TL-SG2008P | ssh connection failed

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

TL-SG2008P | ssh connection failed

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
TL-SG2008P | ssh connection failed
TL-SG2008P | ssh connection failed
2022-06-20 19:58:57 - last edited 2022-06-21 13:21:58
Model: SG2008P  
Hardware Version: V3
Firmware Version: 3.0.0

Hi,
Need help with the ssh login to my new switch.
Any chance to get more logs from it? Its connected to Controller Software 5.3.1, ssh is enabled (default port 22).
I'm running out of ideas right now

Please find attached the debug log:

 

OpenSSH_8  2p1 Ubuntu-4ubuntu0  5 OpenSSL 1  1  1f 31 Mar 2020
debug1 Reading configuration data  home 4Bob   ssh config
debug1  home 4Bob   ssh config line 20 Applying options for sw01
debug1 Reading configuration data  etc ssh ssh_config
debug1  etc ssh ssh_config line 19 include  etc ssh ssh_config  d   conf matched no files
debug1  etc ssh ssh_config line 21 Applying options for
debug1 Connecting to sw01 [ip] port 22  
debug1 Connection established  
debug1 identity file  home 4Bob   ssh id_rsa type 0
debug1 identity file  home 4Bob   ssh id_rsa-cert type -1
debug1 identity file  home 4Bob   ssh id_dsa type -1
debug1 identity file  home 4Bob   ssh id_dsa-cert type -1
debug1 identity file  home 4Bob   ssh id_ecdsa type -1
debug1 identity file  home 4Bob   ssh id_ecdsa-cert type -1
debug1 identity file  home 4Bob   ssh id_ecdsa_sk type -1
debug1 identity file  home 4Bob   ssh id_ecdsa_sk-cert type -1
debug1 identity file  home 4Bob   ssh id_ed25519 type 3
debug1 identity file  home 4Bob   ssh id_ed25519-cert type -1
debug1 identity file  home 4Bob   ssh id_ed25519_sk type -1
debug1 identity file  home 4Bob   ssh id_ed25519_sk-cert type -1
debug1 identity file  home 4Bob   ssh id_xmss type -1
debug1 identity file  home 4Bob   ssh id_xmss-cert type -1
debug1 Local version string SSH-2  0-OpenSSH_8  2p1 Ubuntu-4ubuntu0  5
debug1 Remote protocol version 1  99, remote software version IPSSH-6  6  0
debug1 no match IPSSH-6  6  0
debug1 Authenticating to sw0122 as 'omada'
debug1 SSH2_MSG_KEXINIT sent
debug1 SSH2_MSG_KEXINIT received
debug1 kex algorithm diffie-hellman-group1-sha1
debug1 kex host key algorithm ssh-dss
debug1 kex server->client cipher aes128-cbc MAC hmac-sha1 compression none
debug1 kex client->server cipher aes128-cbc MAC hmac-sha1 compression none
debug1 expecting SSH2_MSG_KEX_ECDH_REPLY
debug1 Server host key ssh-dss SHA256xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1 Host 'sw01' is known and matches the DSA host key  
debug1 Found key in  home 4Bob   ssh known_hosts81
debug1 rekey out after 4294967296 blocks
debug1 SSH2_MSG_NEWKEYS sent
debug1 expecting SSH2_MSG_NEWKEYS
debug1 SSH2_MSG_NEWKEYS received
debug1 rekey in after 4294967296 blocks
debug1 Will attempt key  home 4Bob   ssh id_rsa RSA SHA256mypubkeys agent
debug1 Will attempt key  home 4Bob   ssh id_ed25519 ED25519 SHA256mypubkeys2 agent
debug1 Will attempt key  home 4Bob   ssh id_dsa
debug1 Will attempt key  home 4Bob   ssh id_ecdsa
debug1 Will attempt key  home 4Bob   ssh id_ecdsa_sk
debug1 Will attempt key  home 4Bob   ssh id_ed25519_sk
debug1 Will attempt key  home 4Bob   ssh id_xmss
debug1 SSH2_MSG_SERVICE_ACCEPT received
Authenticated with partial success  
debug1 Authentications that can continue publickey,password
debug1 Next authentication method publickey
debug1 Offering public key  home 4Bob   ssh id_rsa RSA SHA256mypubkeys agent
debug1 Authentications that can continue publickey,password
debug1 Offering public key  home 4Bob   ssh id_ed25519 ED25519 SHA256mypubkeys2 agent
Connection closed by [ip] port 22

 

My ssh config looks like:

 

Host sw01
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-dss

 

Thank you.

btw. slash dot and so on are remove because of your security awareness ...The log received 'Content or title contains illegal external links'  what was there a link?

  0      
  0      
#1
Options
2 Reply
Re:TL-SG2008P | ssh connection failed
2022-06-21 08:01:06

  @4Bob I've seen a post before but not sure if it is the same issue. But anyway according to tplink, "This is because OpenSSH 7.0 (and above) disable the algorithm by default that our switches are applying. We need to enable the corresponding algorithm on OpenSSH client manually."

 

Source: https://www.tp-link.com/us/support/faq/2025/

  0  
  0  
#2
Options
Re:TL-SG2008P | ssh connection failed
2022-06-21 08:45:58

  @Somnus 

 

Thank you for your feedback. I had the same message (no matching key exchange) initially and then came across the support article - My SSH_Config has been adjusted accordingly. It is definitely my new Linux client, for sure - older without hardening working fine.

 

You see client interaction – HostKeyAlgorithms ssh-dss set – no valid ssh key found and than connection is getting closed; What have I overlooked?

  0  
  0  
#3
Options