ssh connection: login successful -> disconnected (ICX7150)

  • 1
  • Question
  • Updated 4 months ago
Hi,
I'm trying to setup two ICX-7150. First I configure a certificate, a ssh-key and a user.
I can login using a web browser or a serial connection, but ssh fails.
A password prompt is shown, I get connected (the session prompt is shown), but the session is terminated immediately.
Any idea ?
Photo of Peer-Joachim Koch

Peer-Joachim Koch

  • 7 Posts
  • 1 Reply Like

Posted 5 months ago

  • 1
Photo of Ben

Ben, Employee

  • 43 Posts
  • 6 Reply Likes
SSH setup normally looks something like this:

1. Enable  SSH server

Fastiron(config)#crypto key gen

Creating key pair, please wait...

Key pair is successfully created

2. Create a user

Fastiron(config)#username Admin password admin123

3. Enable AAA

Fastiron(config)#aaa authentication login default local  <---this could be radius, tacacs, etc
Photo of Peer-Joachim Koch

Peer-Joachim Koch

  • 7 Posts
  • 1 Reply Like
Yes, that is exactly what I've done. I can login, the password is accepted, I see the prompt (so auth is working), but then the connection is terminated. From my ssh client I see:
...
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to 10.X.X.X ([10.X.X.X]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug1: pledge: exec
debug2: callback start
debug2: x11_get_proto: /usr/bin/xauth  list :0 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug1: Sending env LANG = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 8192 rmax 8192
debug2: channel_input_status_confirm: type 99 id 0
debug2: X11 forwarding request accepted on channel 0
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Received disconnect from 10.X.X.X port 22:2: Service is not known
Disconnected from 10.X.X.X port 22
Any idea ?
Photo of Ben

Ben, Employee

  • 43 Posts
  • 6 Reply Likes
Trying running 'debug ip ssh'. You will need to direct the output to your session with 'debug destination ssh/telnet/console <session-id>'. Session id can be found in 'show who'
Photo of Peer-Joachim Koch

Peer-Joachim Koch

  • 7 Posts
  • 1 Reply Like
I tried it, but no messages appear ?!?

SW_A2.012#show debug
Debug message destination:  Console
Generic IP:
          SSH:  debugging is on

From show log:
Feb 20 16:07:09:I:Security: SSH terminated by admin from src IP 141.5.16.161 from src MAC 609c.9f28.94e0 from PRIVILEGED EXEC mode usin.
Feb 20 16:07:08:I:Security: SSH login by admin from src IP 141.5.16.161 from src MAC 609c.9f28.94e0 to PRIVILEGED EXEC mode using RSA a.
Photo of Ben

Ben, Employee

  • 43 Posts
  • 6 Reply Likes
Your debug destination is set to console there. That means you would have to be physically consoled to the device to get it. You can redirect the output with 'debug destination ssh <session-num.' The session number is found in 'show who'
Photo of Peer-Joachim Koch

Peer-Joachim Koch

  • 7 Posts
  • 1 Reply Like
Yes, I'm using minicom and a usb2serial adapter to get administrative access. Using a second console  window I can also try to connect using ssh.
Photo of Bruce O'Donnell

Bruce O'Donnell, Employee

  • 2 Posts
  • 1 Reply Like
What SSH client are you using?
Putty seems to be compatible with most things.
I like TeraTerm which used to have SSHv1 only so had issues with some SSH implementations. Make sure you are using the latest version of whatever supporting SSHv2.
Photo of Peer-Joachim Koch

Peer-Joachim Koch

  • 7 Posts
  • 1 Reply Like
Well, on Windows I tried putty. Now the switches are next to my normal working machine running ubuntu 16.04 LTS.
"ssh -V
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016"

But you are on the right way! I tested an very old ssh client ( ssh 3.2.9) - this one IS working.
So the settings of the ssh on the switch do NOT work with new ssh clients. I'll check the settings!
Photo of Peer-Joachim Koch

Peer-Joachim Koch

  • 7 Posts
  • 1 Reply Like
OK, I found the problem. I have enabled X-forwarding in my ssh config. This is killing the connection!
Using "ssh -x ...." (-x disables the forwarding for the connection under linux) everything is working.
Never saw this problem before on any device ....
Thanks for the help!

Bye
Photo of chill

chill

  • 8 Posts
  • 0 Reply Likes
Thank you for coming back and posting about what the problem was. This is helpful.