Transmitting data in Str mode SSH-1.99-Cisco-2.0

RP/0/RSP0/CPU0:Jun 26 11:11:52.778 : SSHD_[65602]: writing bytes to sockfd

RP/0/RSP0/CPU0:Jun 26 11:11:52.778 : SSHD_[65602]: done writing bytes to sockfd (rc:0)

RP/0/RSP0/CPU0:Jun 26 11:11:52.779 : SSHD_[65602]: Remote protocol version 1.99, remote software version Cisco-1.25

RP/0/RSP0/CPU0:Jun 26 11:11:52.779 : SSHD_[65602]: In Key exchange

RP/0/RSP0/CPU0:Jun 26 11:11:52.782 : SSHD_[65602]: Transmission:Original: len = 215

RP/0/RSP0/CPU0:Jun 26 11:11:52.782 : SSHD_[65602]: 0000 - 14 9c 62 ce bb fe ab d9-80 41 d3 5a 2f 65 3e 76   ..b......A.Z/e>v

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: 0010 - cd 00 00 00 1a 64 69 66-66 69 65 2d 68 65 6c 6c   .....diffie-hell

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: 0020 - 6d 61 6e 2d 67 72 6f 75-70 31 2d 73 68 61 31 00   man-group1-sha1.

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: 0030 - 00 00 01 20 00 00 00 29-61 65 73 31 32 38 2d 63   ... ...)aes128-c

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: 0040 - 62 63 2c 61 65 73 31 39-32 2d 63 62 63 2c 61 65   bc,aes192-cbc,ae

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: 0050 - 73 32 35 36 2d 63 62 63-2c 33 64 65 73 2d 63 62   s256-cbc,3des-cb

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: 0060 - 63 00 00 00 29 61 65 73-31 32 38 2d 63 62 63 2c   c...)aes128-cbc,

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: 0070 - 61 65 73 31 39 32 2d 63-62 63 2c 61 65 73 32 35   aes192-cbc,aes25

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: 0080 - 36 2d 63 62 63 2c 33 64-65 73 2d 63 62 63 00 00   6-cbc,3des-cbc..

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: 0090 - 00 12 68 6d 61 63 2d 6d-64 35 2c 68 6d 61 63 2d   ..hmac-md5,hmac-

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: 00a0 - 73 68 61 31 00 00 00 12-68 6d 61 63 2d 6d 64 35   sha1....hmac-md5

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: 00b0 - 2c 68 6d 61 63 2d 73 68-61 31 00 00 00 04 6e 6f   ,hmac-sha1....no

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: 00c0 - 6e 65 00 00 00 04 6e 6f-6e 65 00 00 00 00 00 00   ne....none......

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: 00d0 - 00 00 00 00 00 00 00                              .......

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: Transmitting data in bin mode

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: Transmission:Final: len = 224

RP/0/RSP0/CPU0:Jun 26 11:11:52.783 : SSHD_[65602]: 0000 - 00 00 00 dc 04 14 9c 62-ce bb fe ab d9 80 41 d3   .......b......A.

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: 0010 - 5a 2f 65 3e 76 cd 00 00-00 1a 64 69 66 66 69 65   Z/e>v.....diffie

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: 0020 - 2d 68 65 6c 6c 6d 61 6e-2d 67 72 6f 75 70 31 2d   -hellman-group1-

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: 0030 - 73 68 61 31 00 00 00 01-20 00 00 00 29 61 65 73   sha1.... ...)aes

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: 0040 - 31 32 38 2d 63 62 63 2c-61 65 73 31 39 32 2d 63   128-cbc,aes192-c

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: 0050 - 62 63 2c 61 65 73 32 35-36 2d 63 62 63 2c 33 64   bc,aes256-cbc,3d

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: 0060 - 65 73 2d 63 62 63 00 00-00 29 61 65 73 31 32 38   es-cbc...)aes128

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: 0070 - 2d 63 62 63 2c 61 65 73-31 39 32 2d 63 62 63 2c   -cbc,aes192-cbc,

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: 0080 - 61 65 73 32 35 36 2d 63-62 63 2c 33 64 65 73 2d   aes256-cbc,3des-

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: 0090 - 63 62 63 00 00 00 12 68-6d 61 63 2d 6d 64 35 2c   cbc....hmac-md5,

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: 00a0 - 68 6d 61 63 2d 73 68 61-31 00 00 00 12 68 6d 61   hmac-sha1....hma

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: 00b0 - 63 2d 6d 64 35 2c 68 6d-61 63 2d 73 68 61 31 00   c-md5,hmac-sha1.

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: 00c0 - 00 00 04 6e 6f 6e 65 00-00 00 04 6e 6f 6e 65 00   ...none....none.

