Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

2910al - ssh connection issue

Chris_KK
Occasional Visitor

2910al - ssh connection issue

Hello,

I have an issue with ssh connection to procurve switch. It looks like ssh service stopped working without any

reasons...

 

SSH configuration has not been changed. And it looks  as follows:
aaa authentication ssh login tacacs local

 

Crypto key is OK (I tried to generate it several times to be sure it's OK):

crypto key generate ssh

 

When I am connecting from HP-UX I got:
ssh_exchange_identification: Connection closed by remote host

 

and from Cisco router:
Oct 18 14:10:31.687: SSH CLIENT0: receive failure - status 0x07
Oct 18 14:10:31.687: SSH CLIENT0: protocol version exchange failure (code = 7)
Oct 18 14:10:31.687: SSH CLIENT0: Session disconnected - error 0x07d

 

I have no idea what is going on and how to resolve this issue. The switch is on the production so I cannot do

reboot.

 

I have browsed the internet but didn't find anyone with the same problem.
And one more thing - telnet is working without any problem.

 

Some tech info:
Chassis: 2910al-48G  J9147A
soft:  W.14.49

 sh authentication

 Status and Counters - Authentication Information

  Login Attempts : 3
  Respect Privilege : Enabled

              | Login      Login      Enable     Enable
  Access Task | Primary    Secondary  Primary    Secondary
  ----------- + ---------- ---------- ---------- ----------
  Console     | Local      None       Local      None
  Telnet      | Tacacs     Local      Local      None
  Port-Access | Local      None
  Webui       | Local      None       Local      None
  SSH         | Tacacs     Local      Local      None
  Web-Auth    | ChapRadius None
  MAC-Auth    | ChapRadius None

 

sh ip ssh

  SSH Enabled     : Yes                 Secure Copy Enabled : No
  TCP Port Number : 22                  Timeout (sec)       : 120
  Host Key Type   : RSA                 Host Key Size       : 2048

  Ciphers : aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,
            rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
  MACs    : hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96

  Ses Type     | Source IP                                      Port
  --- -------- + ---------------------------------------------- -----
  1   console  |
  2   telnet   |
  3   inactive |
  4   inactive |
  5   inactive |
  6   inactive |

 

br

Chris

5 REPLIES
ISoliman
Super Advisor

Re: 2910al - ssh connection issue

Which SSH version does the HP-UX use ?

use this command also

aaa authentication ssh enable tacacs local


and try the below

ip ssh version 2
HzE
Occasional Visitor

Re: 2910al - ssh connection issue

We also have the same problem with two switches.

 

sw10# sh flash
Image           Size(Bytes)   Date   Version
-----           ----------  -------- -------
Primary Image   : 8602885   06/30/10 W.14.49
Secondary Image : 8457322   08/05/09 W.14.30
Boot Rom Version: W.14.04
Default Boot    : Primary

 

 

$ ssh -v sw10
OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to sw10 [192.168.1.25] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host

 

I suspect that these switches have faulty flash. Upgrading their software results in error "corrupt file" and "copy flash flash secondary" results in "Flash-to-flash copy of product code failed.".

 

icc-unix
Occasional Visitor

Re: 2910al - ssh connection issue

Problem: ssh connection issue in HP Integrity VM Environment, with below error:

debug3: packet_send2: adding 64 (len 58 padlen 6 extra pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password Permission denied, please try again.

Solution:

Basically this type of error will occur at the time of IP Conflict. Please check whether any other VM having same IP.

In our environment one Linux TEST VM already configured xx.xx.xx.227 (we don't know). We configured the same IP on xx.xx.xx.227 on HP Integrity VM. Then we try to access (ssh) the HP VM from our proxy Linux server and we face above error.

After that we came to know the TEST VM having the same IP and we removed the same, then we try to access the HP VM and we get the access successfully.

 

icc-unix
Occasional Visitor

Re: 2910al - ssh connection issue

Dear All,

Any one can explain, why we configure the nddconf file in HP-UX at the time of IP Configuration.

Dennis Handly
Acclaimed Contributor

Re: 2910al - ssh connection issue

>why we configure the nddconf file in HP-UX at the time of IP Configuration.

 

You may want to ask this is the HP-UX > networking board:

http://community.hpe.com/t5/Networking/bd-p/itrc-245