cancel
Showing results for 
Search instead for 
Did you mean: 

Cant SSH2 to Extreme switches via Ubuntu

Cant SSH2 to Extreme switches via Ubuntu

Marvell_Kay
New Contributor II
We recently enable SSH2 in our environment. I am able to SSH to Cisco switches without any issue but can not to any Extreme switch. I can login to them fine via teraterm/secureCRT but not via Ubuntu.

I have a Ubuntu 14.04 machine. Here is what I am getting:

ssh admin@extreme_switch.com
ssh_exchange_identification: read: Connection reset by peer

With -v for more info:

ssh -v admin@extreme_switch.com
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to extreme_switch.com [10.10.0.99] port 22.
debug1: Connection established.
debug1: identity file /home/admin1/.ssh/id_rsa type -1
debug1: identity file /home/admin1/.ssh/id_rsa-cert type -1
debug1: identity file /home/admin1/.ssh/id_dsa type -1
debug1: identity file /home/admin1/.ssh/id_dsa-cert type -1
debug1: identity file /home/admin1/.ssh/id_ecdsa type -1
debug1: identity file /home/admin1/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/admin1/.ssh/id_ed25519 type -1
debug1: identity file /home/admin1/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
ssh_exchange_identification: read: Connection reset by peer

Any idea why I can not login to Extremes?

Thanks
Zohaib

18 REPLIES 18

Marvell_Kay
New Contributor II
Thanks all for help. I tried a different Ubuntu machine on a different subnet and i worked. It seems to be blocked somewhere.

Does the switch happen to have an SSH access profile on it? It sounds like it may be getting blocked by that.

If it is, you should be able to see a log message that the SSH attempt was denied to due an access profile.

Drew_C
Valued Contributor III
Glad you got it [mostly] figured out. Thanks for letting us know!

Drew_C
Valued Contributor III
For "older" EXOS switches, I added an alias to my bash_profile (OS  to automatically add the older cypher. That way the extra algorithms are added by using:
code:
oldssh (switch_address)

Here's what I added:

$ grep oldssh .bash_profile
alias oldssh='ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-dss'
GTM-P2G8KFN