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: 00d0 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: writing bytes to sockfd

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: done writing bytes to sockfd (rc:0)

RP/0/RSP0/CPU0:Jun 26 11:11:52.784 : SSHD_[65602]: Receive:Original: len = 16

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 0000 - 00 00 01 14 04 14 44 4e-b1 a5 eb d3 4e b3 87 d9   ......DN....N...

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: Packlen = 276, Totalpacklen = 280

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: Receive:Original: len = 280

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 0000 - 00 00 01 14 04 14 44 4e-b1 a5 eb d3 4e b3 87 d9   ......DN....N...

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 0010 - 9b 9a 75 15 ad 92 00 00-00 1a 64 69 66 66 69 65   ..u.......diffie

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 0020 - 2d 68 65 6c 6c 6d 61 6e-2d 67 72 6f 75 70 31 2d   -hellman-group1-

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 0030 - 73 68 61 31 00 00 00 07-73 73 68 2d 72 73 61 00   sha1....ssh-rsa.

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 0040 - 00 00 29 61 65 73 31 32-38 2d 63 62 63 2c 33 64   ..)aes128-cbc,3d

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 0050 - 65 73 2d 63 62 63 2c 61-65 73 31 39 32 2d 63 62   es-cbc,aes192-cb

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 0060 - 63 2c 61 65 73 32 35 36-2d 63 62 63 00 00 00 29   c,aes256-cbc...)

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 0070 - 61 65 73 31 32 38 2d 63-62 63 2c 33 64 65 73 2d   aes128-cbc,3des-

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 0080 - 63 62 63 2c 61 65 73 31-39 32 2d 63 62 63 2c 61   cbc,aes192-cbc,a

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 0090 - 65 73 32 35 36 2d 63 62-63 00 00 00 2b 68 6d 61   es256-cbc...+hma

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 00a0 - 63 2d 73 68 61 31 2c 68-6d 61 63 2d 73 68 61 31   c-sha1,hmac-sha1

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 00b0 - 2d 39 36 2c 68 6d 61 63-2d 6d 64 35 2c 68 6d 61   -96,hmac-md5,hma

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 00c0 - 63 2d 6d 64 35 2d 39 36-00 00 00 2b 68 6d 61 63   c-md5-96...+hmac

RP/0/RSP0/CPU0:Jun 26 11:11:52.785 : SSHD_[65602]: 00d0 - 2d 73 68 61 31 2c 68 6d-61 63 2d 73 68 61 31 2d   -sha1,hmac-sha1-

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: 00e0 - 39 36 2c 68 6d 61 63 2d-6d 64 35 2c 68 6d 61 63   96,hmac-md5,hmac

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: 00f0 - 2d 6d 64 35 2d 39 36 00-00 00 04 6e 6f 6e 65 00   -md5-96....none.

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: 0100 - 00 00 04 6e 6f 6e 65 00-00 00 00 00 00 00 00 00   ...none.........

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: 0110 - 00 00 00 00 00 00 00 00-                          ........

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: Receive:Final: tcpbuflen = 280, len = 271

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: 0000 - 14 44 4e b1 a5 eb d3 4e-b3 87 d9 9b 9a 75 15 ad   .DN....N.....u..

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: 0010 - 92 00 00 00 1a 64 69 66-66 69 65 2d 68 65 6c 6c   .....diffie-hell

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: 0020 - 6d 61 6e 2d 67 72 6f 75-70 31 2d 73 68 61 31 00   man-group1-sha1.

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: 0030 - 00 00 07 73 73 68 2d 72-73 61 00 00 00 29 61 65   ...ssh-rsa...)ae

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: 0040 - 73 31 32 38 2d 63 62 63-2c 33 64 65 73 2d 63 62   s128-cbc,3des-cb

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: 0050 - 63 2c 61 65 73 31 39 32-2d 63 62 63 2c 61 65 73   c,aes192-cbc,aes

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: 0060 - 32 35 36 2d 63 62 63 00-00 00 29 61 65 73 31 32   256-cbc...)aes12

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: 0070 - 38 2d 63 62 63 2c 33 64-65 73 2d 63 62 63 2c 61   8-cbc,3des-cbc,a

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: 0080 - 65 73 31 39 32 2d 63 62-63 2c 61 65 73 32 35 36   es192-cbc,aes256

RP/0/RSP0/CPU0:Jun 26 11:11:52.786 : SSHD_[65602]: 0090 - 2d 63 62 63 00 00 00 2b-68 6d 61 63 2d 73 68 61   -cbc...+hmac-sha

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: 00a0 - 31 2c 68 6d 61 63 2d 73-68 61 31 2d 39 36 2c 68   1,hmac-sha1-96,h

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: 00b0 - 6d 61 63 2d 6d 64 35 2c-68 6d 61 63 2d 6d 64 35   mac-md5,hmac-md5

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: 00c0 - 2d 39 36 00 00 00 2b 68-6d 61 63 2d 73 68 61 31   -96...+hmac-sha1

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: 00d0 - 2c 68 6d 61 63 2d 73 68-61 31 2d 39 36 2c 68 6d   ,hmac-sha1-96,hm

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: 00e0 - 61 63 2d 6d 64 35 2c 68-6d 61 63 2d 6d 64 35 2d   ac-md5,hmac-md5-

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: 00f0 - 39 36 00 00 00 04 6e 6f-6e 65 00 00 00 04 6e 6f   96....none....no

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: 0100 - 6e 65 00 00 00 00 00 00-00 00 00 00 00 00 00      ne.............

