Tuesday, May 02, 2006

 

SSH debug. (Question #63)

Here is some debug output from debug ip ssh on a Cisco router -

01:38:40: SSH0: starting SSH control process
01:38:40: SSH0: sent protocol version id SSH-1.5-Cisco-1.25
01:38:40: SSH0: protocol version id is - SSH-1.5-Cisco-1.25
01:38:40: SSH0: SSH_SMSG_PUBLIC_KEY msg
01:38:40: SSH0: SSH_CMSG_SESSION_KEY msg - length 112, type 0x03
01:38:40: SSH: RSA decrypt started
01:38:40: SSH: RSA decrypt finished
01:38:40: SSH: RSA decrypt started
01:38:40: SSH: RSA decrypt finished
01:38:40: SSH0: sending encryption confirmation
01:38:40: SSH0: keys exchanged and encryption on
01:38:40: %SSH-5-SSH_SESSION: SSH Session request from 10.10.10.1 (tty = 0) using crypto cipher 'DES' Succeeded
01:38:40: SSH0: SSH_CMSG_USER message received
01:38:40: SSH0: authentication request for userid R1
01:38:40: SSH0: SSH_SMSG_FAILURE message sent


Note the final reference to a failure message being sent. Is this always a problem? Could the SSH connection have been successful in spite of this failure message?

Comments:
Hi dudes,

SSH_MSG_FAILURE doesn't necessarily refers to a connection problem.

This message can pop up from a host which isn't compatible with compression, x11 forwarding or some others messsage types.

Despite the message, the connection can be successful.

Cheers,
 
Yes, that answer is right. As it happens the standard actually requires that failure code to be sent to indicate that authentication is needed.

Take a look at
http://free.lp.se/fish/rfc.txt
 
Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?