• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 623
  • Last Modified:

asa 5505 rdp to internal server does not work

ASA Version 8.2(1)
!
hostname ciscoasa
enable password gPmtuWCfb8uToFuQ encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address x.x.x.x 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
             
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone GMT 0

access-list outside_in extended permit tcp any eq 3389 host 192.168.1.104 eq 3389
access-list ext extended permit tcp any any eq 3389

pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp interface 3389 192.168.1.104 3389 netmask 255.255.255.255
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.110-192.168.1.140 inside
 
dhcpd dns x.x.x.x interface inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn

!
!
prompt hostname context
Cryptochecksum:6d2ad169e8b884b0b6defbca1678454f
: end
[OK]

ciscoasa#
0
dhuff2012
Asked:
dhuff2012
  • 3
  • 2
2 Solutions
 
Cyclops3590Commented:
Try the following:

access-list outside_in extended permit tcp any interface outside eq 3389
no access-list outside_in extended permit tcp any eq 3389 host 192.168.1.104 eq 3389
0
 
dhuff2012Author Commented:
This is the running config.  RDP still does not work

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.08.28 10:49:36 =~=~=~=~=~=~=~=~=~=~=~=
wr t
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password gPmtuWCfb8uToFuQ encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 69.17.112.x 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
<--- More --->
             
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone GMT 0
access-list outside_access_in extended permit tcp any interface outside eq 3389
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 3389 192.168.1.104 3389 netmask 255.255.255.255

access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 69.17.112.126 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.110-192.168.1.140 inside
dhcpd dns 64.81.45.2 216.231.41.2 interface inside
 
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username dhuff password Rv97LZTaW7hwMJ6z encrypted privilege 15
!
!
prompt hostname context
Cryptochecksum:855b1ffb640e3b0d5e99f1bfc42ff878
: end
[OK]

ciscoasa#
0
 
Cyclops3590Commented:
can you rdp directly to the internal IP address from another machine on the lan?  if so, download the portqry utility (its from MS) and run the following:

portqry -n <<public IP of RDP server>> -e 3389

it should say listening, but can say filtered or closed as well.  you have an ACL and translation so everything should be good.
0
 
dhuff2012Author Commented:
I will do that.  Thanks
0
 
dhuff2012Author Commented:
SSH auth is failing with all priv 15 accounts and rdp to the internal server is not working either.  I've attached the current config and debug ssh output.  Please help.

______________________________________________________________________

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.09.17 12:56:04 =~=~=~=~=~=~=~=~=~=~=~=
wr t
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password gPmtuWCfb8uToFuQ encrypted
passwd gPmtuWCfb8uToFuQ encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 69.17.112.x 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
<--- More --->
             
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone GMT 0
access-list outside_access_in extended permit tcp any interface outside eq 3389
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 3389 192.168.1.104 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 69.17.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authorization command LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh 70.173.28.215 255.255.255.255 outside
ssh timeout 60
ssh version 2

console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.110-192.168.1.140 inside
dhcpd dns 64.81.45.2 216.231.41.2 interface inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username test password P4ttSyrm33SV8TYp encrypted privilege 15
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
username dhuff password Rv97LZTaW7hwMJ6z encrypted privilege 15
!
!
prompt hostname context
Cryptochecksum:39a917db68d0e1a0485e4a708353638d
: end
[OK]

ciscoasa#

___________________________________________________________________


=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.09.17 13:00:08 =~=~=~=~=~=~=~=~=~=~=~=
Device ssh opened successfully.
SSH1: SSH client: IP = '68.108.26.127'  interface # = 2
SSH: host key initialised
SSH1: starting SSH control process
SSH1: Exchanging versions - SSH-2.0-Cisco-1.25

SSH1: send SSH message: outdata is NULL

server version string:SSH-2.0-Cisco-1.25SSH1: receive SSH message: 83 (83)
SSH1: client version is - SSH-2.0-PuTTY_Release_0.62

client version string:SSH-2.0-PuTTY_Release_0.62SSH1: begin server key generation
SSH1: complete server key generation, elapsed time = 1860 ms

