No Break thru SSH to sun server

Discussion in 'Cisco' started by jfinnican, Mar 9, 2006.

  1. jfinnican

    jfinnican Guest

    I am having a problem forcing the sun server to the firmware using
    break command thru SSH, on my cisco 2611. Anyone have any suggestions
    as to why? We can send break thru telnet, but not thru SSH ( which is
    what we need )

    Thanks in advance.

    James
     
    jfinnican, Mar 9, 2006
    #1
    1. Advertisements

  2. jfinnican

    ciscodagama Guest

    ciscodagama, Mar 9, 2006
    #2
    1. Advertisements

  3. jfinnican

    jfinnican Guest

    Thanks Very much, I will check that now. Much appriciated.

    James
     
    jfinnican, Mar 9, 2006
    #3
  4. jfinnican

    jfinnican Guest

    Tried this, still getting nothing. Would you happen to have any other
    suggestions?

    James
     
    jfinnican, Mar 9, 2006
    #4
  5. jfinnican

    ciscodagama Guest

    Could you describe how the sun server is connected to the 2611? Also,
    please post the ssh configuration you have on the 2611.

    Cisco da Gama
    http://ciscostudy.blogspot.com
     
    ciscodagama, Mar 10, 2006
    #5
  6. jfinnican

    jfinnican Guest

    I am connected to a V120 via serial port. I will get the config and
    post it when i get bck into the office this morn. Thanks da Gama!
     
    jfinnican, Mar 10, 2006
    #6
  7. Aaron Leonard, Mar 13, 2006
    #7
  8. "ip ssh break-string" should work. There is one gotcha that's fixed
    as of 12.3(15.4) 12.4(2.10)*:

    CSCef87618
    Internally found minor defect: Resolved (R)
    single-character ssh break-string isnt seen without [CR]

    Release-note: Added 040928 by aaron

    If the "ip ssh break-string" is set to a single-character
    value, then the ssh server does not process the break
    character till a subsequent character is received from
    the ssh client.

    Example:

    router(config)#ip ssh break-string \001

    This sets the break string to control/A. However, when
    the ssh client types control/A, nothing happens till the
    client transmits a subsequent character - then the ssh
    server processes the break.

    If the "ip ssh break-string" is set to a string containing
    two or more characters, then the ssh server processes
    the break as soon as the last character in the break string
    is received from the client.


    ---


    ~ Tried this, still getting nothing. Would you happen to have any other
    ~ suggestions?
    ~
    ~ James
    ~
    ~
    ~ wrote:
    ~ > You need to configure a break-string for SSH using the "ip ssh
    ~ > break-string" command. Take a look at
    ~ >
    ~ > http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcr/tsec_r/sec_i2ht.htm#wp1187812
    ~ >
    ~ > Cisco da Gama
    ~ > http://ciscostudy.blogspot.com
     
    Aaron Leonard, Mar 13, 2006
    #8
  9. jfinnican

    jfinnican Guest

    So would this mean you would set

    ip ssh break-string \001 002 ???
     
    jfinnican, Mar 13, 2006
    #9
  10. On 13 Mar 2006 11:52:26 -0800, wrote:

    ~ So would this mean you would set
    ~
    ~ ip ssh break-string \001 002 ???

    If you're running a version of IOS that does not have the fix for CSCef87618,
    and if you want to set the SSH break-string to the two character sequence
    control-A control-B, then the syntax would be:

    ip ssh break-string \001\002

    c3640(config)#ip ssh break-string \001\002
    Please create RSA keys to enable SSH.
    c3640(config)#end
    c3640#sho run | i ssh
    ip ssh break-string ^A^B
    c3640#

    Regards,

    Aaron
     
    Aaron Leonard, Mar 14, 2006
    #10
  11. jfinnican

    jfinnican Guest

    I will try this, Thank you greatly
     
    jfinnican, Mar 14, 2006
    #11
  12. jfinnican

    jfinnican Guest

    Ok

    Set the break string to \001\002 and when I log into the sunfire thru
    the 2611, the signal is being sent right thru to the machine. The sun
    server is not getting a break, but the actual ctrl A B

