[lugm.org] CISCO IOS does not support OpenSSH 6.4

Fri Jan 10 06:38:23 UTC 2014

The issue is present on the CISCO 1841 model line when using password authentication scheme:

Here's the stock ssh client on MAC OS X.

logan$ ssh -V
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011

OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to ip [ip] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /var/root/.ssh/id_rsa type -1
debug1: identity file /var/root/.ssh/id_rsa-cert type -1
debug1: identity file /var/root/.ssh/id_dsa type -1
debug1: identity file /var/root/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Warning: Permanently added 'ip' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,keyboard-interactive,password
debug1: Next authentication method: publickey
debug1: Trying private key: /var/root/.ssh/id_rsa
debug1: Trying private key: /var/root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive

---

Here's the openssh client from www.openssh.com && compiled with default options.

./ssh -V
OpenSSH_6.4p1

OpenSSH_6.4, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /opt2/etc/ssh_config
debug1: Connecting to ip [ip] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /var/root/.ssh/id_rsa type -1
debug1: identity file /var/root/.ssh/id_rsa-cert type -1
debug1: identity file /var/root/.ssh/id_dsa type -1
debug1: identity file /var/root/.ssh/id_dsa-cert type -1
debug1: identity file /var/root/.ssh/id_ecdsa type -1
debug1: identity file /var/root/.ssh/id_ecdsa-cert type -1
debug1: identity file /var/root/.ssh/id_ed25519 type -1
debug1: identity file /var/root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by ip

On Friday, 10 January 2014, 10:14, Loganaden Velvindron <gnukid1 at yahoo.co.uk> wrote:

On Thursday, 9 January 2014, 21:12, selven <pcthegreat at gmail.com> wrote:

Then the problem was wrongly laid out :D.

Thanks for clearing that out Daniel!

On Thu, Jan 9, 2014 at 9:08 PM, Daniel Shaw <daniel.shaw at point-oh.net>wrote:

>
>On 9 January 2014 12:02, selven <pcthegreat at gmail.com> wrote:
>
>hmm they are using an old version of openssh that say they consider as stable. Now if i am using a newer version of openssh and i try to connect to a cisco router, i would not be able to connect to that router? Right?
>>
>
>
> Actually wrong. See my previous post: You can in fact connect to most routers with the latest openssh.
>
>There may be some cases (it seems) where a certain configuration of the latest openssh cannot connect to certain Cisco IOS devices. Most likely a cipher incompatability.
>
>
>
>
>The issue is present on the CISCO 1841 model line when using password authentication scheme:
>
>
>Here's the stock ssh client on MAC OS X.
>
>
>logan$ ssh -V
>OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
>
>
>OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
>debug1: Reading configuration data /etc/ssh_config
>debug1: Applying options for *
>debug1: Connecting to ip [ip] port 22.
>debug1: Connection established.
>debug1: permanently_set_uid: 0/0
>debug1: identity file /var/root/.ssh/id_rsa type -1
>debug1: identity file /var/root/.ssh/id_rsa-cert type -1
>debug1: identity file /var/root/.ssh/id_dsa type -1
>debug1: identity file /var/root/.ssh/id_dsa-cert type -1
>debug1: Remote protocol version 2.0, remote software version Cisco-1.25
>debug1: no match: Cisco-1.25
>debug1: Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-2.0-OpenSSH_5.6
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug1: kex: server->client aes128-cbc hmac-md5 none
>debug1: kex: client->server aes128-cbc hmac-md5 none
>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>Warning: Permanently added 'ip' (RSA) to the list of known hosts.
>debug1: ssh_rsa_verify: signature correct
>debug1: SSH2_MSG_NEWKEYS sent
>debug1: expecting SSH2_MSG_NEWKEYS
>debug1: SSH2_MSG_NEWKEYS received
>debug1: Roaming not allowed by server
>debug1: SSH2_MSG_SERVICE_REQUEST sent
>debug1: SSH2_MSG_SERVICE_ACCEPT received
>
>
>
>
>
>
>
>
>debug1: Authentications that can continue: publickey,keyboard-interactive,password
>debug1: Next authentication method: publickey
>debug1: Trying private key: /var/root/.ssh/id_rsa
>debug1: Trying private key: /var/root/.ssh/id_dsa
>debug1: Next authentication method: keyboard-interactive
>
>
>---
>
>
>Here's the openssh client from 6.4
>./ssh -V
>OpenSSH_6.4p1
>
>
>
>OpenSSH_6.4, OpenSSL 0.9.8r 8 Feb 2011
>debug1: Reading configuration data /opt2/etc/ssh_config
>debug1: Connecting to ip [ip] port 22.
>debug1: Connection established.
>debug1: permanently_set_uid: 0/0
>debug1: identity file /var/root/.ssh/id_rsa type -1
>debug1: identity file /var/root/.ssh/id_rsa-cert type -1
>debug1: identity file /var/root/.ssh/id_dsa type -1
>debug1: identity file /var/root/.ssh/id_dsa-cert type -1
>debug1: identity file /var/root/.ssh/id_ecdsa type -1
>debug1: identity file /var/root/.ssh/id_ecdsa-cert type -1
>debug1: identity file /var/root/.ssh/id_ed25519 type -1
>debug1: identity file /var/root/.ssh/id_ed25519-cert type -1
>debug1: Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-2.0-OpenSSH_6.4
>debug1: Remote protocol version 2.0, remote software version Cisco-1.25
>debug1: no match: Cisco-1.25
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug1: kex: server->client aes128-cbc hmac-md5 none
>debug1: kex: client->server aes128-cbc hmac-md5 none
>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>Connection closed by ip
>
>
>
>__________________________________________________________
>Linux User Group of Mauritius (LUGM) Discuss mailing list
>Website: http://lugm.org
>Mailing list archive: http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>Forum: http://lugm.org/forum/
>IRC: #linux.muon Freenode
>

-- 

Pirabarlen Cheenaramen | $3|v3n 
L'escalier
mobile: +230 549 24 918
blog || fb || pgp

/*memory is like prison*/ (user==selven)?free(user):user=malloc(sizeof(brain));
P Save electricity & disk space. Cat this mail to >/dev/null 2>&1 after use.

__________________________________________________________
Linux User Group of Mauritius (LUGM) Discuss mailing list
Website: http://lugm.org
Mailing list archive: http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
Forum: http://lugm.org/forum/
IRC: #linux.mu on Freenode
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/attachments/20140110/b17e79e2/attachment.html>