Tuesday, May 02, 2006

 

SSH debug. (Question #63)

Here is some debug output from debug ip ssh on a Cisco router -

01:38:40: SSH0: starting SSH control process
01:38:40: SSH0: sent protocol version id SSH-1.5-Cisco-1.25
01:38:40: SSH0: protocol version id is - SSH-1.5-Cisco-1.25
01:38:40: SSH0: SSH_SMSG_PUBLIC_KEY msg
01:38:40: SSH0: SSH_CMSG_SESSION_KEY msg - length 112, type 0x03
01:38:40: SSH: RSA decrypt started
01:38:40: SSH: RSA decrypt finished
01:38:40: SSH: RSA decrypt started
01:38:40: SSH: RSA decrypt finished
01:38:40: SSH0: sending encryption confirmation
01:38:40: SSH0: keys exchanged and encryption on
01:38:40: %SSH-5-SSH_SESSION: SSH Session request from 10.10.10.1 (tty = 0) using crypto cipher 'DES' Succeeded
01:38:40: SSH0: SSH_CMSG_USER message received
01:38:40: SSH0: authentication request for userid R1
01:38:40: SSH0: SSH_SMSG_FAILURE message sent

Note the final reference to a failure message being sent. Is this always a problem? Could the SSH connection have been successful in spite of this failure message?

# posted by Cisco da Gama @ 2:40 PM
Comments:
Hi dudes,

SSH_MSG_FAILURE doesn't necessarily refers to a connection problem.

This message can pop up from a host which isn't compatible with compression, x11 forwarding or some others messsage types.

Despite the message, the connection can be successful.

Cheers,
# posted by Anonymous Anonymous : Wed May 03, 06:04:00 AM 2006
 
Yes, that answer is right. As it happens the standard actually requires that failure code to be sent to indicate that authentication is needed.

Take a look at
http://free.lp.se/fish/rfc.txt
# posted by Blogger Cisco da Gama : Mon May 15, 03:33:00 PM 2006
 
Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?