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: Received --------------> KEXINIT

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: Calling Receive kexinit 10

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: Peer Proposal : diffie-hellman-group1-sha1

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: Peer Proposal : ssh-rsa

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: Peer Proposal : aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: Peer Proposal : aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: Peer Proposal : hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: Peer Proposal : hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: Peer Proposal : none

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: Peer Proposal : none

RP/0/RSP0/CPU0:Jun 26 11:11:52.787 : SSHD_[65602]: Peer Proposal :

RP/0/RSP0/CPU0:Jun 26 11:11:52.788 : SSHD_[65602]: Peer Proposal :

RP/0/RSP0/CPU0:Jun 26 11:11:52.788 : SSHD_[65602]: In cleanup code, pid:565314, sig rcvd:0, state:2

RP/0/RSP0/CPU0:Jun 26 11:11:52.788 : SSHD_[65602]: Cleanup sshd process 565314, session id 0

RP/0/RSP0/CPU0:Jun 26 11:11:52.790 : SSHD_[65602]: Closing connection to 172.16.14.5

RP/0/RSP0/CPU0:Jun 26 11:11:52.790 : SSHD_[65602]: Sending Disconnect msg

RP/0/RSP0/CPU0:Jun 26 11:11:52.790 : SSHD_[65602]: Transmission:Original: len = 13

RP/0/RSP0/CPU0:Jun 26 11:11:52.790 : SSHD_[65602]: 0000 - 01 00 00 00 0b 00 00 00-00 00 00 00 00            .............

RP/0/RSP0/CPU0:Jun 26 11:11:52.790 : SSHD_[65602]: Transmitting data in bin mode

RP/0/RSP0/CPU0:Jun 26 11:11:52.790 : SSHD_[65602]: Transmission:Final: len = 32

RP/0/RSP0/CPU0:Jun 26 11:11:52.790 : SSHD_[65602]: 0000 - 00 00 00 1c 0e 01 00 00-00 0b 00 00 00 00 00 00   ................

RP/0/RSP0/CPU0:Jun 26 11:11:52.790 : SSHD_[65602]: 0010 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................

RP/0/RSP0/CPU0:Jun 26 11:11:52.790 : SSHD_[65602]: writing bytes to sockfd

RP/0/RSP0/CPU0:Jun 26 11:11:52.790 : SSHD_[65602]: done writing bytes to sockfd (rc:0)

RP/0/RSP0/CPU0:Jun 26 11:11:52.790 : SSHD_[65602]: sshd_shm_acquire_lock: SHM Lock is NULL

RP/0/RSP0/CPU0:Jun 26 11:11:52.790 : SSHD_[65602]: sshd_shm_unlock: SHM Lock is NULL

RP/0/RSP0/CPU0:Jun 26 11:11:52.799 : SSHD_[1144]: Signal 18 received in handler: pid 565314

the configuration on ASR for SSH is:

line template SSH

exec-timeout 0 0

transport input ssh telnet

!

line console

exec-timeout 0 0

length 0

ssh server vrf gat

ssh timeout 120

ssh server session-limit 10

Best Regards

7 Replies 7

xthuijs
Cisco Employee
Cisco Employee

Do you have a VTY pool configured?

vty-pool default 0 4 line-template default

It looks fine from a quick glance, but make sure client and server have the same key options and running hte same ssh version.

regards

xander

Hi, We try to do that You described but we have the same error.

Regards,

Alekz J.

Hi,

We had been getting input the Crypto Key command into the config terminal mode.

But yesterday my co-worker getting input just in enable mode and it´s worked fine!!!

Thanks a lot.

Alekz J.

Super, thanks for letting us know that everything is working as it should Alekz!

regards

xander

Bryan Garland
Cisco Employee
Cisco Employee

Did you generate your local crypto keys?

RP/0/RSP0/CPU0:ASR9006-H#crypto key generate ?

  dsa  Generate DSA keys

  rsa  Generate RSA keys

yeah I had another thought in addition to that, could there be an mtu mismatch or something similar?

if you try to ssh form the XR prompt to yourself, does that work, that might be a good test also.

is there any detail from the client that says something about the disconnect?

regards

xander

petehaaswws
Level 1
Level 1

This could be related: I had a similar issue with access with my ssh client (putty in this case) reporting 'Server host key invalid'. The solution was to change the Encryption preference order here in putty:

petehaaswws_0-1674056937408.png