DX NetOps

Hello!

Spectrum 10.4.2, found a problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.
For ease of finding problems, I use the OneClick settings for a direct connection between my host and the Cisco device.
The Cisco logs show that the client is applying SSH version 1.
If on Cisco ASR9K allow in 1, the connection still fails.
To other types of devices (ASA, C76xx IOS), the connection of the SSH is normal.
Maybe the problem is in the model?
Is the SSH version configured in the model?

############## OneClick console telnet debug ##################
ноя 02, 2020 19:14:19.590 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createSocket: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
ноя 02, 2020 19:14:19.762 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createNetworkConnection: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
java.io.IOException: Удаленный хост принудительно разорвал существующее подключение
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(Unknown Source)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
at sun.nio.ch.IOUtil.read(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at com.mindbright.nio.Switchboard.handleKey(Switchboard.java:458)
at com.mindbright.nio.Switchboard.run(Switchboard.java:363)
at java.lang.Thread.run(Unknown Source)

############## Cisco Host MSN_01_052_1 ip 10.25.68.129 logs ##################
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.760 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_DETAILS : Client closes socket connection 10.41.255.77 Connection reset by peer
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-6-INFO_GENERAL : Error in receiving remote SSH version
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_GENERAL : Failed in version exchange
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.768 MSK: SSHD_[1166]: %SECURITY-SSHD-6-INFO_GENERAL : Incoming SSH session rate limit exceeded


############## Direct connection (not through the OneClick console) from my host to the ASR9K IOS-XR router device ####################
D:\Portable\PyCmd> ipconfig

Настройка протокола IP для Windows
Адаптер Ethernet Ethernet:
DNS-суффикс подключения . . . . . :
Локальный IPv6-адрес канала . . . : fe80::8084:46a6:731e:cef6%26
IPv4-адрес. . . . . . . . . . . . : 10.41.255.77
Маска подсети . . . . . . . . . . : 255.255.255.192
Основной шлюз. . . . . . . . . : 10.41.255.126

D:\Portable\PyCmd> ssh alit@10.250.68.129

THIS DEVICE IS PART OF A
------------------------
PRIVATE NETWORK
---------------
************************************************
* Unauthorised access or use of this equipment *
* is prohibited and constitutes an offence. *
* If you are not authorised to use this *
* system, terminate this session now. *
************************************************
password:
RP/0/RSP0/CPU0:MSN_01_052_1#

Andrey,

Please take a look at the following community post and let me know if this resolves the issue for you.

https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=746174#bme4301e6f-fb6b-4beb-9eb9-e526d05bec45

Joe
Original Message:
Sent: 11-02-2020 01:07 PM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello!

Spectrum 10.4.2, found a problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.
For ease of finding problems, I use the OneClick settings for a direct connection between my host and the Cisco device.
The Cisco logs show that the client is applying SSH version 1.
If on Cisco ASR9K allow in 1, the connection still fails.
To other types of devices (ASA, C76xx IOS), the connection of the SSH is normal.
Maybe the problem is in the model?
Is the SSH version configured in the model?

############## OneClick console telnet debug ##################
ноя 02, 2020 19:14:19.590 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createSocket: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
ноя 02, 2020 19:14:19.762 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createNetworkConnection: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
java.io.IOException: Удаленный хост принудительно разорвал существующее подключение
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(Unknown Source)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
at sun.nio.ch.IOUtil.read(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at com.mindbright.nio.Switchboard.handleKey(Switchboard.java:458)
at com.mindbright.nio.Switchboard.run(Switchboard.java:363)
at java.lang.Thread.run(Unknown Source)

############## Cisco Host MSN_01_052_1 ip 10.25.68.129 logs ##################
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.760 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_DETAILS : Client closes socket connection 10.41.255.77 Connection reset by peer
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-6-INFO_GENERAL : Error in receiving remote SSH version
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_GENERAL : Failed in version exchange
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.768 MSK: SSHD_[1166]: %SECURITY-SSHD-6-INFO_GENERAL : Incoming SSH session rate limit exceeded


