Intermittent Connection to Cisco


(Jon) #1

The first time i connect to a Catalyst 6500 running version 12.2(17r)SX6, it cannot connect. Then i just let the shell continue the retries, and sometimes it goes through. Most of the time it doesn’t.

Here’s my SSH on Cisco:

NFS-1#sh ip ssh 
SSH Enabled - version 2.0
Authentication timeout: 15 secs; Authentication retries: 5

Here’s my SSH client on MAC OSX Sierra:

#       $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Cipher 3des
   Ciphers aes256-cbc,3des-cbc,aes256-ctr,aes128-ctr,aes128-cbc
   MACs hmac-sha1,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd$
   KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sh$
   HostKeyAlgorithms ssh-rsa,ssh-dss
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h

All four of our Catalyst 6500 have the same behavior. Anyone can point me to some resolution?

TIA.
Jon


(Yang.Y) #2

Did you tried to connect to the Cisco device by using ssh command line (ssh jpt@172.23.0.1) ? Does the ssh command line works flawlessly?

And, could you please take a look at this article “Why does SSH take so long to connect?” and make sure your Cisco device won’t do reverse DNS lookup or GSSAPI authentication?


(Jon) #3

Hi Yang,

Command line works flawlessly and quickly.

Tried disabling reverse DNS lookup in the Cisco switch. Still NO go.


(Yang.Y) #4

Jon, I’m really sorry for the problem.

I’m currently working on next SSH Shell update, but still need a month or two to make ready.

I’d like to send you a Debug release to identify the problem once next update is prepared for testing.

Thank you again!


(Jon) #5

Hi Yang,
Kind of disappointed right now bit will have to do with using command line
for now.

Will wait for the new release.

Thanks,
Jon