SSH2 1: send: len 280 (includes padlen 4)
SSH2 1: SSH2_MSG_KEXINIT sent
SSH2 1: ssh_receive: 512 bytes received
SSH2 1: input: packet len 640
SSH2 1: partial packet 8, need 632, maclen 0
SSH2 1: ssh_receive: 128 bytes received
SSH2 1: partial packet 8, need 632, maclen 0
SSH2 1: input: padlen 6
SSH2 1: received packet type 20

SSH2 1: SSH2_MSG_KEXINIT received
SSH2 0:
kex_parse_kexinit: diffie-hellman-group1-sha1
SSH2 0:
kex_parse_kexinit: ssh-rsa
SSH2 0:
kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
SSH2 0:
kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
SSH2 0:
kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
SSH2 0:
kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
SSH2 0:
kex_parse_kexinit: none
SSH2 0:
kex_parse_kexinit: none
SSH2 0:
kex_parse_kexinit:
SSH2 0:
kex_parse_kexinit:
SSH2 0:
kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,
SSH2 0:
kex_parse_kexinit: ssh-rsa,ssh-dss
SSH2 0:
kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfi
SSH2 0:
kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfi
SSH2 0:
kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5
SSH2 0:
kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5
SSH2 0:
kex_parse_kexinit: none,zlib
SSH2 0:
kex_parse_kexinit: none,zlib
SSH2 0:
kex_parse_kexinit:
SSH2 0:
kex_parse_kexinit:
SSH2: kex: client->server aes256-cbc hmac-sha1 none
SSH2: kex: server->client aes256-cbc hmac-sha1 none
SSH2 1: expecting SSH2_MSG_KEXDH_INIT
SSH2 1: ssh_receive: 144 bytes received
SSH2 1: input: packet len 144
SSH2 1: partial packet 8, need 136, maclen 0
SSH2 1: input: padlen 5
SSH2 1: received packet type 30

SSH2 1: SSH2_MSG_KEXDH_INIT received
dh_client_pub=
d39944a1f3ca331b 27732fc3da15b658 a479f3ca9e5ca83c 6bdf3303291dff0a
336f63b8891a21e5 f6f5a97bff2b7982 3e87eeb0b542449a a8e49f79a9f5672d
e78d24f7e7a47028 3efcad103e02de7b 6bd01356ae74692b dbe4760ccf95e183
e4dce87f77d7d66d 94cc46301dc12034 d580069404efdd95 6bc2b21e01793d28
 

my_dh_pub=
88d74e512d77e342 37c1d0dd88936b8f e12a5a1e3978fc0a e90d973ffec71f23
9c836dc21e349745 848d11c8a74390e8 e30dfdcb85975b9b 7a7f9e742b835500
fa76747d0d333ef9 24120a0593807c31 42aca74c3a97e430 b55743512dd4537b
2fa4cd3b6061ff89 7ae271e3eb738138 6f40316173b3019e cdeb311ed42d46f4
 

shared secret
5b2d7b179bf58e17 5db76ffc0ac4a8df d17c794dc2d831c7 65e060365935547b
a24c179dc4b2fbed ea6349142d61dce3 8023b8d1e012bcae d589a5b0baa82091
4cd92ce2497f27d4 12cc859107284e83 90e3515cb0cfc8cb 51d83f638f644bf1
e945898b523eeefa 7345158dfcc69728 6daeca42ad005a89 2a34f8f9472cd948
 

hash
4d027daef9dfb7dc 73a3053c93487bf9 9ecd8a9d

SSH2 1: signature length 143
signature

000000077373682d 7273610000008037 d2670216692f4ae6 4821f29887e5dbf8
a89a3f049e605820 abdc074e89a506f0 97e3c464825fbf26 5bd9586077c1fa1e
c7a901bceaef7acb 79c5fff28abb123e 26388d5f451f7256 2ae5ab08d6783b9e
4c505c5862e6b923 707fa8ebd4d4a828 ba47354e22395a1c be1846a5d1d5c4b2
81fbf955ab1683fb 21167cde4cc036