############## Direct connection (not through the OneClick console) from my host to the ASR9K IOS-XR router device ####################
D:\Portable\PyCmd> ipconfig

Настройка протокола IP для Windows
Адаптер Ethernet Ethernet:
DNS-суффикс подключения . . . . . :
Локальный IPv6-адрес канала . . . : fe80::8084:46a6:731e:cef6%26
IPv4-адрес. . . . . . . . . . . . : 10.41.255.77
Маска подсети . . . . . . . . . . : 255.255.255.192
Основной шлюз. . . . . . . . . : 10.41.255.126

D:\Portable\PyCmd> ssh alit@10.250.68.129

THIS DEVICE IS PART OF A
------------------------
PRIVATE NETWORK
---------------
************************************************
* Unauthorised access or use of this equipment *
* is prohibited and constitutes an offence. *
* If you are not authorised to use this *
* system, terminate this session now. *
************************************************
password:
RP/0/RSP0/CPU0:MSN_01_052_1#

Hi, Joseph

This post doesn't solve my problem.
I cannot connect from OneClick console to a certain type of Cisco ACR9K devices.
The documentation describes that the MindTerm utility is used that supports SSH2. My device also only supports SSH2.
But apparently MindTerm and ASR9K cannot agree on the protocol settings.
NCM successfully capture configurations for Cisco ASR9K.
It is not possible to connect to ASR9K only by the right SSH2 button by the OneClick client.

Everything except ASR9K SSH2 is successful.

All ASR9K fail.


------------------------------
Andrey
------------------------------

Original Message:
Sent: 11-04-2020 01:53 PM
From: Joseph Ackley
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Andrey,

Please take a look at the following community post and let me know if this resolves the issue for you.

https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=746174#bme4301e6f-fb6b-4beb-9eb9-e526d05bec45

Joe
Original Message:
Sent: 11-02-2020 01:07 PM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello!

Spectrum 10.4.2, found a problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.
For ease of finding problems, I use the OneClick settings for a direct connection between my host and the Cisco device.
The Cisco logs show that the client is applying SSH version 1.
If on Cisco ASR9K allow in 1, the connection still fails.
To other types of devices (ASA, C76xx IOS), the connection of the SSH is normal.
Maybe the problem is in the model?
Is the SSH version configured in the model?

############## OneClick console telnet debug ##################
ноя 02, 2020 19:14:19.590 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createSocket: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
ноя 02, 2020 19:14:19.762 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createNetworkConnection: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
java.io.IOException: Удаленный хост принудительно разорвал существующее подключение
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(Unknown Source)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
at sun.nio.ch.IOUtil.read(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at com.mindbright.nio.Switchboard.handleKey(Switchboard.java:458)
at com.mindbright.nio.Switchboard.run(Switchboard.java:363)
at java.lang.Thread.run(Unknown Source)

############## Cisco Host MSN_01_052_1 ip 10.25.68.129 logs ##################
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.760 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_DETAILS : Client closes socket connection 10.41.255.77 Connection reset by peer
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-6-INFO_GENERAL : Error in receiving remote SSH version
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_GENERAL : Failed in version exchange
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.768 MSK: SSHD_[1166]: %SECURITY-SSHD-6-INFO_GENERAL : Incoming SSH session rate limit exceeded


############## Direct connection (not through the OneClick console) from my host to the ASR9K IOS-XR router device ####################
D:\Portable\PyCmd> ipconfig

Настройка протокола IP для Windows
Адаптер Ethernet Ethernet:
DNS-суффикс подключения . . . . . :
Локальный IPv6-адрес канала . . . : fe80::8084:46a6:731e:cef6%26
IPv4-адрес. . . . . . . . . . . . : 10.41.255.77
Маска подсети . . . . . . . . . . : 255.255.255.192
Основной шлюз. . . . . . . . . : 10.41.255.126

D:\Portable\PyCmd> ssh alit@10.250.68.129

THIS DEVICE IS PART OF A
------------------------
PRIVATE NETWORK
---------------
************************************************
* Unauthorised access or use of this equipment *
* is prohibited and constitutes an offence. *
* If you are not authorised to use this *
* system, terminate this session now. *
************************************************
password:
RP/0/RSP0/CPU0:MSN_01_052_1#

Hello!

