dbclient can't connect to cisco
Matt Johnston
matt at ucc.asn.au
Wed Nov 14 23:13:39 AWST 2018
Hi Nik,
>
> dbclient sends "SSH-2.0-dropbear_2018.76\r\n" and kexinit
> cisco sends "SSH-2.0-Cisco-1.25\r\n"
> then cisco waits "ip ssh time-out" seconds and then closes the TCP socket.
>
> my conjecture is that cisco empties its receive buffer after sendind the identification string and then waits for the lost kexinit.
> To prove my idea I added a sleep() after the first write_packet(), and dbclient was able to connect to cisco (ios 12.4 and 15.1).
Yes, it seems some Cisco SSH versions are buggy. Older IOS is possibly OK (I did a bit of investigation about a year ago when someone reported similar).
I'm not keen on changing dbclient, the current implementation saves a network roundtrip. It's perfectly reasonable according to the spec. If you have Cisco support could you report it to them?
Cheers,
Matt
rfc4253:
5.2. New Client, Old Server
Since the new client MAY immediately send additional data after its
identification string (before receiving the server's identification
string), ...
More information about the Dropbear
mailing list