SSH2 1: send: len 448 (includes padlen 7)
key
d98bbf72407ec852 e796b89d694e13f9 c274f408d308b957 aafac438ba021f00
 

key = A
d98bbf72407ec852 e796b89d694e13f9 c274f408d308b957 aafac438ba021f00
 

key
ee8039b2607a4de7 897b5d6b47af5640 4e6cbbb7f39017a3 e3a7e2de1f1e4863
 

key = B
ee8039b2607a4de7 897b5d6b47af5640 4e6cbbb7f39017a3 e3a7e2de1f1e4863
 

key
9d90a2e3c4b2e8f1 ae34477426dc0f6c 8afa6ba408572403 c6d4484a6249bb68
 

key = C
9d90a2e3c4b2e8f1 ae34477426dc0f6c 8afa6ba408572403 c6d4484a6249bb68
 

key
b4bfccc0224aba21 695f5766470404df b948327e93561a34 3ef7a81baa4bc83a
 

key = D
b4bfccc0224aba21 695f5766470404df b948327e93561a34 3ef7a81baa4bc83a
 

key
3fb5d5f6735911e3 c9aa8d0f1d8857c9 7be6cdd88d5a12a4 0bb4d818e703d776
 

key = E
3fb5d5f6735911e3 c9aa8d0f1d8857c9 7be6cdd88d5a12a4 0bb4d818e703d776
 

key
d4f9603e9a892b45 a86eff0e4decd8a4 187036d61dd40d96 1d017f9c3ea11939
 

key = F
d4f9603e9a892b45 a86eff0e4decd8a4 187036d61dd40d96 1d017f9c3ea11939
 

SSH2: kex_derive_keys complete
SSH2 1: send: len 16 (includes padlen 10)
SSH2 1: newkeys: mode 1
SSH2 1: SSH2_MSG_NEWKEYS sent
SSH2 1: waiting for SSH2_MSG_NEWKEYS
SSH2 1: ssh_receive: 16 bytes received
SSH2 1: input: packet len 16
SSH2 1: partial packet 8, need 8, maclen 0
SSH2 1: input: padlen 10
SSH2 1: newkeys: mode 0
SSH2 1: received packet type 21

SSH2 1: SSH2_MSG_NEWKEYS received
SSH2 1: ssh_receive: 88 bytes received
SSH2 1: input: packet len 16
SSH2 1: partial packet 16, need 0, maclen 20
SSH2 1: MAC #3 ok
SSH2 1: input: padlen 6
SSH2 1: received packet type 2

SSH2 1: SSH2_MSG_IGNORE msg is ''

SSH2 1: input: packet len 32
SSH2 1: partial packet 16, need 16, maclen 20
SSH2 1: MAC #4 ok
SSH2 1: input: padlen 10
SSH2 1: received packet type 5

SSH2 1: send: len 32 (includes padlen 10)
SSH2 1: done calc MAC out #3
SSH2 1: ssh_receive: 104 bytes received
SSH2 1: input: packet len 16
SSH2 1: partial packet 16, need 0, maclen 20
SSH2 1: MAC #5 ok
SSH2 1: input: padlen 6
SSH2 1: received packet type 2

SSH2 1: SSH2_MSG_IGNORE msg is ''

SSH2 1: input: packet len 48
SSH2 1: partial packet 16, need 32, maclen 20
SSH2 1: MAC #6 ok
SSH2 1: input: padlen 8
SSH2 1: received packet type 50
SSH(test): user authen method is 'no AAA', aaa server group ID = 0

SSH2 1: send: len 32 (includes padlen 13)
SSH2 1: done calc MAC out #4
SSH2 1: ssh_receive: 300 bytes received
SSH2 1: input: packet len 16
SSH2 1: partial packet 16, need 0, maclen 20
SSH2 1: MAC #7 ok
SSH2 1: input: padlen 6
SSH2 1: received packet type 2