To get closer to solving my problem, I need answers to three questions:

1. How can I check the security settings of the MindTerm utility in OneClick?
2. Does MindTerm utility security settings depend on the device type?
3. Can I change the security settings of the MindTerm utility in OneClick?

------------------------------
Andrey
------------------------------

Original Message:
Sent: 11-02-2020 01:07 PM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello!

Spectrum 10.4.2, found a problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.
For ease of finding problems, I use the OneClick settings for a direct connection between my host and the Cisco device.
The Cisco logs show that the client is applying SSH version 1.
If on Cisco ASR9K allow in 1, the connection still fails.
To other types of devices (ASA, C76xx IOS), the connection of the SSH is normal.
Maybe the problem is in the model?
Is the SSH version configured in the model?

############## OneClick console telnet debug ##################
ноя 02, 2020 19:14:19.590 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createSocket: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
ноя 02, 2020 19:14:19.762 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createNetworkConnection: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
java.io.IOException: Удаленный хост принудительно разорвал существующее подключение
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(Unknown Source)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
at sun.nio.ch.IOUtil.read(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at com.mindbright.nio.Switchboard.handleKey(Switchboard.java:458)
at com.mindbright.nio.Switchboard.run(Switchboard.java:363)
at java.lang.Thread.run(Unknown Source)

############## Cisco Host MSN_01_052_1 ip 10.25.68.129 logs ##################
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.760 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_DETAILS : Client closes socket connection 10.41.255.77 Connection reset by peer
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-6-INFO_GENERAL : Error in receiving remote SSH version
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_GENERAL : Failed in version exchange
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.768 MSK: SSHD_[1166]: %SECURITY-SSHD-6-INFO_GENERAL : Incoming SSH session rate limit exceeded


############## Direct connection (not through the OneClick console) from my host to the ASR9K IOS-XR router device ####################
D:\Portable\PyCmd> ipconfig

Настройка протокола IP для Windows
Адаптер Ethernet Ethernet:
DNS-суффикс подключения . . . . . :
Локальный IPv6-адрес канала . . . : fe80::8084:46a6:731e:cef6%26
IPv4-адрес. . . . . . . . . . . . : 10.41.255.77
Маска подсети . . . . . . . . . . : 255.255.255.192
Основной шлюз. . . . . . . . . : 10.41.255.126

D:\Portable\PyCmd> ssh alit@10.250.68.129

THIS DEVICE IS PART OF A
------------------------
PRIVATE NETWORK
---------------
************************************************
* Unauthorised access or use of this equipment *
* is prohibited and constitutes an offence. *
* If you are not authorised to use this *
* system, terminate this session now. *
************************************************
password:
RP/0/RSP0/CPU0:MSN_01_052_1#

Andrey,

This issue has been escalated to the Spectrum SE team and we are working on a fix.

Joe
Original Message:
Sent: 11-07-2020 10:40 PM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello!

To get closer to solving my problem, I need answers to three questions:

1. How can I check the security settings of the MindTerm utility in OneClick?
2. Does MindTerm utility security settings depend on the device type?
3. Can I change the security settings of the MindTerm utility in OneClick?

------------------------------
Andrey

Original Message:
Sent: 11-02-2020 01:07 PM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello!

Spectrum 10.4.2, found a problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.
For ease of finding problems, I use the OneClick settings for a direct connection between my host and the Cisco device.
The Cisco logs show that the client is applying SSH version 1.
If on Cisco ASR9K allow in 1, the connection still fails.
To other types of devices (ASA, C76xx IOS), the connection of the SSH is normal.
Maybe the problem is in the model?
Is the SSH version configured in the model?