    Thanks

    James
     
    jfinnican, Mar 14, 2006
    #12
  13. jfinnican

    jfinnican Guest

    Yea, the ctrl commands "a" and "b" are being sent directly to the sun
    box. is there an option to turn break-string on / off??
     
    jfinnican, Mar 15, 2006
    #13
  14. ~ Ok
    ~
    ~ Set the break string to \001\002 and when I log into the sunfire thru
    ~ the 2611, the signal is being sent right thru to the machine. The sun
    ~ server is not getting a break, but the actual ctrl A B
    ~

    THAT doesn't sound right.

    Just found another bug that I didn't know about ... it seems that the
    "ip ssh break-string" only works for ssh v1, unless you have the fix
    for CSCsb90163, which appeared in 12.4(5.11)*.

    So if you can use ssh v1, that would be your workaround, if you can't
    upgrade.

    Aaron
     
    Aaron Leonard, Mar 15, 2006
    #14
  15. jfinnican

    jfinnican Guest

    will try ssh 1 and post back. thanks for the continued help
     
    jfinnican, Mar 15, 2006
    #15
  16. jfinnican

    jfinnican Guest

    Im running 12.4

    Its still sending cntrl directly thru to the sunfire even on ssh 1.
    telnet has no problems with the breaks, its only ssh.
     
    jfinnican, Mar 15, 2006
    #16
  17. jfinnican

    jfinnican Guest

    Heres my config

    Using 1339 out of 29688 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname c2611
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$R0O.$aNgH1UFK6KBa9j42czL/p0
    enable password abc.123
    !
    aaa new-model
    !
    !
    aaa authentication login default none
    !
    aaa session-id common
    !
    resource policy
    !
    no network-clock-participate slot 1
    no network-clock-participate wic 0
    ip subnet-zero
    ip cef
    !
    !
    !
    !
    ip domain name xxxt.com
    ip ssh break-string ^A
    !
    !
    !
    !
    username root password 0 xxx+
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    ip address 192.168.0.128 255.255.255.0
    speed auto
    full-duplex
    !
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    no cdp enable
    !
    router ospf 1
    router-id 192.168.0.128
    log-adjacency-changes
    network 192.168.0.0 0.0.0.255 area 0
    !
    ip classless
    ip route 192.168.4.0 255.255.255.0 192.168.0.120
    !
    no ip http server
    no ip http secure-server
    !
    dialer-list 1 protocol ip permit
    snmp-server enable traps snmp coldstart warmstart
    snmp-server host 192.168.10.127 public
    !
    !
    control-plane
    !
    !
    !
    !
    line con 0
    exec-timeout 0 0
    line 33 48
    transport preferred ssh
    transport input telnet ssh
    transport output ssh
    telnet break-on-ip
    line aux 0
    line vty 0 4
    password xxx
    transport preferred ssh
    transport input telnet ssh
    !
    !
    end
     
    jfinnican, Mar 15, 2006
    #17
  18. jfinnican

    jfinnican Guest

    shameless bump
     
    jfinnican, Mar 16, 2006
    #18
  19. On 15 Mar 2006 14:11:40 -0800, wrote:

    ~ will try ssh 1 and post back. thanks for the continued help

    OK ... did using SSH V1 work OK?

    Also, I saw that you said that you're running IOS "12.4". Do please note
    that CSCsb90163 is not fixed till 12.4(5.11)* i.e. you would need to pick
    up 12.4(7) or (if brave) 12.4(6)T to get break-string working with SSH V2.

    Aaron
     
    Aaron Leonard, Mar 16, 2006
    #19
  20. jfinnican

    jfinnican Guest

    No, same problem
     
    jfinnican, Mar 16, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.