Welcome, Guest. Please login or register.

Author Topic: SSH pattern match timed-out  (Read 2697 times)

starrag

  • Newbie
  • *
  • Posts: 6
    • View Profile
SSH pattern match timed-out
« on: August 07, 2019, 09:50:13 am »
Hello Together

We recently switched from Telnet to SSH only for our last switches. Unfortunately, not all switches support current and secure ciphers and key exchange mechanisms, so we receive the following error message during discovery for the switches:
Code: [Select]
SSH :USRNAME@SWITCHIP Tout:2s OS:XOS EN:[\w.-]+\s#\s?$
PTY :Forking ssh -o 'StrictHostKeyChecking no' -l USRNAME SWITCHIP
ERR0:pattern match timed-out

For this reason, we have tried to customize ssh_config in /etc /ssh and added the following:
Code: [Select]
Ciphers +aes256-cbc
HostKeyAlgorithms +ssh-dss
KexAlgorithms +diffie-hellman-group1-sha1

For the direct test with the command on the CLI the adjustment works, but unfortunately not for Nedi.

We are using Nedi in the following version:
Code: [Select]
/var/nedi/nedi.pl version 1.8.100 calling Getopt::Std::getopts (version 1.12 [paranoid]),
running under Perl version 5.26.1. on Ubuntu 18.04.3 LTS

Can anyone helps?

Thanks and best regards

Roman
« Last Edit: August 07, 2019, 09:54:52 am by starrag »

ascii

  • Full Member
  • ***
  • Posts: 107
    • View Profile
Re: SSH pattern match timed-out
« Reply #1 on: September 02, 2019, 02:32:47 pm »
we not sure if it is going to fix your problem.

Take a look at the nedi/inc/libcli.pm
In mine it starts at around line 680.

You could add the Algorithms directly in the ssh command line.
not the best solution but it could work.

Keep in mind it will be replaced on an update

Reygan

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: SSH pattern match timed-out
« Reply #2 on: January 05, 2021, 10:37:43 am »
I solved this problem that way:
Before rescanning device, I deleted old keys from device and regenerate new ones.
Code: [Select]
Switch(config)#crypto key zeroize rsa
% All keys will be removed.
% All router certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no]: y
Switch(config)#crypto key generate rsa usage-keys label SSH modulus 2048
The name for the keys will be: SSH
% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 20 seconds)
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 25 seconds)

Switch(config)#do wr
Building configuration...
[OK]
Switch(config)#
After this I made reset CLI access, then configuration backup, and everything works fine :D
« Last Edit: January 05, 2021, 10:40:12 am by Reygan »
Daniel V. Lenskiy