############## OneClick console telnet debug ##################
ноя 02, 2020 19:14:19.590 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createSocket: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
ноя 02, 2020 19:14:19.762 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createNetworkConnection: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
java.io.IOException: Удаленный хост принудительно разорвал существующее подключение
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(Unknown Source)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
at sun.nio.ch.IOUtil.read(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at com.mindbright.nio.Switchboard.handleKey(Switchboard.java:458)
at com.mindbright.nio.Switchboard.run(Switchboard.java:363)
at java.lang.Thread.run(Unknown Source)

############## Cisco Host MSN_01_052_1 ip 10.25.68.129 logs ##################
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.760 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_DETAILS : Client closes socket connection 10.41.255.77 Connection reset by peer
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-6-INFO_GENERAL : Error in receiving remote SSH version
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_GENERAL : Failed in version exchange
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.768 MSK: SSHD_[1166]: %SECURITY-SSHD-6-INFO_GENERAL : Incoming SSH session rate limit exceeded


############## Direct connection (not through the OneClick console) from my host to the ASR9K IOS-XR router device ####################
D:\Portable\PyCmd> ipconfig

Настройка протокола IP для Windows
Адаптер Ethernet Ethernet:
DNS-суффикс подключения . . . . . :
Локальный IPv6-адрес канала . . . : fe80::8084:46a6:731e:cef6%26
IPv4-адрес. . . . . . . . . . . . : 10.41.255.77
Маска подсети . . . . . . . . . . : 255.255.255.192
Основной шлюз. . . . . . . . . : 10.41.255.126

D:\Portable\PyCmd> ssh alit@10.250.68.129

THIS DEVICE IS PART OF A
------------------------
PRIVATE NETWORK
---------------
************************************************
* Unauthorised access or use of this equipment *
* is prohibited and constitutes an offence. *
* If you are not authorised to use this *
* system, terminate this session now. *
************************************************
password:
RP/0/RSP0/CPU0:MSN_01_052_1#

Hello, Joseph!

Great news, we'll be waiting for a fix.
Thank you for your help!

------------------------------
Andrey
------------------------------

Original Message:
Sent: 11-24-2020 03:12 PM
From: Joseph Ackley
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Andrey,

This issue has been escalated to the Spectrum SE team and we are working on a fix.

Joe
Original Message:
Sent: 11-07-2020 10:40 PM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello!

To get closer to solving my problem, I need answers to three questions:

1. How can I check the security settings of the MindTerm utility in OneClick?
2. Does MindTerm utility security settings depend on the device type?
3. Can I change the security settings of the MindTerm utility in OneClick?

------------------------------
Andrey

Original Message:
Sent: 11-02-2020 01:07 PM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello!

Spectrum 10.4.2, found a problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.
For ease of finding problems, I use the OneClick settings for a direct connection between my host and the Cisco device.
The Cisco logs show that the client is applying SSH version 1.
If on Cisco ASR9K allow in 1, the connection still fails.
To other types of devices (ASA, C76xx IOS), the connection of the SSH is normal.
Maybe the problem is in the model?
Is the SSH version configured in the model?

############## OneClick console telnet debug ##################
ноя 02, 2020 19:14:19.590 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createSocket: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
ноя 02, 2020 19:14:19.762 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createNetworkConnection: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
java.io.IOException: Удаленный хост принудительно разорвал существующее подключение
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(Unknown Source)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
at sun.nio.ch.IOUtil.read(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at com.mindbright.nio.Switchboard.handleKey(Switchboard.java:458)
at com.mindbright.nio.Switchboard.run(Switchboard.java:363)
at java.lang.Thread.run(Unknown Source)

############## Cisco Host MSN_01_052_1 ip 10.25.68.129 logs ##################
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.760 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_DETAILS : Client closes socket connection 10.41.255.77 Connection reset by peer
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-6-INFO_GENERAL : Error in receiving remote SSH version
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_GENERAL : Failed in version exchange
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.768 MSK: SSHD_[1166]: %SECURITY-SSHD-6-INFO_GENERAL : Incoming SSH session rate limit exceeded


