Alcatel Unleashed

Hello,

I have problems with severeal OmniSwitch series e.g. OS6850 (6.4.3.520.R01), OS6400 (6.4.2.807.R01). The problem is that it's unpossible to connect via ssh2.
The error message via cli is:

The client has disconnected from the server. Reason:
Invalid packet header. This probably indicates a problem with key exchange or encryption.

The error message from OmniVista backup is:

Error (Failed to backup configuration for device: x.x.x.x. SSH2Exception: Key exchange failed: Invalid packet size: 173299013.) at backup configuration

After connecting to the device via https and a login the ssh2 connect works for a few times but after a while the error recurs.

Any idea how to fix this or need more information?

Regards,
hachmer

I would probably upgrade the Firmware to a current version (6.4.4) and/or try to recreate the ssh keys by deleting
/flash/network/ssh_host_dsa_key
/flash/network/ssh_host_dsa_key.id

What ssh client do you use? (i never had the problem, strange that it happens with OV as well..)

Hello devnull, thanks for your response!

devnull wrote:I would probably upgrade the Firmware to a current version (6.4.4) and/or try to recreate the ssh keys by deleting
/flash/network/ssh_host_dsa_key
/flash/network/ssh_host_dsa_key.id

Can I safely remove these files? Will they be recreated the next time I connect via ssh or have I to reload the switch?

devnull wrote:What ssh client do you use? (i never had the problem, strange that it happens with OV as well..)

We are using securecrt (vandyke)

regards,
hachmer

should be recreated (on reboot ?)
if you don't trust it just move the file
mv /flash/network/ssh_host_dsa_key /flash
mv /flash/network/ssh_host_dsa_key.id /flash

and reboot.

I have tested to move the files. That isn't working. After moving the host keys I can't connect via ssh, so I moved them back.

I will test deleting the files and perform a reload. After that I will report here but that can take a while. That are production switches.

Regards,
hachmer

ssh keys are regenerated on reboot if they don't exist, so moving and rebooting should do.

Have you tried another ssh tool e.g. putty?
google shows multiple bugs/issues/unintendend innovations regarding securecrt. (Still strange as OV is not working too..)
Try to find a service window do a firmware upgrade and test a bit.

Putty also doens't work:

Incoming packet was garbled on decryption

Google advises this (for putty):

Go to Connection -> SSH -> Encryption options. Promote Blowfish or 3DES to the top of the list of “Encryption cipher selection policy:”

Same problem here.

I will test to recreate them, but if I reloading the switches I can upgrade the firmware also.

Regards, hachmer

Strange is also that I am able to connect via ssh2 after I connect once via https!

Hello,

did you manage to solve the problem? I have a similar issue but on a different SW build (6.3.4.378.R01)
Problems started about 1 month ago, there was no configuration change in the past year, but there was a SW upgrade from 6.3.1 about 4-5 months ago.

cheers,
Radu

I am able to conect via ssh2 after i input "no ip service ssh" & "ip service ssh"

CACA DE LA VACA