[Twisted-Python] Conch/SSH & Cisco IOS
James Y Knight
foom at fuhm.net
Thu Sep 3 11:04:15 MDT 2009
On Sep 3, 2009, at 5:38 AM, Phil Mayers wrote:
> All,
>
> I've been having some problems using Conch/SSH to talk to the SSH
> server
> on Cisco IOS (specifically the netconf subsystem)
>
> It seems that the IOS SSH server reacts badly to the following:
>
> c: syn
> s: syn,ack
> c: ack
> c: PSH <my version>, <my kex>
> s: PSH <ios version>
> <hang>
>
> i.e. IOS doesn't like being bombarded with either the version string
> or
> KEX before it's sent its own banner.
I'm surprised to hear that, given that other users have posted
programs using conch that run commands against multiple Cisco routers
-- and apparently those programs worked. Do you have a particularly
old IOS? (Or maybe particularly new?)
But if that's the case, it is clearly a bug in their ssh implementation.
From http://www.ietf.org/rfc/rfc4253.txt:
> Since the new client MAY immediately send additional data after its
> identification string (before receiving the server's identification
> string), the old protocol may already be corrupt when the client
> learns that the server is old. When this happens, the client
> SHOULD
> close the connection to the server, and reconnect using the old
> protocol.
But anyhow, a patch to add a "broken-server-bug-workaround" option
seems reasonable. Once you've reported the bug to Cisco, so they'll
fix it at some point, that is.
James
More information about the Twisted-Python
mailing list