############## Direct connection (not through the OneClick console) from my host to the ASR9K IOS-XR router device ####################
D:\Portable\PyCmd> ipconfig

Настройка протокола IP для Windows
Адаптер Ethernet Ethernet:
DNS-суффикс подключения . . . . . :
Локальный IPv6-адрес канала . . . : fe80::8084:46a6:731e:cef6%26
IPv4-адрес. . . . . . . . . . . . : 10.41.255.77
Маска подсети . . . . . . . . . . : 255.255.255.192
Основной шлюз. . . . . . . . . : 10.41.255.126

D:\Portable\PyCmd> ssh alit@10.250.68.129

THIS DEVICE IS PART OF A
------------------------
PRIVATE NETWORK
---------------
************************************************
* Unauthorised access or use of this equipment *
* is prohibited and constitutes an offence. *
* If you are not authorised to use this *
* system, terminate this session now. *
************************************************
password:
RP/0/RSP0/CPU0:MSN_01_052_1#

Hi, has this ever been resolved?
Original Message:
Sent: Nov 25, 2020 12:12 AM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello, Joseph!

Great news, we'll be waiting for a fix.
Thank you for your help!

------------------------------
Andrey

Original Message:
Sent: 11-24-2020 03:12 PM
From: Joseph Ackley
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Andrey,

This issue has been escalated to the Spectrum SE team and we are working on a fix.

Joe
Original Message:
Sent: 11-07-2020 10:40 PM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello!

To get closer to solving my problem, I need answers to three questions:

1. How can I check the security settings of the MindTerm utility in OneClick?
2. Does MindTerm utility security settings depend on the device type?
3. Can I change the security settings of the MindTerm utility in OneClick?

------------------------------
Andrey

Original Message:
Sent: 11-02-2020 01:07 PM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello!

Spectrum 10.4.2, found a problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.
For ease of finding problems, I use the OneClick settings for a direct connection between my host and the Cisco device.
The Cisco logs show that the client is applying SSH version 1.
If on Cisco ASR9K allow in 1, the connection still fails.
To other types of devices (ASA, C76xx IOS), the connection of the SSH is normal.
Maybe the problem is in the model?
Is the SSH version configured in the model?

############## OneClick console telnet debug ##################
ноя 02, 2020 19:14:19.590 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createSocket: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
ноя 02, 2020 19:14:19.762 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createNetworkConnection: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
java.io.IOException: Удаленный хост принудительно разорвал существующее подключение
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(Unknown Source)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
at sun.nio.ch.IOUtil.read(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at com.mindbright.nio.Switchboard.handleKey(Switchboard.java:458)
at com.mindbright.nio.Switchboard.run(Switchboard.java:363)
at java.lang.Thread.run(Unknown Source)

############## Cisco Host MSN_01_052_1 ip 10.25.68.129 logs ##################
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.760 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_DETAILS : Client closes socket connection 10.41.255.77 Connection reset by peer
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-6-INFO_GENERAL : Error in receiving remote SSH version
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_GENERAL : Failed in version exchange
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.768 MSK: SSHD_[1166]: %SECURITY-SSHD-6-INFO_GENERAL : Incoming SSH session rate limit exceeded


############## Direct connection (not through the OneClick console) from my host to the ASR9K IOS-XR router device ####################
D:\Portable\PyCmd> ipconfig

Настройка протокола IP для Windows
Адаптер Ethernet Ethernet:
DNS-суффикс подключения . . . . . :
Локальный IPv6-адрес канала . . . : fe80::8084:46a6:731e:cef6%26
IPv4-адрес. . . . . . . . . . . . : 10.41.255.77
Маска подсети . . . . . . . . . . : 255.255.255.192
Основной шлюз. . . . . . . . . : 10.41.255.126

