SSH2 Problems

[hachmer]

Hello,

I have problems with severeal OmniSwitch series e.g. OS6850 (6.4.3.520.R01), OS6400 (6.4.2.807.R01). The problem is that it's unpossible to connect via ssh2.
The error message via cli is:

The client has disconnected from the server. Reason:
Invalid packet header. This probably indicates a problem with key exchange or encryption.

The error message from OmniVista backup is:

Error (Failed to backup configuration for device: x.x.x.x. SSH2Exception: Key exchange failed: Invalid packet size: 173299013.) at backup configuration

After connecting to the device via https and a login the ssh2 connect works for a few times but after a while the error recurs.

Any idea how to fix this or need more information?

Regards,
hachmer

[devnull]

I would probably upgrade the Firmware to a current version (6.4.4) and/or try to recreate the ssh keys by deleting
/flash/network/ssh_host_dsa_key
/flash/network/ssh_host_dsa_key.id

What ssh client do you use? (i never had the problem, strange that it happens with OV as well..)

[hachmer]

Hello devnull, thanks for your response!

I would probably upgrade the Firmware to a current version (6.4.4) and/or try to recreate the ssh keys by deleting
/flash/network/ssh_host_dsa_key
/flash/network/ssh_host_dsa_key.id

Can I safely remove these files? Will they be recreated the next time I connect via ssh or have I to reload the switch?

What ssh client do you use? (i never had the problem, strange that it happens with OV as well..)

We are using securecrt (vandyke)

regards,
hachmer

[devnull]

should be recreated (on reboot ?)
if you don't trust it just move the file
mv /flash/network/ssh_host_dsa_key /flash
mv /flash/network/ssh_host_dsa_key.id /flash

and reboot.

[hachmer]

I have tested to move the files. That isn't working. After moving the host keys I can't connect via ssh, so I moved them back.

I will test deleting the files and perform a reload. After that I will report here but that can take a while. That are production switches.

Regards,
hachmer

[devnull]

ssh keys are regenerated on reboot if they don't exist, so moving and rebooting should do.

Have you tried another ssh tool e.g. putty?
google shows multiple bugs/issues/unintendend innovations regarding securecrt. (Still strange as OV is not working too..)
Try to find a service window do a firmware upgrade and test a bit.

[hachmer]

Putty also doens't work:

Incoming packet was garbled on decryption

Google advises this (for putty):

Go to Connection -> SSH -> Encryption options. Promote Blowfish or 3DES to the top of the list of “Encryption cipher selection policy:”

Same problem here.

I will test to recreate them, but if I reloading the switches I can upgrade the firmware also.

Regards, hachmer

[hachmer]

Strange is also that I am able to connect via ssh2 after I connect once via https!

[rpopovici]

Hello,

did you manage to solve the problem? I have a similar issue but on a different SW build (6.3.4.378.R01)
Problems started about 1 month ago, there was no configuration change in the past year, but there was a SW upgrade from 6.3.1 about 4-5 months ago.

cheers,
Radu

[gomiya]

I am able to conect via ssh2 after i input "no ip service ssh" & "ip service ssh"

CACA DE LA VACA