I'd much prefer not using telnet! I see it to be about the same as doing remote management using the WiFi at the coffee shop with the laptop firewall disabled. Not looking like Cisco offers a particularly good alternative, though.
From: Steve Kradel [mailto:[email protected]] Sent: Friday, November 09, 2012 3:03 PM To: NT System Admin Issues Subject: Re: SSH (PuTTY) session from Windows2008R2 You might also check if sshd is configured to allow username + password login. The more secure choice is to require RSA/DSA authentication exclusively (oh, and not to use telnet whatsoever). --Steve On Fri, Nov 9, 2012 at 1:33 PM, Kevin <[email protected]<mailto:[email protected]>> wrote: It could be several things. Improperly configured SSH server settings. An SSH bug in IOS. (there have been several as i recall) OR something i can't think of. Something to put on your list of things to look into at a later time. Glad the that mystery is solved though. Best of luck! On 11/9/2012 9:51 AM, Richard McClary wrote: > Tried an assortment of PuTTY configurations, including SSH 1, different > encryption settings, etc. All returned the same message (looking at raw > captures) - encryption was successful, but authentication failed. > > Yes, finding either an old PuTTY, or another SSH client is possible. > > The main thing is, it is no longer a mystery. > > Thanks!- > > From: Kurt Buff [mailto:[email protected]<mailto:[email protected]>] > Sent: Friday, November 09, 2012 11:34 AM > To: NT System Admin Issues > Subject: Re: SSH (PuTTY) session from Windows2008R2 > > OK - so not a Windows firewall issue. > > Does the Cisco allow ssh v1? If so, does using v1 work? > > As somebody else suggested, perhaps a newer or older version of putty might > work better. > > Kurt > > On Fri, Nov 9, 2012 at 8:33 AM, Richard McClary > <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> > wrote: > This is definitely a W2K8-to-Cisco situation. Again, as per my reply to Kim, > the Cisco stack is still running SSH 1.99. That SSH version seems to be the > cause. (Weird, though, because the same copy of PuTTY on an MS OS other than > W2K8) will log into the Cisco stack just fine. > > Jonathan asked about the login box. It is the Cisco login box, and it is > identical to what is seen when connecting from other OS. > > As to why connecting from Win2008 - well, we have a boss and (also) a network > guy in NJ. Home office is on Manhattan. Travel in that area is still rather > restricted. Network guy has only his assigned laptop and is trying to work > remotely... The Cisco switch is not allowing a connection from outside the > physical LAN (he is using Juniper Network Connect). So, having been told > that the switch will accept a connection from within the LAN, he needed a > machine from within our LAN. Again, not having a desktop system within the > LAN, and he being our principal AD administrator, attempted to do his Cisco > work through one of the Win2K8 (NOT a DC!) systems he works on. > > From: Ziots, Edward > [mailto:[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>] > Sent: Friday, November 09, 2012 10:12 AM > > To: NT System Admin Issues > Subject: RE: SSH (PuTTY) session from Windows2008R2 > > That wont do it. > > Have you set the putty.exe to run as administrator in the client properties? > > And definitely should be using SSH v2 and higher to manage your switches. I > just wonder why you are doing it from a Windows 2008 server? > > I put copied my putty.exe to a Windows 2008 R2 SP1 server and created a > session to my Backtrack 5 R3 box via SSH. > > Z > > Edward E. Ziots, CISSP, Security +, Network + > Security Engineer > Lifespan Organization > [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> > > From: Kim Longenbaugh > [mailto:[email protected]<mailto:[email protected]>] > Sent: Friday, November 09, 2012 11:06 AM > > To: NT System Admin Issues > Subject: RE: SSH (PuTTY) session from Windows2008R2 > > Will the Windows client let you "telnet <ipaddress> 22" ? > > From: Richard McClary > [mailto:[email protected]<mailto:[email protected]>] > Sent: Friday, November 09, 2012 9:41 AM > To: NT System Admin Issues > Subject: SSH (PuTTY) session from Windows2008R2 > > Greetings! > > We use PuTTY for SSH sessions to manage various devices. An issue has > recently been discovered by us here... > > We have no problem logging in to our Cisco Catalyst 3750 switch stack via SSH > from machines running Windows XP, Windows 7, or Windows 2003. However, if we > are logged into a Windows 2008R2 system... > > Using PuTTY, we connect to the switch stack and get a login box. After > providing user name and password, we are denied access. > > Using telnet (MS version enabled in the "Features" page of Control > Panel/Applications), we can log in with no problem. > > My preliminary Google searches seem to indicate that although SSH clients and > servers are not a part of Windows 2008, it is supported. So far, nothing > regarding this inability to log in to other systems using SSH. Again, this > is weird as a telnet session from the same Windows 2008 machine gives access. > > Anyone??? Thanks!!! > -- > Richard D. McClary > Jr Infrastructure Architect, Information Technology Group > ASPCA(r) > 1717 S. Philo Rd, Ste 36 > Urbana, IL 61802 > [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> > P: 217-337-9761<tel:217-337-9761><tel:217-337-9761<tel:217-337-9761>> > C: 217-417-1182<tel:217-417-1182><tel:217-417-1182<tel:217-417-1182>> > F: 217-337-9761<tel:217-337-9761><tel:217-337-9761<tel:217-337-9761>> > www.aspca.org<http://www.aspca.org><http://www.aspca.org/> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
