Unable to login with ssh using third party terminal application

98 0 1 0

Device: S5720-52X-PWR-SI-AC

Version: V200R010C00SPC600


 Issue Description

We are having issues connecting with the latest version of Patty 0.72 to the switch S5720-52X-PWR-SI-AC with version V200R010C00SPC600.

 Alarm Information

After trying to login we receive the error below:

d155ad6f06ba4621bad9bc6c8f376fc8

 Handling Process

First we tried with third-party version 0.69 and it was working well.

Then we connected to the device using telnet and entered the next commands:

<Huawei>terminal logging <Huawei>terminal monitor <Huawei>display terminal 0

Then we connected one more time using the latest Patty session and collected the output of the terminal that would put below.

After finishing the test we ran the next commands:

<Huawei>undo terminal logging <Huawei>undo terminal monitor

589d66867dc54fe68ff26a7e93b750d1

Aug 14 2019 16:33:31.211.1+01:00 SwCore303 SSH/7/ACCEPT:Received connection from 172.29.1.176.

Aug 14 2019 16:33:31.221.1+01:00 SwCore303 SSH/7/FSM_MOVE:FSM moved from SSH_Main_Connect to SSH_Main_VersionMatch.

Aug 14 2019 16:33:31.231.1+01:00 SwCore303 SSH/7/VERSION_RECEIVE:Version information received on VTY 1, version string:SSH-2.0-PaTTY_Release_0.72.

Aug 14 2019 16:33:31.231.2+01:00 SwCore303 SSH/7/SEND_PKT:Sent ssh2 msg kexinit packet.

Aug 14 2019 16:33:31.231.3+01:00 SwCore303 SSH/7/FSM_MOVE:FSM moved from SSH_Main_VersionMatch to SSH_Main_SSHProcess.

Aug 14 2019 16:33:31.241.1+01:00 SwCore303 SSH/7/READ_PKT:Expected packet type:ssh2 msg kex init, failed to read data from packet!

Aug 14 2019 16:33:31.241.2+01:00 SwCore303 SSH/7/RECV_PKT:Received ssh2 msg kex init packet.

Aug 14 2019 16:33:31.241.3+01:00 SwCore303 SSH/7/KEX_DERECTION:Kex for direction is in.

Aug 14 2019 16:33:31.241.4+01:00 SwCore303 SSH/7/CHOOSE_ENCRYPT:Chose encryption algorithm:aes256-ctr.

Aug 14 2019 16:33:31.241.5+01:00 SwCore303 SSH/7/CHOOSE_MAC:Chose MAC algorithm:hmac-sha2-256.

Aug 14 2019 16:33:31.241.6+01:00 SwCore303 SSH/7/KEX_DERECTION:Kex for direction is out.

Aug 14 2019 16:33:31.241.7+01:00 SwCore303 SSH/7/CHOOSE_ENCRYPT:Chose encryption algorithm:aes256-ctr.

Aug 14 2019 16:33:31.241.8+01:00 SwCore303 SSH/7/CHOOSE_MAC:Chose MAC algorithm:hmac-sha2-256.

Aug 14 2019 16:33:31.241.9+01:00 SwCore303 SSH/7/CHOOSE_KEX:Choose Kex algorithm:diffie-hellman-group-exchange-sha1.

Aug 14 2019 16:33:31.241.10+01:00 SwCore303 SSH/7/CHOOSE_PK:Choose PK algorithm:ecdsa-sha2-nistp521.

Aug 14 2019 16:33:31.241.11+01:00 SwCore303 SSH/7/FSM_MOVE:FSM moved from SSH_Sub1_KEX_Init to SSH_Sub1_KEX_GEX_Group.

Aug 14 2019 16:33:31.251.1+01:00 SwCore303 SSH/7/RECV_PKT:Received 34 packet.

Aug 14 2019 16:33:31.261.1+01:00 SwCore303 SSH/7/SEND_PKT:Sent 31 packet.

<SwCore303>

Aug 14 2019 16:33:31.261.2+01:00 SwCore303 SSH/7/FSM_MOVE:FSM moved from SSH_Sub1_KEX_GEX_Group to SSH_Sub1_KEX_GEX_INIT.

Aug 14 2019 16:33:31.291.1+01:00 SwCore303 SSH/7/RECV_PKT:Received ssh2 msg kex dh gex init packet.

Aug 14 2019 16:33:31.291.2+01:00 SwCore303 SSH/7/FSM_MOVE:FSM moved from SSH_Sub1_KEX_GEX_INIT to SSH_Sub1_KEX_GEX_Reply.

Aug 14 2019 16:33:31.291.3+01:00 SwCore303 SSH/7/NO_INFO:Begin to compute the dh shared key.

<SwCore303>

Aug 14 2019 16:33:34.421.1+01:00 SwCore303 SSH/7/RECV_PKT:Received ssh2 msg ecdh reply packet.

Aug 14 2019 16:33:34.421.2+01:00 SwCore303 SSH/7/RECV_PKT:Received ssh2 msg kex dh gex init packet.

Aug 14 2019 16:33:34.421.3+01:00 SwCore303 SSH/7/SEND_PKT:Sent SSH2_MSG_KEX_DH_GEX_REPLY packet.

Aug 14 2019 16:33:34.421.4+01:00 SwCore303 SSH/7/SEND_PKT:Sent SSH2_MSG_NEWKEYS packet.

Aug 14 2019 16:33:34.421.5+01:00 SwCore303 SSH/7/FSM_MOVE:FSM moved from SSH_Sub1_KEX_GEX_Reply to SSH_Sub1_KEX_NewKey.

<SwCore303>

Aug 14 2019 16:33:35.841.1+01:00 SwCore303 SSH/7/READ_PKT:Expected packet type:ssh2 msg newkeys, failed to read data from packet!

Aug 14 2019 16:33:35.841.2+01:00 SwCore303 SSH/7/DISCONNECT:The connection is closed by SSH server, current FSM is SSH_Main_SSHProcess.

Aug 14 2019 16:33:35.841.3+01:00 SwCore303 SSH/7/FSM_MOVE:FSM moved from SSH_Main_SSHProcess to SSH_Main_Disconnect.

In the end we set the RSA encryption algorithm on Patty Algorithm Selection Policy as the default selection in the SSH Host Keys.


 Root Cause

After analyzing the output it seems that this is a well know Patty software issue.  The Patty software has a fixed order for the algorithm selection policy. If one fails then it would not go further to check if other are working. RSA should have a higher priority than ECDSA for the connection to work. We suspect the problem relies on the software itself.

 Solution

Change the encryption algorithms on Patty software by setting the RSA option as the default selection for the host keys in the SSH Host Keys.

af787ccd6630468cad9da2b2e8c4fd2f

Furthermore, one important point is to delete the old existing keys if there are keys stored in the registry.

You can find them in the Windows registry under \HKEY_CURRENT_USER\Software\%username%\PaTTY\SshHostKeys

 Suggestions

Make sure to check the algorithm that the third Patty software uses as default and mirror with the one that the device uses also by default.


  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login