SSH2 1: SSH2_MSG_IGNORE msg is ''

SSH2 1: input: packet len 64
SSH2 1: partial packet 16, need 48, maclen 20
SSH2 1: MAC #8 ok
SSH2 1: input: padlen 11
SSH2 1: received packet type 50
SSH(test): user authen method is 'no AAA', aaa server group ID = 0

SSH2 1: send: len 32 (includes padlen 13)
SSH2 1: done calc MAC out #5
SSH2 1: authentication failed for test
SSH2 1: input: packet len 160
SSH2 1: partial packet 16, need 144, maclen 20
SSH2 1: MAC #9 ok
SSH2 1: input: padlen 6
SSH2 1: received packet type 2

SSH2 1: SSH2_MSG_IGNORE msg is 'v.õqFÝJl­»cÿ°ÆÒõNO ËæÍem©+3]z£fïwæÎÖù¼gÕ?ôì:ZæÊðàÀ\®É¿GXï¼´CÎòT
7!.JPuTTY
SSH2 1: ssh_receive: 300 bytes received
SSH2 1: input: packet len 16
SSH2 1: partial packet 16, need 0, maclen 20
SSH2 1: MAC #10 ok
SSH2 1: input: padlen 6
SSH2 1: received packet type 2

SSH2 1: SSH2_MSG_IGNORE msg is ''

SSH2 1: input: packet len 64
SSH2 1: partial packet 16, need 48, maclen 20
SSH2 1: MAC #11 ok
SSH2 1: input: padlen 11
SSH2 1: received packet type 50
SSH(test): user authen method is 'no AAA', aaa server group ID = 0

SSH2 1: send: len 32 (includes padlen 13)
SSH2 1: done calc MAC out #6
SSH2 1: authentication failed for test
SSH2 1: input: packet len 160
SSH2 1: partial packet 16, need 144, maclen 20
SSH2 1: MAC #12 ok
SSH2 1: input: padlen 6
SSH2 1: received packet type 2

SSH2 1: SSH2_MSG_IGNORE msg is 'nX^ ¦Üîñïx-Ù6猪v?lx¸TÅ­[Ü~»zÖZ¥ó¾u'²÷ÑTé+½ª[ó=Àú'

SSH2 1: ssh_receive: 300 bytes received
SSH2 1: input: packet len 16
SSH2 1: partial packet 16, need 0, maclen 20
SSH2 1: MAC #13 ok
SSH2 1: input: padlen 6
SSH2 1: received packet type 2

SSH2 1: SSH2_MSG_IGNORE msg is ''

SSH2 1: input: packet len 64
SSH2 1: partial packet 16, need 48, maclen 20
SSH2 1: MAC #14 ok
SSH2 1: input: padlen 11
SSH2 1: received packet type 50
SSH(test): user authen method is 'no AAA', aaa server group ID = 0

SSH2 1: send: len 32 (includes padlen 13)
SSH2 1: done calc MAC out #7
SSH2 1: authentication failed for test
SSH2 1: authentication failed for test (code=1)SSH1: Session disconnected by SSH server - error 0x0d "Rejected by server"

           ^
ERROR: % Invalid input detected at '^' marker.

ciscoasa# config t

ciscoasa(config)# username cisco pass cisco priv 15

ciscoasa(config)# show aaa
ERROR: % Incomplete command

ciscoasa(config)#

ciscoasa# show aaa
ERROR: % Incomplete command

ciscoasa# a show aaa auth
                   ^
ERROR: % Invalid input detected at '^' marker.

ciscoasa# show aaa auth    ?

  local  Show AAA local method options

ciscoasa# show aaa local
ERROR: % Incomplete command

ciscoasa# show aaa local ?

  user  AAA Local user

ciscoasa# show aaa local
ERROR: % Incomplete command

ciscoasa# show aaa local user ?

