[lugm.org] CISCO IOS does not support OpenSSH 6.4

Fri Jan 10 09:55:34 UTC 2014

On 10 January 2014 10:38, Loganaden Velvindron <gnukid1 at yahoo.co.uk> wrote:

> The issue is present on the CISCO 1841 model line when using password
> authentication scheme:
>
> Here's the stock ssh client on MAC OS X.
>

> Here's the openssh client from www.openssh.com && compiled with default
> options.
>
> ./ssh -V
> OpenSSH_6.4p1
>
> OpenSSH_6.4, OpenSSL 0.9.8r 8 Feb 2011
> debug1: Reading configuration data /opt2/etc/ssh_config
>

Further correction:
The issue is present using openssh 6.4, compiled with OSX compiler X (fill
in what you used), on OSX version 10.x.x (whatever version you have),
against OpenSSL 0.9.8r, connecting to an 1841 router (using default compile
options and ssh_config as per source download).

Here is the same version of OpenSSH, but compiled on a Red Hat / CentOS /
other similar derivative, using the packager's choice of compile options
and gcc, running on a different CentOS install (6.x), with the ssh_config
from the previous openssh version as packaged by CentOS, linked against
OpenSSL 1.0.0...

$ ssh -V
OpenSSH_6.4p1, OpenSSL 1.0.0-fips 29 Mar 2010

$ ssh -v hostname.domain
OpenSSH_6.4, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 49: Applying options for *
debug1: Connecting to hostname.domain [ip.ip.ip.ip] port 22.
debug1: Connection established.
debug1: identity file /home/daniel/.ssh/id_rsa type -1
debug1: identity file /home/daniel/.ssh/id_rsa-cert type -1
debug1: identity file /home/daniel/.ssh/id_dsa type -1
debug1: identity file /home/daniel/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA bf:ec:34:55:8b:05:0a:6d:1e:7b:43:04:5d:03:b3:c7
debug1: Host 'hostname.domain' is known and matches the RSA host key.
debug1: Found key in ~/.ssh/known_hosts:61
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received

*************************************************************
* This is a restricted area. Unauthorised access prohibited *
*************************************************************
debug1: Authentications that can continue:
publickey,keyboard-interactive,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/daniel/.ssh/id_rsa
debug1: Trying private key: /home/daniel/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentications that can continue:
publickey,keyboard-interactive,password
Password:
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to hostname.domain ([ip.ip.ip.ip:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LC_ALL = en_US
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LANGUAGE = en_US.UTF-8

hostname.domain>

And...

hostname.domain#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version
15.0(1)M7, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 04-Aug-11 19:42 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/attachments/20140110/9709894f/attachment.html>