Bug #17438 for Net-SSH-Perl: SSH to a cisco router: "Channel open failure: 1: reason 4:"

Thu Feb 02 07:37:44 2006 Guest - Ticket created

Subject:

SSH to a cisco router: "Channel open failure: 1: reason 4:"

Net-SSH-Perl-1.29 works well when connecting to a Linux machine, but when connecting to a Cisco Router it fails. These are the DEBUG messages: $ssh = Net::SSH::Perl->new("$host", (debug => $DEBUG, protocol => '2,1') ); NMCPorto.rin.telecom.pt: Reading configuration data /home/config/.ssh/config NMCPorto.rin.telecom.pt: Reading configuration data /etc/ssh_config NMCPorto.rin.telecom.pt: Connecting to 10.156.253.12, port 22. NMCPorto.rin.telecom.pt: Remote protocol version 2.0, remote software version Cisco-1.25 NMCPorto.rin.telecom.pt: Net::SSH::Perl Version 1.29, protocol version 2.0. NMCPorto.rin.telecom.pt: No compat match: Cisco-1.25. NMCPorto.rin.telecom.pt: Connection established. $ssh->login($user, $pass); NMCPorto.rin.telecom.pt: Sent key-exchange init (KEXINIT), wait response. NMCPorto.rin.telecom.pt: Algorithms, c->s: 3des-cbc hmac-sha1 none NMCPorto.rin.telecom.pt: Algorithms, s->c: 3des-cbc hmac-sha1 none NMCPorto.rin.telecom.pt: Entering Diffie-Hellman Group 1 key exchange. NMCPorto.rin.telecom.pt: Sent DH public key, waiting for reply. NMCPorto.rin.telecom.pt: Received host key, type 'ssh-rsa'. NMCPorto.rin.telecom.pt: Host '10.156.253.12' is known and matches the host key. NMCPorto.rin.telecom.pt: Computing shared secret key. NMCPorto.rin.telecom.pt: Verifying server signature. NMCPorto.rin.telecom.pt: Waiting for NEWKEYS message. NMCPorto.rin.telecom.pt: Enabling incoming encryption/MAC/compression. NMCPorto.rin.telecom.pt: Send NEWKEYS, enable outgoing encryption/MAC/compression. NMCPorto.rin.telecom.pt: Sending request for user-authentication service. NMCPorto.rin.telecom.pt: Service accepted: ssh-userauth. NMCPorto.rin.telecom.pt: Trying empty user-authentication request. NMCPorto.rin.telecom.pt: Authentication methods that can continue: password. NMCPorto.rin.telecom.pt: Next method to try is password. NMCPorto.rin.telecom.pt: Trying password authentication. NMCPorto.rin.telecom.pt: Login completed, opening dummy shell channel. NMCPorto.rin.telecom.pt: channel 0: new [client-session] NMCPorto.rin.telecom.pt: Requesting channel_open for channel 0. NMCPorto.rin.telecom.pt: channel 0: open confirm rwindow 1024 rmax 4096 NMCPorto.rin.telecom.pt: Got channel open confirmation, requesting shell. NMCPorto.rin.telecom.pt: Requesting service shell on channel 0. ($stdout, $stderr, $exit) = $ssh->cmd("show version"); NMCPorto.rin.telecom.pt: channel 1: new [client-session] NMCPorto.rin.telecom.pt: Requesting channel_open for channel 1. NMCPorto.rin.telecom.pt: Entering interactive session. NMCPorto.rin.telecom.pt: Channel open failure: 1: reason 4: ... and the connection stops, and the command is not given. This seems to have something to do with Channel Opening. ---------------------- Then I searched the web and found out a forum in which it was told to make some changes in …/Net/SSH/Perl/SSH2.pm - In sub login I removed the code that opens a "dummy channel" # $ssh->debug("Login completed, opening dummy shell channel."); # my $cmgr = $ssh->channel_mgr; # my $channel = $cmgr->new_channel( # ctype => 'session', local_window => 0, # local_maxpacket => 0, remote_name => 'client-session'); # $channel->open; # # my $packet = Net::SSH::Perl::Packet->read_expect($ssh, # SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); # $cmgr->input_open_confirmation($packet); # # unless ($suppress_shell) { # $ssh->debug("Got