  lockout  AAA Local locked-out user
  |        Output modifiers
  <cr>

ciscoasa# show aaa local user
Lock-time  Failed-attemptsLockedUser
    -   0Ntest
    -   0Ncisco
    -   0Ndhuff

ciscoasa# conf t

ciscoasa(config)# al
ERROR: % Incomplete command

ciscoasa(config)# aaa auth ssh console local

ciscoasa(config)# Device ssh opened successfully.
SSH1: SSH client: IP = '68.108.26.127'  interface # = 2
SSH: host key initialised
SSH1: starting SSH control process
SSH1: Exchanging versions - SSH-2.0-Cisco-1.25

SSH1: send SSH message: outdata is NULL

server version string:SSH-2.0-Cisco-1.25SSH1: receive SSH message: 83 (83)
SSH1: client version is - SSH-2.0-PuTTY_Release_0.62

client version string:SSH-2.0-PuTTY_Release_0.62SSH1: begin server key generation
SSH1: complete server key generation, elapsed time = 2190 ms

SSH2 1: send: len 280 (includes padlen 4)
SSH2 1: SSH2_MSG_KEXINIT sent
SSH2 1: ssh_receive: 512 bytes received
SSH2 1: input: packet len 640
SSH2 1: partial packet 8, need 632, maclen 0
SSH2 1: ssh_receive: 128 bytes received
SSH2 1: partial packet 8, need 632, maclen 0
SSH2 1: input: padlen 6
SSH2 1: received packet type 20

SSH2 1: SSH2_MSG_KEXINIT received
SSH2 0:
kex_parse_kexinit: diffie-hellman-group1-sha1
SSH2 0:
kex_parse_kexinit: ssh-rsa
SSH2 0:
kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
SSH2 0:
kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
SSH2 0:
kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
SSH2 0:
kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
SSH2 0:
kex_parse_kexinit: none
SSH2 0:
kex_parse_kexinit: none
SSH2 0:
kex_parse_kexinit:
SSH2 0:
kex_parse_kexinit:
SSH2 0:
kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,
SSH2 0:
kex_parse_kexinit: ssh-rsa,ssh-dss
SSH2 0:
kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfi
SSH2 0:
kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfi
SSH2 0:
kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5
SSH2 0:
kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5
SSH2 0:
kex_parse_kexinit: none,zlib
SSH2 0:
kex_parse_kexinit: none,zlib
SSH2 0:
kex_parse_kexinit:
SSH2 0:
kex_parse_kexinit:
SSH2: kex: client->server aes256-cbc hmac-sha1 none
SSH2: kex: server->client aes256-cbc hmac-sha1 none
SSH2 1: expecting SSH2_MSG_KEXDH_INIT
SSH2 1: ssh_receive: 144 bytes received
SSH2 1: input: packet len 144
SSH2 1: partial packet 8, need 136, maclen 0
SSH2 1: input: padlen 6
SSH2 1: received packet type 30

SSH2 1: SSH2_MSG_KEXDH_INIT received
dh_client_pub=
7bf6627f89a759c7 bc549a018df6974c a72e29e443f07079 f1aba3000b8259b6
44aa19ec6b473ab6 fb8c50d82fda52cb b4dd28120df25ccf a77b7de251fcd0cd
fd7c27c37effe90e fa57d36e15faa463 6a5ae095c7f0ae68 48155f98cd9c2767
41d17a6266ab063d 6fa87e9579d5c664 90429e803d74ac62 738b1e8a0afa2902
 

my_dh_pub=
702a3c14f91fdf04 9d99ec032aae1002 6b713c685a455dbf 74fb4d30e5d6ff59
d3a39f62e52e4f8f b76f7e99500e9e89 6a8b9668ca3afbeb f0334bf46607480f
a479348c3117fbc6 7c79410ef2d294e4 0abc090bac815503 bea0b37aefb80759
b8773e9fd6074e8c 679033ebfabec353 412f4b7be780ad91 dbc0e6967dc534e3
 

