从 Cisco 到 Juniper 的 SSH 失败 - SSH2 客户端 0:通道打开失败,原因 = 1752134516

网络工程 思科 杜松 ssh
2021-07-13 14:14:22

无法从 Cisco IOS 15.2(2)E8 SSH 到 Juniper 14.1X53-D48.1

HOST#show 调试

SSH:
  SSH Client debugging is on

主机#ssh 1.1.1.1

*Feb 11 15:55:47.448: SSH CLIENT0: protocol version id is - SSH-2.0-OpenSSH_6.9
*Feb 11 15:55:47.448: SSH CLIENT0: protocol version exchange successful
*Feb 11 15:55:47.460: SSH2 CLIENT 0: Using kex_algo = diffie-hellman-group-exchange-sha1
*Feb 11 15:55:47.732: SSH CLIENT0: key exchange successful and encryption on
*Feb 11 15:55:47.744: SSH2 CLIENT 0: using method keyboard-interactive authentication

[与 1.1.1.1 的连接中止:错误状态 0]

主持人#

*Feb 11 15:55:51.324: SSH2 CLIENT 0: SSH2_MSG_USERAUTH_SUCCESS message received
*Feb 11 15:55:51.324: SSH CLIENT0: user authenticated
*Feb 11 15:55:51.332: SSH2 CLIENT 0:  Channel open failed, reason = 1752134516
*Feb 11 15:55:51.332: SSH CLIENT0: session not opened(code = 1)
*Feb 11 15:55:51.332: SSH CLIENT0: Session disconnected - error 0x00
1个回答

我做了一些研究,发现 Cisco ssh 客户端无法与 OpenSSH 6.9 一起正常工作。思科与 6.9

Turns out the problem is the new protocol extension for sending host keys to
the client after user authentication (section 2.5 of the PROTOCOLS
document).  Commenting out the notify_hostkeys() call in sshd.c fixes the
issues with Cisco scp.  Maybe a new bug compatibility flag in on order to
add to the "Cisco-1.*" client string that was added in 6.9?

这个错误在 OpenSSH 7.0 中得到修复

我相信 OpenSSH 版本 7 只在 JunOS 17 版本中引入,根据这个 KB24305

其它你可能感兴趣的问题
上一篇“32 位边界”是什么意思? 下一篇将 VTY SSH 访问限制为仅 MGMT VLAN 和环回