D:\Portable\PyCmd> ssh alit@10.250.68.129

THIS DEVICE IS PART OF A
------------------------
PRIVATE NETWORK
---------------
************************************************
* Unauthorised access or use of this equipment *
* is prohibited and constitutes an offence. *
* If you are not authorised to use this *
* system, terminate this session now. *
************************************************
password:
RP/0/RSP0/CPU0:MSN_01_052_1#

I found the following knowledge article:

https://knowledge.broadcom.com/external/article?articleId=206047

Joe
Original Message:
Sent: Apr 29, 2022 01:15 AM
From: Markus Juenemann
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hi, has this ever been resolved?
Original Message:
Sent: Nov 25, 2020 12:12 AM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello, Joseph!

Great news, we'll be waiting for a fix.
Thank you for your help!

------------------------------
Andrey

Original Message:
Sent: 11-24-2020 03:12 PM
From: Joseph Ackley
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Andrey,

This issue has been escalated to the Spectrum SE team and we are working on a fix.

Joe
Original Message:
Sent: 11-07-2020 10:40 PM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello!

To get closer to solving my problem, I need answers to three questions:

1. How can I check the security settings of the MindTerm utility in OneClick?
2. Does MindTerm utility security settings depend on the device type?
3. Can I change the security settings of the MindTerm utility in OneClick?

------------------------------
Andrey

Original Message:
Sent: 11-02-2020 01:07 PM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello!

Spectrum 10.4.2, found a problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.
For ease of finding problems, I use the OneClick settings for a direct connection between my host and the Cisco device.
The Cisco logs show that the client is applying SSH version 1.
If on Cisco ASR9K allow in 1, the connection still fails.
To other types of devices (ASA, C76xx IOS), the connection of the SSH is normal.
Maybe the problem is in the model?
Is the SSH version configured in the model?

############## OneClick console telnet debug ##################
ноя 02, 2020 19:14:19.590 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createSocket: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
ноя 02, 2020 19:14:19.762 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createNetworkConnection: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
java.io.IOException: Удаленный хост принудительно разорвал существующее подключение
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(Unknown Source)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
at sun.nio.ch.IOUtil.read(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at com.mindbright.nio.Switchboard.handleKey(Switchboard.java:458)
at com.mindbright.nio.Switchboard.run(Switchboard.java:363)
at java.lang.Thread.run(Unknown Source)

############## Cisco Host MSN_01_052_1 ip 10.25.68.129 logs ##################
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.760 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_DETAILS : Client closes socket connection 10.41.255.77 Connection reset by peer
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-6-INFO_GENERAL : Error in receiving remote SSH version
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_GENERAL : Failed in version exchange
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.768 MSK: SSHD_[1166]: %SECURITY-SSHD-6-INFO_GENERAL : Incoming SSH session rate limit exceeded


############## Direct connection (not through the OneClick console) from my host to the ASR9K IOS-XR router device ####################
D:\Portable\PyCmd> ipconfig

Настройка протокола IP для Windows
Адаптер Ethernet Ethernet:
DNS-суффикс подключения . . . . . :
Локальный IPv6-адрес канала . . . : fe80::8084:46a6:731e:cef6%26
IPv4-адрес. . . . . . . . . . . . : 10.41.255.77
Маска подсети . . . . . . . . . . : 255.255.255.192
Основной шлюз. . . . . . . . . : 10.41.255.126

D:\Portable\PyCmd> ssh alit@10.250.68.129

THIS DEVICE IS PART OF A
------------------------
PRIVATE NETWORK
---------------
************************************************
* Unauthorised access or use of this equipment *
* is prohibited and constitutes an offence. *
* If you are not authorised to use this *
* system, terminate this session now. *
************************************************
password:
RP/0/RSP0/CPU0:MSN_01_052_1#

Thanks Joe, that solved the issue, although I am confused why the SSH rate-limit on the ASR9k prevents a single(?) SSH connection from being established. Anyway, it works.
Original Message:
Sent: Apr 29, 2022 10:49 AM
From: Joseph Ackley
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

I found the following knowledge article:

https://knowledge.broadcom.com/external/article?articleId=206047

Joe
Original Message:
Sent: Apr 29, 2022 01:15 AM
From: Markus Juenemann
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hi, has this ever been resolved?
Original Message:
Sent: Nov 25, 2020 12:12 AM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello, Joseph!