shared secret
cef545e4913103a6 e01d676898c4bcbd 6287ce1bcd65cd07 c1f7c37ed44c1e5d
4b3637805c253405 98096f7eef041cf9 2fc622e8be110c19 9244ccddbc64ec10
26a9188c133fa6a8 a2f0b55292f1d982 be6ae472cd123d80 76d9bcba1968253a
cf2e1e0f436eec3f d044624dd5a728f5 4d03ad4fbd3abf9c dd15987b723eec68
 

hash
1177808c775410e5 ae05266e5c647edb e8e8756a

SSH2 1: signature length 143
signature

000000077373682d 7273610000008032 d185b1fec1bb1385 379972982a30ac28
41f28016e59b8fdb 620034ba95e31e06 464c74d3f48c0362 ec010d6e6bed8ad8
9be3f47f57b726f8 7f913bb1a04dddb0 50f506b676ce315a 7626fea69b86a3de
d98e5000da9e2503 296550883baf6987 6de5cb300547cb93 4b9f2f17964046af
19ff400ab69c869a 9be9281cd6aacf

SSH2 1: send: len 448 (includes padlen 8)
key
d7037ac7792d3461 e5331b334ae899e3 34f6c9915b0211bc 45813b2f13add136
 

key = A
d7037ac7792d3461 e5331b334ae899e3 34f6c9915b0211bc 45813b2f13add136
 

key
4573f4f047b85409 11980df78aac3ecc 65340363ad7b7479 8e028febf5a74b43
 

key = B
4573f4f047b85409 11980df78aac3ecc 65340363ad7b7479 8e028febf5a74b43
 

key
9366b210f37c1fd5 4133658799497b75 274e2244d7ffafd1 d55a87aa0863da45
 

key = C
9366b210f37c1fd5 4133658799497b75 274e2244d7ffafd1 d55a87aa0863da45
 

key
1477039027c5b913 e29d22bada7cf810 f1cbe50037453419 44b3d6b4e967025a
 

key = D
1477039027c5b913 e29d22bada7cf810 f1cbe50037453419 44b3d6b4e967025a
 

key
3b0144d478939374 f287ae1475ab30a1 209dd81e0b463d88 afd5dad31937c05b
 

key = E
3b0144d478939374 f287ae1475ab30a1 209dd81e0b463d88 afd5dad31937c05b
 

key
0da70054697015f2 c32fe316f31eebdb 5f1b277801a762fc a9a10087f38af02f
 

key = F
0da70054697015f2 c32fe316f31eebdb 5f1b277801a762fc a9a10087f38af02f
 

SSH2: kex_derive_keys complete
SSH2 1: send: len 16 (includes padlen 10)
SSH2 1: newkeys: mode 1
SSH2 1: SSH2_MSG_NEWKEYS sent
SSH2 1: waiting for SSH2_MSG_NEWKEYS
SSH2 1: ssh_receive: 16 bytes received
SSH2 1: input: packet len 16
SSH2 1: partial packet 8, need 8, maclen 0
SSH2 1: input: padlen 10
SSH2 1: newkeys: mode 0
SSH2 1: received packet type 21

SSH2 1: SSH2_MSG_NEWKEYS received
SSH2 1: ssh_receive: 88 bytes received
SSH2 1: input: packet len 16
SSH2 1: partial packet 16, need 0, maclen 20
SSH2 1: MAC #3 ok
SSH2 1: input: padlen 6
SSH2 1: received packet type 2

SSH2 1: SSH2_MSG_IGNORE msg is ''

SSH2 1: input: packet len 32
SSH2 1: partial packet 16, need 16, maclen 20
SSH2 1: MAC #4 ok
SSH2 1: input: padlen 10
SSH2 1: received packet type 5

SSH2 1: send: len 32 (includes padlen 10)
SSH2 1: done calc MAC out #3
SSH2 1: ssh_receive: 104 bytes received
SSH2 1: input: packet len 16
SSH2 1: partial packet 16, need 0, maclen 20
SSH2 1: MAC #5 ok
SSH2 1: input: padlen 6
SSH2 1: received packet type 2

