bhwang72
(Brendon Hwang)
November 21, 2018, 11:09pm
1
Hi
I am ssh shell user and evaluating core shell.
First thing i tried was connecting my Cisco Catalyst 6500 switch that I always connect.
No issue with ssh shell but i got a following error on core shell.
Can you shed some light on this?
> 09:59:35 Equivalent Command: ssh -tt -A -F "/Users/brhwang/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/config" -o ExitOnForwardFailure=yes admin@10.66.128.11
> 09:59:35 Connecting…
> 09:59:35 Authenticating…
> 09:59:35 Unable to negotiate with 10.66.128.11 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
> 09:59:35 Abnormal Disconnect
yang
(Yang.Y)
November 22, 2018, 1:38am
2
Brendon, please enable debug logging, it provides more detailed information and could tell us the real cause:
The default logging level is set to Info, Debug1, Debug2 and Debug3 each specify higher levels of verbose output.
[image]
Core Shell
Open or go to Hosts tab, right click on the host and select Edit Settings… from context menu, navigate to Connection tab, then scroll down to Log Level option.
Press ⌘ I (or select Shell -> Show Inspector from main menu) reveals shell session information, as well as log content.
[image]
Core Tunnel
Navigate to tunnel's Settings…, Connection tab, then scrol…
bhwang72
(Brendon Hwang)
November 22, 2018, 2:02am
3
Hi Yang,
Thank you. I enabled debug3 and captured.
yang
(Yang.Y)
November 22, 2018, 2:41am
4
Brendon, did you forget attached debug log? Since I could not find it in the thread, nor in my personal message inbox.
bhwang72
(Brendon Hwang)
November 22, 2018, 5:11am
5
I got below email.
We’re sorry, but your email message to [“codinn.community+replies+1438f5dc977eb58536e0cd61d7cd3104@gmail.com”] (titled Re: [Codinn Community] [Core Shell] Error connecting cisco 6500) didn’t work.
Reason:
Sorry, new users can’t put attachments in posts.
If you can correct the problem, please try again.
yang
(Yang.Y)
November 22, 2018, 5:16am
6
Sorry about this, I just removed attachment restriction, could please attach it again?
bhwang72
(Brendon Hwang)
November 22, 2018, 10:01pm
7
No problem Yang,
Attached debug output in txt file.
Regards,
Brendon
core shell debug.txt (2.98 KB)
yang
(Yang.Y)
November 23, 2018, 1:18am
8
Thanks a lot for the log, please try using system ssh_config
by following this guide:
By default, Core Tunnel uses configuration files in its own container folder:
# known_hosts
~/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/known_hosts
# ssh_config
~/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/config
This works very well in most of cases. But if you have a lengthy ~/.ssh/config or /etc/ssh/ssh_config, or have StrictHostKeyChecking set to yes and use ~/.ssh/known_hosts, /etc/ssh/ssh_known_hosts as the only source data trusted host keys, you may want to u…
It should fix the problem.
bhwang72
(Brendon Hwang)
November 24, 2018, 1:07pm
9
Thanks for the guide.
I tried and install helper per instruction but still not working.
I captured the log again.
I am not sure what I am doing wrong.
Regards,
Brendon
sshcore_debug2.txt (2.74 KB)
yang
(Yang.Y)
November 24, 2018, 1:18pm
10
Ehmmm, strange issue, could not find clue from the log. Could you please run the command in Terminal.app and paste the output?
ssh -tt -A -vvv -o ExitOnForwardFailure=yes admin@10.66.128.11
bhwang72
(Brendon Hwang)
November 25, 2018, 12:12am
11
Thank you.
Here is output in attached txt file.
terminal_debug3.txt (4.09 KB)
yang
(Yang.Y)
November 25, 2018, 3:24am
12
The log file really helped, thank you.
I didn't realize that algorithm diffie-hellman-group1-sha1
was deprecated by OpenSSH 7.0+ .
To suppress this error message, just set KexAlgorithms
option in Core Shell to +diffie-hellman-group1-sha1
:
But I would recommend you change to other more secured algorithms at server end once you get a chance.
bhwang72
(Brendon Hwang)
November 25, 2018, 6:49am
13
Thank you so much. That helped!!
Btw, I never set this particular SSH configuration on that switch but it appeared to be older method.
Let me find how to change it to more secured one.
One last question.
Since i’m happy using SSH Shell, I still don’t know what’s the main benefit for me to migrate to Core Shell?
I understand end of support on SSH Shell.
Any info would be appreciated.
Regards,
Brendon
yang
(Yang.Y)
November 25, 2018, 8:09am
14
Take this case as example: if you configure your OpenSSH server to use more secured algorithm ecdh-sha2-nistp521
(for option KexAlgorithms
), SSH Shell would fail to connect to the remote, but Core Shell will succeed.
Core Shell almost 100% support your server’s configuration, in a more efficient way. While SSH Shell supports in approximately 70%.