I am having a problem forcing the sun server to the firmware using break command thru SSH, on my cisco 2611. Anyone have any suggestions as to why? We can send break thru telnet, but not thru SSH ( which is what we need )
Thanks in advance.
James
You need to configure a break-string for SSH using the "ip ssh break-string" command. Take a look at
Thanks Very much, I will check that now. Much appriciated.
James
Tried this, still getting nothing. Would you happen to have any other suggestions?
James
snipped-for-privacy@gmail.com wrote:
Could you describe how the sun server is connected to the 2611? Also, please post the ssh configuration you have on the 2611.
Cisco da Gama
I am connected to a V120 via serial port. I will get the config and post it when i get bck into the office this morn. Thanks da Gama!
~ You need to configure a break-string for SSH using the "ip ssh ~ break-string" command. Take a look at ~ ~
"ip ssh break-string" should work. There is one gotcha that's fixed as of 12.3(15.4) 12.4(2.10)*:
CSCef87618 Internally found minor defect: Resolved (R) single-character ssh break-string isnt seen without [CR]
Release-note: Added 040928 by aaron
If the "ip ssh break-string" is set to a single-character value, then the ssh server does not process the break character till a subsequent character is received from the ssh client.
Example:
router(config)#ip ssh break-string \\001
This sets the break string to control/A. However, when the ssh client types control/A, nothing happens till the client transmits a subsequent character - then the ssh server processes the break.
If the "ip ssh break-string" is set to a string containing two or more characters, then the ssh server processes the break as soon as the last character in the break string is received from the client.
So would this mean you would set
ip ssh break-string \\001 002 ???
~ So would this mean you would set ~ ~ ip ssh break-string \\001 002 ???
If you're running a version of IOS that does not have the fix for CSCef87618, and if you want to set the SSH break-string to the two character sequence control-A control-B, then the syntax would be:
ip ssh break-string \\001\\002
c3640(config)#ip ssh break-string \\001\\002 Please create RSA keys to enable SSH. c3640(config)#end c3640#sho run | i ssh ip ssh break-string ^A^B c3640#
Regards,
Aaron
I will try this, Thank you greatly
Ok
Set the break string to \\001\\002 and when I log into the sunfire thru the 2611, the signal is being sent right thru to the machine. The sun server is not getting a break, but the actual ctrl A B
Thanks
James
Yea, the ctrl commands "a" and "b" are being sent directly to the sun box. is there an option to turn break-string on / off??
~ Ok ~ ~ Set the break string to \\001\\002 and when I log into the sunfire thru ~ the 2611, the signal is being sent right thru to the machine. The sun ~ server is not getting a break, but the actual ctrl A B ~
THAT doesn't sound right.
Just found another bug that I didn't know about ... it seems that the "ip ssh break-string" only works for ssh v1, unless you have the fix for CSCsb90163, which appeared in 12.4(5.11)*.
So if you can use ssh v1, that would be your workaround, if you can't upgrade.
Aaron
will try ssh 1 and post back. thanks for the continued help
Im running 12.4
Its still sending cntrl directly thru to the sunfire even on ssh 1. telnet has no problems with the breaks, its only ssh.
Heres my config
Using 1339 out of 29688 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname c2611 ! boot-start-marker boot-end-marker ! enable secret 5 $1$R0O.$aNgH1UFK6KBa9j42czL/p0 enable password abc.123 ! aaa new-model ! ! aaa authentication login default none ! aaa session-id common ! resource policy ! no network-clock-participate slot 1 no network-clock-participate wic 0 ip subnet-zero ip cef ! ! ! ! ip domain name xxxt.com ip ssh break-string ^A ! ! ! ! username root password 0 xxx+ ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.0.128 255.255.255.0 speed auto full-duplex ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto no cdp enable ! router ospf 1 router-id 192.168.0.128 log-adjacency-changes network 192.168.0.0 0.0.0.255 area 0 ! ip classless ip route 192.168.4.0 255.255.255.0 192.168.0.120 ! no ip http server no ip http secure-server ! dialer-list 1 protocol ip permit snmp-server enable traps snmp coldstart warmstart snmp-server host 192.168.10.127 public ! ! control-plane ! ! ! ! line con 0 exec-timeout 0 0 line 33 48 transport preferred ssh transport input telnet ssh transport output ssh telnet break-on-ip line aux 0 line vty 0 4 password xxx transport preferred ssh transport input telnet ssh ! ! end
shameless bump
~ will try ssh 1 and post back. thanks for the continued help
OK ... did using SSH V1 work OK?
Also, I saw that you said that you're running IOS "12.4". Do please note that CSCsb90163 is not fixed till 12.4(5.11)* i.e. you would need to pick up 12.4(7) or (if brave) 12.4(6)T to get break-string working with SSH V2.
Aaron
No, same problem
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.