Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
ssh problem with Cisco router
4,312 views
Skip to first unread message
Rizio
Apr 15, 2014, 3:26:15 AM4/15/14
to
Hi all,
after last slack update I have problem to connect to Cisco router
(C180X-ADVIPSERVICESK9-M), Version 12.4(24)T2, RELEASE SOFTWARE (fc2) ).
The connection are refused with an unknow error:
rizio@darkstar:~$ ssh -l admin 172.31.6.251
Connection closed by 172.31.6.251
in router console appears only that maessage:
Apr 15 09:22:55.013: SSH2 1: Invalid modulus length
I've try to rebuild the key on router but nothing change
Any suggestion?
TIA
Rizio
--- news://freenews.netfront.net/ - complaints: ne...@netfront.net ---
after last slack update I have problem to connect to Cisco router
(C180X-ADVIPSERVICESK9-M), Version 12.4(24)T2, RELEASE SOFTWARE (fc2) ).
The connection are refused with an unknow error:
rizio@darkstar:~$ ssh -l admin 172.31.6.251
Connection closed by 172.31.6.251
in router console appears only that maessage:
Apr 15 09:22:55.013: SSH2 1: Invalid modulus length
I've try to rebuild the key on router but nothing change
Any suggestion?
TIA
Rizio
--- news://freenews.netfront.net/ - complaints: ne...@netfront.net ---
Henrik Carlqvist
Apr 15, 2014, 5:13:48 PM4/15/14
to
On Tue, 15 Apr 2014 09:26:15 +0200, Rizio wrote:
> rizio@darkstar:~$ ssh -l admin 172.31.6.251
> Connection closed by 172.31.6.251
> Any suggestion?
> rizio@darkstar:~$ ssh -l admin 172.31.6.251
> Connection closed by 172.31.6.251
ssh -vvv -l admin 172.31.6.251
...might give a clue.
regards Henrik
--
The address in the header is only to prevent spam. My real address is:
hc351(at)poolhem.se Examples of addresses which go to spammers:
root@localhost postmaster@localhost
Rizio
Apr 16, 2014, 8:40:39 AM4/16/14
to
Il 15/04/2014 23.13, Henrik Carlqvist ha scritto:
> ssh -vvv -l admin 172.31.6.251
Tnk's, good hint, I try then I come back
> ssh -vvv -l admin 172.31.6.251
Rizio
Apr 17, 2014, 4:00:33 AM4/17/14
to
Il 04/15/2014 11:13 PM, Henrik Carlqvist ha scritto:
All right, I'm here.
> ssh -vvv -l admin 172.31.6.251
I've tried and this is the output:
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: ciphers ok:
[aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc]
debug3: macs ok: [hmac-md5,hmac-sha1,uma...@openssh.com,hmac-ripemd160]
debug2: ssh_connect: needpriv 0
debug1: Connecting to 172.31.6.251 [172.31.6.251] port 22.
debug1: Connection established.
debug1: identity file /home/rizio/.ssh/identity type -1
debug1: identity file /home/rizio/.ssh/identity-cert type -1
debug1: identity file /home/rizio/.ssh/id_rsa type -1
debug1: identity file /home/rizio/.ssh/id_rsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/rizio/.ssh/id_dsa" as a RSA1 public key
debug1: identity file /home/rizio/.ssh/id_dsa type -1
debug1: identity file /home/rizio/.ssh/id_dsa-cert type -1
debug1: identity file /home/rizio/.ssh/id_ecdsa type -1
debug1: identity file /home/rizio/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/rizio/.ssh/id_ed25519 type -1
debug1: identity file /home/rizio/.ssh/id_ed25519-cert type -1
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "172.31.6.251" from file
"/home/rizio/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/rizio/.ssh/known_hosts:10
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs:
ssh-rsa-...@openssh.com,ssh-rsa-...@openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit:
ssh-rsa-...@openssh.com,ssh-rsa-...@openssh.com,ssh-rsa,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ssh-ed2551...@openssh.com,ssh-dss-...@openssh.com,ssh-dss-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-ripemd160
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-ripemd160
debug2: kex_parse_kexinit: none,zl...@openssh.com,zlib
debug2: kex_parse_kexinit: none,zl...@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by 172.31.6.251
With the last words "expecting SSH2_MSG_KEX_DH_GEX_GROUP" I've found this link
that seem to has the same problem but their solution not work for me.
http://superuser.com/questions/568891/ssh-works-in-putty-but-not-terminal
What's happen? I dont' understand, can you explain me?
All right, I'm here.
