[lugm.org] CISCO IOS does not support OpenSSH 6.4

Loganaden Velvindron gnukid1 at yahoo.co.uk
Fri Jan 10 10:50:32 UTC 2014 

I received complaints from OpenSSH users that there's a similar issue with CISCO 6506.





On Friday, 10 January 2014, 13:55, Daniel Shaw <daniel.shaw at point-oh.net> wrote:
 


On 10 January 2014 10:38, Loganaden Velvindron <gnukid1 at yahoo.co.uk> wrote:

The issue is present on the CISCO 1841 model line when using password authentication scheme:
>
>
>Here's the stock ssh client on MAC OS X.
 
Here's the openssh client from www.openssh.com && compiled with default options.
>
>
>./ssh -V
>OpenSSH_6.4p1
>
>
>
>OpenSSH_6.4, OpenSSL 0.9.8r 8 Feb 2011
>debug1: Reading configuration data /opt2/etc/ssh_config 

Further correction:

The issue is present using openssh 6.4, compiled with OSX compiler X (fill in what you used), on OSX version 10.x.x (whatever version you have), against OpenSSL 0.9.8r, connecting to an 1841 router (using default compile options and ssh_config as per source download).


Here is the same version of OpenSSH, but compiled on a Red Hat / CentOS / other similar derivative, using the packager's choice of compile options and gcc, running on a different CentOS install (6.x), with the ssh_config from the previous openssh version as packaged by CentOS, linked against OpenSSL 1.0.0...

$ ssh -V
OpenSSH_6.4p1, OpenSSL 1.0.0-fips 29 Mar 2010

$ ssh -v hostname.domain
OpenSSH_6.4, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 49: Applying options for *
debug1: Connecting to hostname.domain [ip.ip.ip.ip] port 22.
debug1: Connection established.
debug1: identity file /home/daniel/.ssh/id_rsa type -1
debug1: identity file /home/daniel/.ssh/id_rsa-cert type -1
debug1: identity file /home/daniel/.ssh/id_dsa type -1
debug1: identity file /home/daniel/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA bf:ec:34:55:8b:05:0a:6d:1e:7b:43:04:5d:03:b3:c7
debug1: Host 'hostname.domain' is known and matches the RSA host key.
debug1: Found key in ~/.ssh/known_hosts:61
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received

*************************************************************
* This is a restricted area. Unauthorised access prohibited *
*************************************************************
debug1: Authentications that can continue: publickey,keyboard-interactive,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/daniel/.ssh/id_rsa
debug1: Trying private key: /home/daniel/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:

debug1: Authentications that can continue: publickey,keyboard-interactive,password
Password:
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to hostname.domain ([ip.ip.ip.ip:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LC_ALL = en_US
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LANGUAGE = en_US.UTF-8

hostname.domain>


And...

hostname.domain#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 15.0(1)M7, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 04-Aug-11 19:42 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/attachments/20140110/8eb0ef6a/attachment.html>

More information about the Discuss mailing list