SSH into c2 Switch

  • 0
  • 2
  • Problem
  • Updated 4 years ago
  • (Edited)
So I am very new to Extreme Networks and I have encountered a weird problem.

According to Google searching, there is a known issue when using Putty to SSH into a C2 switch.  The error is. "Disconnected: Received SSH2_MSG_CHANNEL_SUCCESS for non existentchannel 0"

A lot of people posted that that you need to upgrade your firmware which we have and I double checked that SSH is enabled.  Still same error.

Now the weird bit.

If I use Netsight to SSH into the switch, it launches Putty, and it works!  But using Putty itself does not work....

Here is the event log using netsight to launch putty

2014-09-19 10:19:03 Looking up host "10.1.1.61"2014-09-19 10:19:03 Connecting to 10.1.1.61 port 22
2014-09-19 10:19:03 Server version: SSH-2.0-FreSSH.0.8
2014-09-19 10:19:03 We claim version: SSH-2.0-PuTTY_Release_0.60
2014-09-19 10:19:03 Using SSH protocol version 2
2014-09-19 10:19:03 Using Diffie-Hellman with standard group "group1"
2014-09-19 10:19:03 Doing Diffie-Hellman key exchange with hash SHA-1
2014-09-19 10:19:03 Host key fingerprint is:
2014-09-19 10:19:03 ssh-rsa 1024 ba:50:fe:f0:e5:43:bf:0b:de:50:40:c8:cd:1b:f5:9e
2014-09-19 10:19:03 Initialised AES-128 CBC client->server encryption
2014-09-19 10:19:03 Initialised HMAC-SHA1 client->server MAC algorithm
2014-09-19 10:19:03 Initialised AES-128 CBC server->client encryption
2014-09-19 10:19:03 Initialised HMAC-SHA1 server->client MAC algorithm
2014-09-19 10:19:12 Sent password
2014-09-19 10:19:12 Access granted
2014-09-19 10:19:12 Opened channel for session
2014-09-19 10:19:12 Allocated pty (ospeed 38400bps, ispeed 38400bps)
2014-09-19 10:19:12 Started a shell/command



Here is the event log for just using Putty that fails

2014-09-19 10:22:22 Looking up host "10.1.1.61"2014-09-19 10:22:22 Connecting to 10.1.1.61 port 22
2014-09-19 10:22:22 Server version: SSH-2.0-FreSSH.0.8
2014-09-19 10:22:22 Using SSH protocol version 2
2014-09-19 10:22:22 We claim version: SSH-2.0-PuTTY_Release_0.63
2014-09-19 10:22:22 Using Diffie-Hellman with standard group "group1"
2014-09-19 10:22:22 Doing Diffie-Hellman key exchange with hash SHA-1
2014-09-19 10:22:22 Host key fingerprint is:
2014-09-19 10:22:22 ssh-rsa 1024 ba:50:fe:f0:e5:43:bf:0b:de:50:40:c8:cd:1b:f5:9e
2014-09-19 10:22:22 Initialised AES-128 CBC client->server encryption
2014-09-19 10:22:22 Initialised HMAC-SHA1 client->server MAC algorithm
2014-09-19 10:22:22 Initialised AES-128 CBC server->client encryption
2014-09-19 10:22:22 Initialised HMAC-SHA1 server->client MAC algorithm
2014-09-19 10:22:32 Sent password
2014-09-19 10:22:32 Access granted
2014-09-19 10:22:32 Opening session as main channel
2014-09-19 10:22:32 Opened main channel
2014-09-19 10:22:32 Disconnected: Received SSH2_MSG_CHANNEL_SUCCESS for nonexistent channel 0

I would assume I am just missing a setting somewhere but I cannot figure it out so hoping someone can help me.
Photo of Brent Lemaster

Brent Lemaster

  • 80 Points 75 badge 2x thumb

Posted 4 years ago

  • 0
  • 2
Photo of Jason Parker

Jason Parker, Employee

  • 2,918 Points 2k badge 2x thumb
This seems to be due to FAD
The version of Puty uses a different mac hashing algorithm and is not supported (version 063) due to hardware restrictions

A comparison between the 2 versions of Putty:
O61  - mac-sha1 compression none
063  - hmac-sha2-256 compression none  <-------Different mac hashing authentication algorithm

SSHv2 connection fails
error message:

"SSH2_MSG_CHANNEL_SUCCESS for nonexistant channel 0"

Putty version 0.61 correctly works
Please use version 0.61.
There is no plans to change this as the hardware does not support this feature
Jason
Photo of D.J. Harbaugh

D.J. Harbaugh

  • 124 Points 100 badge 2x thumb
Jason:

I think you've confused the C2 with the A2 which will never support this feature:

https://community.extremenetworks.com/extreme/topics/c2_b2_a4_a2_series_has_ssh_session_error_nonexistent_channel_0_with_putty_v0_6x

The C2 within its own release notes says that in version 5.02.16.0008 they believe the issue was resolved, though it doesn't seem to be.  Note below our revision number: (connected using Netsight)



And now the error by connecting from Putty rather than Netsight:



I've figured out why launching SSH via Netsight works, apparently they've built in version 0.60 of Putty into Netsight which didn't suffer from this issue.







So I think in short, the rather annoying workaround is to launch SSH via Netsight for the C2s.  This way you can continue to use the latest and greatest for Putty for unaffected hosts and keep the benefit of SHA-256 instead of being forced down to SHA1 at best no matter your host's capabilities.
(Edited)