Great news, we'll be waiting for a fix.
Thank you for your help!

------------------------------
Andrey

Original Message:
Sent: 11-24-2020 03:12 PM
From: Joseph Ackley
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Andrey,

This issue has been escalated to the Spectrum SE team and we are working on a fix.

Joe
Original Message:
Sent: 11-07-2020 10:40 PM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello!

To get closer to solving my problem, I need answers to three questions:

1. How can I check the security settings of the MindTerm utility in OneClick?
2. Does MindTerm utility security settings depend on the device type?
3. Can I change the security settings of the MindTerm utility in OneClick?

------------------------------
Andrey

Original Message:
Sent: 11-02-2020 01:07 PM
From: Andrey Litovkin
Subject: Problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.

Hello!

Spectrum 10.4.2, found a problem with SSH connecting to CISCO ASR9K IOS-XR routers from the OneClick console client by the right button.
For ease of finding problems, I use the OneClick settings for a direct connection between my host and the Cisco device.
The Cisco logs show that the client is applying SSH version 1.
If on Cisco ASR9K allow in 1, the connection still fails.
To other types of devices (ASA, C76xx IOS), the connection of the SSH is normal.
Maybe the problem is in the model?
Is the SSH version configured in the model?

############## OneClick console telnet debug ##################
ноя 02, 2020 19:14:19.590 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createSocket: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
ноя 02, 2020 19:14:19.762 (PoolThread-19: GlobalPool => TelnetAction) (TELNET) - createNetworkConnection: connType = dev, host = 10.250.68.129, relayHost = 0x1000000, port = 22
java.io.IOException: Удаленный хост принудительно разорвал существующее подключение
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(Unknown Source)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
at sun.nio.ch.IOUtil.read(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at com.mindbright.nio.Switchboard.handleKey(Switchboard.java:458)
at com.mindbright.nio.Switchboard.run(Switchboard.java:363)
at java.lang.Thread.run(Unknown Source)

############## Cisco Host MSN_01_052_1 ip 10.25.68.129 logs ##################
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.760 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_DETAILS : Client closes socket connection 10.41.255.77 Connection reset by peer
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-6-INFO_GENERAL : Error in receiving remote SSH version
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.761 MSK: SSHD_[65931]: %SECURITY-SSHD-3-ERR_GENERAL : Failed in version exchange
RP/0/RSP0/CPU0:2020 Nov 2 19:14:19.768 MSK: SSHD_[1166]: %SECURITY-SSHD-6-INFO_GENERAL : Incoming SSH session rate limit exceeded


############## Direct connection (not through the OneClick console) from my host to the ASR9K IOS-XR router device ####################
D:\Portable\PyCmd> ipconfig

Настройка протокола IP для Windows
Адаптер Ethernet Ethernet:
DNS-суффикс подключения . . . . . :
Локальный IPv6-адрес канала . . . : fe80::8084:46a6:731e:cef6%26
IPv4-адрес. . . . . . . . . . . . : 10.41.255.77
Маска подсети . . . . . . . . . . : 255.255.255.192
Основной шлюз. . . . . . . . . : 10.41.255.126

D:\Portable\PyCmd> ssh alit@10.250.68.129

THIS DEVICE IS PART OF A
------------------------
PRIVATE NETWORK
---------------
************************************************
* Unauthorised access or use of this equipment *
* is prohibited and constitutes an offence. *
* If you are not authorised to use this *
* system, terminate this session now. *
************************************************
password:
RP/0/RSP0/CPU0:MSN_01_052_1#