SSH2 1: SSH2_MSG_IGNORE msg is ''

SSH2 1: input: packet len 48
SSH2 1: partial packet 16, need 32, maclen 20
SSH2 1: MAC #6 ok
SSH2 1: input: padlen 7
SSH2 1: received packet type 50
SSH(cisco): user authen method is 'no AAA', aaa server group ID = 0

SSH2 1: send: len 32 (includes padlen 13)
SSH2 1: done calc MAC out #4
SSH2 1: ssh_receive: 300 bytes received
SSH2 1: input: packet len 16
SSH2 1: partial packet 16, need 0, maclen 20
SSH2 1: MAC #7 ok
SSH2 1: input: padlen 6
SSH2 1: received packet type 2

SSH2 1: SSH2_MSG_IGNORE msg is ''

SSH2 1: input: packet len 64
SSH2 1: partial packet 16, need 48, maclen 20
SSH2 1: MAC #8 ok
SSH2 1: input: padlen 9
SSH2 1: received packet type 50
SSH(cisco): user authen method is 'no AAA', aaa server group ID = 0

SSH2 1: send: len 32 (includes padlen 13)
SSH2 1: done calc MAC out #5
SSH2 1: authentication failed for cisco
SSH2 1: input: packet len 160
SSH2 1: partial packet 16, need 144, maclen 20
SSH2 1: MAC #9 ok
SSH2 1: input: padlen 6
SSH2 1: received packet type 2

SSH2 1: SSH2_MSG_IGNORE msg is 'OY¾üß`-"o+B'¨Q¼ÛI¨²¨¾\aÐS{Ý ÁT)­ºt"!=¿3$XKJ_iú=îÊVè5Èh|üäîî
SSH2 1: ssh_receive: 300 bytes received
SSH2 1: input: packet len 16
SSH2 1: partial packet 16, need 0, maclen 20
SSH2 1: MAC #10 ok
SSH2 1: input: padlen 6
SSH2 1: received packet type 2

SSH2 1: SSH2_MSG_IGNORE msg is ''

SSH2 1: input: packet len 64
SSH2 1: partial packet 16, need 48, maclen 20
SSH2 1: MAC #11 ok
SSH2 1: input: padlen 9
SSH2 1: received packet type 50
SSH(cisco): user authen method is 'no AAA', aaa server group ID = 0

SSH2 1: send: len 32 (includes padlen 13)
SSH2 1: done calc MAC out #6
SSH2 1: authentication failed for cisco
SSH2 1: input: packet len 160
SSH2 1: partial packet 16, need 144, maclen 20
SSH2 1: MAC #12 ok
SSH2 1: input: padlen 6
SSH2 1: received packet type 2

SSH2 1: SSH2_MSG_IGNORE msg is '@ºæ"XÉ öMcë{[æ|&½fmQÝHsC®¾±Âæd ÃÎs÷"!c!ÑõÐ|NVjsjHý4ôBJ3¢ýRPö¿~ùqdxÑépÇõÀ.Ô$ø
SSH2 1: ssh_receive: 300 bytes received
SSH2 1: input: packet len 16
SSH2 1: partial packet 16, need 0, maclen 20
SSH2 1: MAC #13 ok
SSH2 1: input: padlen 6
SSH2 1: received packet type 2

SSH2 1: SSH2_MSG_IGNORE msg is ''

SSH2 1: input: packet len 64
SSH2 1: partial packet 16, need 48, maclen 20
SSH2 1: MAC #14 ok
SSH2 1: input: padlen 9
SSH2 1: received packet type 50
SSH(cisco): user authen method is 'no AAA', aaa server group ID = 0

SSH2 1: send: len 32 (includes padlen 13)
SSH2 1: done calc MAC out #7
SSH2 1: authentication failed for cisco
SSH2 1: authentication failed for cisco (code=1)SSH1: Session disconnected by SSH server - error 0x0d "Rejected by server"
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now