channel open confirmation, requesting shell."); # $channel->request("shell", 0); # } - In sub client_loop, I changed the line: last unless $oc > 1; to last unless $oc > 0; With these changes I can now connect to the Router Cisco, but I can only execute 1 (one) command. Here is the DEBUG: $ssh = Net::SSH::Perl->new("$host", (debug => $DEBUG, protocol => '2,1') ); (...DEBUG remains the same) $ssh->login($user, $pass); NMCPorto.rin.telecom.pt: Sent key-exchange init (KEXINIT), wait response. NMCPorto.rin.telecom.pt: Algorithms, c->s: 3des-cbc hmac-sha1 none NMCPorto.rin.telecom.pt: Algorithms, s->c: 3des-cbc hmac-sha1 none NMCPorto.rin.telecom.pt: Entering Diffie-Hellman Group 1 key exchange. NMCPorto.rin.telecom.pt: Sent DH public key, waiting for reply. NMCPorto.rin.telecom.pt: Received host key, type 'ssh-rsa'. NMCPorto.rin.telecom.pt: Host '10.156.253.12' is known and matches the host key. NMCPorto.rin.telecom.pt: Computing shared secret key. NMCPorto.rin.telecom.pt: Verifying server signature. NMCPorto.rin.telecom.pt: Waiting for NEWKEYS message. NMCPorto.rin.telecom.pt: Enabling incoming encryption/MAC/compression. NMCPorto.rin.telecom.pt: Send NEWKEYS, enable outgoing encryption/MAC/compression. NMCPorto.rin.telecom.pt: Sending request for user-authentication service. NMCPorto.rin.telecom.pt: Service accepted: ssh-userauth. NMCPorto.rin.telecom.pt: Trying empty user-authentication request. NMCPorto.rin.telecom.pt: Authentication methods that can continue: password. NMCPorto.rin.telecom.pt: Next method to try is password. NMCPorto.rin.telecom.pt: Trying password authentication. ($stdout, $stderr, $exit) = $ssh->cmd("show version"); NMCPorto.rin.telecom.pt: channel 0: new [client-session] NMCPorto.rin.telecom.pt: Requesting channel_open for channel 0. NMCPorto.rin.telecom.pt: Entering interactive session. NMCPorto.rin.telecom.pt: Sending command: show ver NMCPorto.rin.telecom.pt: Requesting service exec on channel 0. NMCPorto.rin.telecom.pt: channel 0: open confirm rwindow 1024 rmax 4096 NMCPorto.rin.telecom.pt: input_channel_request: rtype exit-status reply 0 NMCPorto.rin.telecom.pt: channel 0: rcvd eof NMCPorto.rin.telecom.pt: channel 0: output open -> drain NMCPorto.rin.telecom.pt: channel 0: obuf empty NMCPorto.rin.telecom.pt: channel 0: output drain -> closed NMCPorto.rin.telecom.pt: channel 0: close_write NMCPorto.rin.telecom.pt: channel 0: rcvd close NMCPorto.rin.telecom.pt: channel 0: input open -> closed NMCPorto.rin.telecom.pt: channel 0: close_read NMCPorto.rin.telecom.pt: channel 0: send close NMCPorto.rin.telecom.pt: channel 0: full closed But now if I try executing another command, this happens: ($stdout, $stderr, $exit) = $ssh->cmd("show runn"); NMCPorto.rin.telecom.pt: channel 1: new [client-session] NMCPorto.rin.telecom.pt: Requesting channel_open for channel 1. ... and the process suddently exits. Even if this script is not compatible, is it possible for me to make any changes so multiple commands to a Cisco Router can be made? I would deeply appreciate any help you could give me! Running in: Linux Fedora 4 x86_64 Perl v5.8.6 built for x86_64-linux-thread-multi. Net::SSH::Perl-1.29

Thu Feb 02 23:37:30 2006 dbrobins [...] cpan.org - Correspondence added

Cisco routers apparently don't support ssh properly, i.e. they don't allow multiple channels to be opened. Try Net::SSH2 which allows more control over channels incl. reuse.

Thu Feb 02 23:37:30 2006 The RT System itself - Status changed from 'new' to 'open'

Thu Feb 02 23:37:31 2006 dbrobins [...] cpan.org - Status changed from 'open' to 'rejected'