> ssh -vvv -l admin 172.31.6.251
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: ciphers ok:
[aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc]
debug3: macs ok: [hmac-md5,hmac-sha1,uma...@openssh.com,hmac-ripemd160]
debug2: ssh_connect: needpriv 0
debug1: Connecting to 172.31.6.251 [172.31.6.251] port 22.
debug1: Connection established.
debug1: identity file /home/rizio/.ssh/identity type -1
debug1: identity file /home/rizio/.ssh/identity-cert type -1
debug1: identity file /home/rizio/.ssh/id_rsa type -1
debug1: identity file /home/rizio/.ssh/id_rsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/rizio/.ssh/id_dsa" as a RSA1 public key
debug1: identity file /home/rizio/.ssh/id_dsa type -1
debug1: identity file /home/rizio/.ssh/id_dsa-cert type -1
debug1: identity file /home/rizio/.ssh/id_ecdsa type -1
debug1: identity file /home/rizio/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/rizio/.ssh/id_ed25519 type -1
debug1: identity file /home/rizio/.ssh/id_ed25519-cert type -1
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "172.31.6.251" from file
"/home/rizio/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/rizio/.ssh/known_hosts:10
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs:
ssh-rsa-...@openssh.com,ssh-rsa-...@openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit:
ssh-rsa-...@openssh.com,ssh-rsa-...@openssh.com,ssh-rsa,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ssh-ed2551...@openssh.com,ssh-dss-...@openssh.com,ssh-dss-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-ripemd160
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-ripemd160
debug2: kex_parse_kexinit: none,zl...@openssh.com,zlib
debug2: kex_parse_kexinit: none,zl...@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by 172.31.6.251
With the last words "expecting SSH2_MSG_KEX_DH_GEX_GROUP" I've found this link
that seem to has the same problem but their solution not work for me.
http://superuser.com/questions/568891/ssh-works-in-putty-but-not-terminal
What's happen? I dont' understand, can you explain me?
Henrik Carlqvist
Apr 17, 2014, 4:56:02 PM4/17/14
to
On Thu, 17 Apr 2014 10:00:33 +0200, Rizio wrote:
> http://superuser.com/questions/568891/ssh-works-in-putty-but-not-
terminal
That page also links to http://www.held.org.il/blog/2011/05/the-myterious-
case-of-broken-ssh-client-connection-reset-by-peer/ which seems to suggest
ssh -c aes256-ctr
or downgrading to an older version of openssh.
> http://superuser.com/questions/568891/ssh-works-in-putty-but-not-
terminal
That page also links to http://www.held.org.il/blog/2011/05/the-myterious-
case-of-broken-ssh-client-connection-reset-by-peer/ which seems to suggest
ssh -c aes256-ctr
or downgrading to an older version of openssh.
Rizio
Apr 23, 2014, 4:03:07 AM4/23/14
to
Il 04/17/2014 10:56 PM, Henrik Carlqvist ha scritto:
> That page also links to http://www.held.org.il/blog/2011/05/the-myterious-
> case-of-broken-ssh-client-connection-reset-by-peer/ which seems to suggest
Yes, right, I think that my case :(
> That page also links to http://www.held.org.il/blog/2011/05/the-myterious-
> case-of-broken-ssh-client-connection-reset-by-peer/ which seems to suggest
> ssh -c aes256-ctr
Unfortunatly this workaround don't seems work.
> or downgrading to an older version of openssh.
> regards Henrik
Thank you very much for your reply and you help.
yo...@pingdom.com
Jul 4, 2014, 1:26:50 PM7/4/14
to
Increase the DH key size,
i.e.; ip ssh dh min size 4096
hope that works.
i.e.; ip ssh dh min size 4096
hope that works.
Rizio
Jul 7, 2014, 5:12:05 AM7/7/14
to
Il 07/04/2014 07:26 PM, yo...@pingdom.com ha scritto:
> Increase the DH key size,
>
> i.e.; ip ssh dh min size 4096
>
> hope that works.
YESS!!!! It work!!! Thank you very much!
> Increase the DH key size,
>
> i.e.; ip ssh dh min size 4096
>
> hope that works.
How it has happened?
Another question: does the router should have any problem for this change? The
vpn tunnel may did problems?
Thank you in advance
derek...@gmail.com
Jan 29, 2016, 11:17:16 AM1/29/16
to
I experienced the same problem connecting from primarily Ubuntu Servers to a Cisco 1841. I ran the debug ip ssh client on the 1841 which came back with teh following log:
Jan 29 16:06:06.651: SSH1: protocol version id is - SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
Jan 29 16:06:06.879: SSH2 1: Invalid modulus length
Jan 29 16:06:06.991: SSH1: Session disconnected - error 0x00
I tried regenerating the SSH keys with the same key length 1024, and still experienced the problem connecting.
Increasing the DH Key size resolved the problem. Thank You!
0 new messages