View Single Post
  #1  
Old 03-30-2021, 07:21 AM
avalancen avalancen is offline
Registered User
 
Join Date: Mar 2021
Posts: 1
SecureCRT Version 8.7.2 (x64 build 2214) Not Connecting to Cisco Switch

SecureCRT cannot connect to switch, Putty can.

I have tried disabling every key exchange but diffie-hellman-group14. IS there a certain combination of key exchange and hmac I am supposed to select?

Cisco switch logs show;
%SSH-5-SSH2_SESSION: SSH2 Session request from <pruned-ip> (tty = 1) using crypto cipher '', hmac '' Failed
%SSH-5-SSH2_CLOSE: SSH2 Session from <pruned-ip> (tty = 1) for user '' using crypto cipher '', hmac '' closed

With default settings in SecureCRT.
SecureCRT Trace File
[PRINTER] : Printer initialization succeeded
[LOCAL] : SSH2Core version 8.7.0.2214
[LOCAL] : Connecting to <pruned-ip> ...
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = 'SSH-2.0-Cisco-1.25'
[LOCAL] : CAP : Remote can re-key
[LOCAL] : CAP : Remote sends language in password change requests
[LOCAL] : CAP : Remote sends algorithm name in PK_OK packets
[LOCAL] : CAP : Remote sends algorithm name in public key packets
[LOCAL] : CAP : Remote sends algorithm name in signatures
[LOCAL] : CAP : Remote sends error text in open failure packets
[LOCAL] : CAP : Remote sends name in service accept packets
[LOCAL] : CAP : Remote includes port number in x11 open packets
[LOCAL] : CAP : Remote uses 160 bit keys for SHA1 MAC
[LOCAL] : CAP : Remote supports new diffie-hellman group exchange messages
[LOCAL] : CAP : Remote correctly handles unknown SFTP extensions
[LOCAL] : CAP : Remote correctly encodes OID for gssapi
[LOCAL] : CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
[LOCAL] : CAP : Remote can do SFTP version 4
[LOCAL] : CAP : Remote uses SHA1 hash in RSA signatures for x.509v3
[LOCAL] : CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
[LOCAL] : CAP : Remote correctly handles zlib@openssh.com
[LOCAL] : SSPI : Requesting full delegation
[LOCAL] : SSPI : [Kerberos] SPN : host@<pruned-ip>
[LOCAL] : SSPI : [Kerberos] InitializeSecurityContext() failed.
[LOCAL] : SSPI : [Kerberos] The specified target is unknown or unreachable
[LOCAL] : SSPI : [Kerberos] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [Kerberos] SPN : host@<pruned-ip>
[LOCAL] : GSS : [Kerberos] InitializeSecurityContext() failed.
[LOCAL] : GSS : [Kerberos] Could not load library 'gssapi64.dll': The specified module could not be found.
[LOCAL] : GSS : [Kerberos] Disabling gss mechanism
[LOCAL] : GSS : [Kerberos] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==
[LOCAL] : SSPI : Requesting full delegation
[LOCAL] : SSPI : [Kerberos (Group Exchange)] SPN : host@<pruned-ip>
[LOCAL] : SSPI : [Kerberos (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : SSPI : [Kerberos (Group Exchange)] The specified target is unknown or unreachable
[LOCAL] : SSPI : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [Kerberos (Group Exchange)] SPN : host@<pruned-ip>
[LOCAL] : GSS : [Kerberos (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [Kerberos (Group Exchange)] Could not load library 'gssapi64.dll': The specified module could not be found.
[LOCAL] : GSS : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==
[LOCAL] : SEND : KEXINIT
[LOCAL] : RECV : Read kexinit
[LOCAL] : Available Remote Kex Methods = diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
[LOCAL] : Selected Kex Method = diffie-hellman-group-exchange-sha1
[LOCAL] : Available Remote Host Key Algos = x509v3-ssh-rsa,ssh-rsa
[LOCAL] : Selected Host Key Algo = x509v3-ssh-rsa
[LOCAL] : Available Remote Send Ciphers = aes128-ctr,aes192-ctr,aes256-ctr
[LOCAL] : Selected Send Cipher = aes256-ctr
[LOCAL] : Available Remote Recv Ciphers = aes128-ctr,aes192-ctr,aes256-ctr
[LOCAL] : Selected Recv Cipher = aes256-ctr
[LOCAL] : Available Remote Send Macs = hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
[LOCAL] : Selected Send Mac = hmac-sha2-512
[LOCAL] : Available Remote Recv Macs = hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
[LOCAL] : Selected Recv Mac = hmac-sha2-512
[LOCAL] : Available Remote Compressors = none
[LOCAL] : Selected Compressor = none
[LOCAL] : Available Remote Decompressors = none
[LOCAL] : Selected Decompressor = none
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
[LOCAL] : SEND : KEXDH_GEX_REQUEST
[LOCAL] : RECV : KEXDH_GEX_GROUP
[LOCAL] : RECV : DH Prime is 2048 bits
[LOCAL] : SEND : KEXDH_INIT
SecureCRT - Version 8.7.2 (x64 build 2214)
[LOCAL] : RECV: TCP/IP close
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_CLOSED
[LOCAL] : Connected for 0 seconds, 1722 bytes sent, 627 bytes received

[LOCAL] : Stream has closed [CLOSE_TYPE_NONSPECIFIC] : Connection closed.

Connection closed.
Reply With Quote