设备型号:S2326TP-EI ,版本:S2300 V100R005C01SPC100
交换机配置
aaa
local-user fscs3000 password cipher #SWE7Y]I\>]XU!H`2H9W:A!!
local-user fscs3000 privilege level 15
local-user fscs3000 service-type telnet ssh
stelnet server enable
ssh authentication-type default password
ssh user fscs3000
ssh user fscs3000 authentication-type password
ssh user fscs3000 service-type stelnet
ssh client first-time enable
user-interface vty 0 4
authentication-mode aaa
protocol inbound all
故障现象通过ssh客户端登录提示the connection is closed by ssh server
通过在交换机开启debugging ssh server all all 打印信息如下
Jan 1 2008 01:37:33.360.2-05:13 ChouShui_S2300 SSH/7/SEND_PKT:Sent SSH2_MSG_KEXINIT packet.
Jan 1 2008 01:37:33.360.3-05:13 ChouShui_S2300 SSH/7/FSM_MOVE:FSM moved from SSH_Main_VersionMatch to SSH_Main_SSHProcess.
Jan 1 2008 01:37:33.360.4-05:13 ChouShui_S2300 SSH/7/READ_PKT:Expected packet type:SSH2_MSG_KEXINIT, failed to read data from packet!
Jan 1 2008 01:37:33.700.1-05:13 ChouShui_S2300 SSH/7/RECV_PKT:Received SSH2_MSG_KEXINIT packet.
Jan 1 2008 01:37:33.700.2-05:13 ChouShui_S2300 SSH/7/KEX_DERECTION:Kex for direction is in.
Jan 1 2008 01:37:33.700.3-05:13 ChouShui_S2300 SSH/7/CHOOSE_ENCRYPT:Chose encryption algorithm:aes128-cbc.
Jan 1 2008 01:37:33.700.4-05:13 ChouShui_S2300 SSH/7/CHOOSE_MAC:Chose MAC algorithm:hmac-sha1.
Jan 1 2008 01:37:33.700.5-05:13 ChouShui_S2300 SSH/7/KEX_DERECTION:Kex for direction is out.
Jan 1 2008 01:37:33.700.6-05:13 ChouShui_S2300 SSH/7/CHOOSE_ENCRYPT:Chose encryption algorithm:aes128-cbc.
Jan 1 2008 01:37:33.700.7-05:13 ChouShui_S2300 SSH/7/CHOOSE_MAC:Chose MAC algorithm:hmac-sha1.
Jan 1 2008 01:37:33.700.8-05:13 ChouShui_S2300 SSH/7/CHOOSE_KEX:Choose Kex algorithm:diffie-hellman-group-exchange-sha1.
Jan 1 2008 01:37:33.700.9-05:13 ChouShui_S2300 SSH/7/FSM_MOVE:FSM moved from SSH_Sub1_KEX_Init to SSH_Sub1_KEX_GEX_Group.
Jan 1 2008 01:37:33.700.10-05:13 ChouShui_S2300 SSH/7/RECV_PKT:Received SSH2_MSG_KEX_DH_GEX_REQUEST packet.
Jan 1 2008 01:37:33.700.11-05:13 ChouShui_S2300 SSH/7/SEND_PKT:Sent SSH2_MSG_KEX_DH_GEX_GROUP packet.
Jan 1 2008 01:37:34.130.1-05:13 ChouShui_S2300 SSH/7/FSM_MOVE:FSM moved from SSH_Sub1_KEX_GEX_Group to SSH_Sub1_KEX_GEX_Reply.
Jan 1 2008 01:37:34.270.2-05:13 ChouShui_S2300 SSH/7/GRP_GETKEY:Getting local RSA key failed,use command' RSA local-key-pair create' to create it.
Jan 1 2008 01:37:34.270.3-05:13 ChouShui_S2300 SSH/7/DISSCONNECT:The connection is closed by SSH server, current FSM is SSH_Main_SSHProcess!
Jan 1 2008 01:37:34.270.4-05:13 ChouShui_S2300 SSH/7/FSM_MOVE:FSM moved from SSH_Main_SSHProcess to SSH_Main_Disconnect.
交换机上添加RSA local-key-pair create 后ssh登录正常