Skip to main content

7 Messages

 • 

180 Points

Fri, Feb 16, 2018 1:10 PM

ssh connection: login successful -> disconnected (ICX7150)

Hi,
I'm trying to setup two ICX-7150. First I configure a certificate, a ssh-key and a user.
I can login using a web browser or a serial connection, but ssh fails.
A password prompt is shown, I get connected (the session prompt is shown), but the session is terminated immediately.
Any idea ?

Responses

Employee

 • 

125 Messages

 • 

2.4K Points

3 years ago

SSH setup normally looks something like this:

1. Enable  SSH server

Fastiron(config)#crypto key gen

Creating key pair, please wait...

Key pair is successfully created

2. Create a user

Fastiron(config)#username Admin password admin123

3. Enable AAA

Fastiron(config)#aaa authentication login default local  <---this could be radius, tacacs, etc

Support - 1-855-782-5871
https://support.ruckuswireless.com/contact-us

7 Messages

 • 

180 Points

3 years ago

Yes, that is exactly what I've done. I can login, the password is accepted, I see the prompt (so auth is working), but then the connection is terminated. From my ssh client I see:
...
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to 10.X.X.X ([10.X.X.X]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug1: pledge: exec
debug2: callback start
debug2: x11_get_proto: /usr/bin/xauth  list :0 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug1: Sending env LANG = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 8192 rmax 8192
debug2: channel_input_status_confirm: type 99 id 0
debug2: X11 forwarding request accepted on channel 0
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Received disconnect from 10.X.X.X port 22:2: Service is not known
Disconnected from 10.X.X.X port 22
Any idea ?

Employee

 • 

125 Messages

 • 

2.4K Points

3 years ago

Trying running 'debug ip ssh'. You will need to direct the output to your session with 'debug destination ssh/telnet/console '. Session id can be found in 'show who'

Support - 1-855-782-5871
https://support.ruckuswireless.com/contact-us

7 Messages

 • 

180 Points

3 years ago

I tried it, but no messages appear ?!?

SW_A2.012#show debug
Debug message destination:  Console
Generic IP:
          SSH:  debugging is on

From show log:
Feb 20 16:07:09:I:Security: SSH terminated by admin from src IP 141.5.16.161 from src MAC 609c.9f28.94e0 from PRIVILEGED EXEC mode usin.
Feb 20 16:07:08:I:Security: SSH login by admin from src IP 141.5.16.161 from src MAC 609c.9f28.94e0 to PRIVILEGED EXEC mode using RSA a.

Employee

 • 

125 Messages

 • 

2.4K Points

3 years ago

Your debug destination is set to console there. That means you would have to be physically consoled to the device to get it. You can redirect the output with 'debug destination ssh

Support - 1-855-782-5871
https://support.ruckuswireless.com/contact-us

7 Messages

 • 

180 Points

3 years ago

Yes, I'm using minicom and a usb2serial adapter to get administrative access. Using a second console  window I can also try to connect using ssh.

2 Messages

 • 

90 Points

3 years ago

What SSH client are you using?
Putty seems to be compatible with most things.
I like TeraTerm which used to have SSHv1 only so had issues with some SSH implementations. Make sure you are using the latest version of whatever supporting SSHv2.

7 Messages

 • 

180 Points

3 years ago

Well, on Windows I tried putty. Now the switches are next to my normal working machine running ubuntu 16.04 LTS.
"ssh -V
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016"

But you are on the right way! I tested an very old ssh client ( ssh 3.2.9) - this one IS working.
So the settings of the ssh on the switch do NOT work with new ssh clients. I'll check the settings!

7 Messages

 • 

180 Points

3 years ago

OK, I found the problem. I have enabled X-forwarding in my ssh config. This is killing the connection!
Using "ssh -x ...." (-x disables the forwarding for the connection under linux) everything is working.
Never saw this problem before on any device ....
Thanks for the help!

Bye

21 Messages

 • 

446 Points

Thank you for coming back and posting about what the problem was. This is helpful.