Forum / Remote Desktop Manager - Support

SSH to Cisco Switch with Private Key Error

  • Create an Issue
  • Cancel

Hey%20guys%2C%3Cbr%3E%3Cbr%3EI%20am%20setting%20entries%20up%20in%20my%20RDM%20for%20my%20Cisco%20switches%20but%20for%20some%20reason%2C%20it%20doesn%27t%20want%20to%20work%20with%20Private%20keys.%3Cbr%3E%3Cbr%3EWhen%20I%20use%20username/password%20credential
edited by khakkinen on 11/7/2014

Clock6 yrs

Whoops, double post and something went wrong :S

Here is what I wrote:

Hey guys,

I am setting entries up in my RDM for my Cisco switches but for some reason, it doesn't want to work with Private keys.

When I use username/password credentials, it works perfectly fine.
When I use a Private Key,C it comes up with the following error

"Unable to connect. Verify your settings. Unsupported packet 60."

I can login using my private key fine using putty but I would prefer to use SSH Shell in RDM so it is all contained in one program.

Any ideas what is happening?

Thanks,
Karl

Clock6 yrs

Hi,
It seems to be an issue with the third party we use for the SSH. They just released an new version. Would mind checking for the next beta update coming soon to see if this is resolved? You can expect it for the end of next week.

David Hervieux

signaturesignature

Clock6 yrs

That I can do smile Thanks David.

Clock6 yrs

Hey David,

I just updated to the latest version but it is still happening.

Thanks,
Karl

Clock6 yrs

I think that the update didn't made the cut and it was not included. It will be in the next version.

David Hervieux

signaturesignature

Clock6 yrs

So it seems that the new version does not resolve your issue. We will have to check with the third party. André will verify on their forum

David Hervieux

signaturesignature

Clock6 yrs

Hi,
Here the answer of the third party support team.

It looks like the private key is encrypted using an unsupported algorithm (even though the key format is supported).
As a workaround, please download the PuTTYgen utility (I attached it) and use it to convert the private key you have into PuTTY '.ppk' format.
You should then be able to connect using the converted .ppk private key.


Current version supports loading the following private key formats:
•PKCS #8 format (PBKDF1, PBKDF2, PKCS #12 key generation, DES, 3DES, RC2, RC4, AES encryption)
•OpenSSH/OpenSSL SSLeay format (we only support TripleDES encryption)
•PuTTY PPKv2 format (it only uses AES)
In addition to encryption algorithms listed, keys with no encryption are supported as well.

Forum entry link

I hope that this will solve your issue.
Best regards,
edited by asanscartier on 10/30/2014
edited by asanscartier on 10/30/2014

André Sanscartier

signaturesignature

puttygen.zip
Clock6 yrs

Thanks for the information. Unfortunately, the key is already unencrypted and has no pass phrase. I tried exporting it to the other formats but they gave me the same issue, "Unsupported Packet 60".

Clock6 yrs

Thanks for the information. Unfortunately, the key is already unencrypted and has no pass phrase.

I tried exporting to other formats with the same issue (Unsupported Packet 60).

The key is already in ppk format.

Clock6 yrs

I've noticed that if I use an SSH-2 DSA Key, I do not get the Unsupported packet error. I get the erroe when using SSH-1 RSA and SSH-2 RSA keys. Unforchunatly, DSA is not supported on Cisco devices.

Clock6 yrs

Hi,
Could you generate a key as an example of what you need to use and send it to us with all information that you think that could be useful.
We will send it to the third party and ask them to add support to it.
Best regards,

André Sanscartier

signaturesignature

Clock6 yrs

Sorry for the delay, been busy as for the last few days.

I have attached two files:

Test-for-dev.ppk contains a password (password is 'test')
Test-for-dev-nopass.ppk contains no password.

Both are exhibiting the same problem:

error
edited by khakkinen on 11/7/2014

Test-for-dev.ppk
Test-for-dev-nopass.ppk
error.jpg
Clock6 yrs

Thought I would give it a try with loggin enabled (To debug the ARD problem) and I found this in the log:

[9/11/2014 2:29:21 PM]ERROR SILENT Rebex.Net.SshException: Unsupported packet 60.
at Rebex.Net.SshSession.ZY(String A, String B, SshPrivateKey C, SshGssApiCredentials D)
at Rebex.Net.SshSession.Authenticate(String userName, String password, SshPrivateKey privateKey)
at Rebex.Net.Ssh.QIB.MCB(String A, String B, SshPrivateKey C, PIB D)
at Rebex.Net.Ssh.ZO(String A, String B, SshPrivateKey C, PIB D)
at Rebex.Net.Ssh.Login(String userName, String password, SshPrivateKey privateKey)
at Devolutions.RemoteDesktopManager.Frames.Embedded.FreEmbeddedSshShell.Connect()

Hope that helps.

Thanks,
Karl

Clock6 yrs

Hi,
A new version of RDM will be released soon with a new advanced Telnet/SSH logging option.
You will just have to enable it in "Options", "Advanced".
The full path of this log file will be %LocalAppData%\Devolutions\RemoteDesktopManager\AdvancedTelnetSSH.log
Remove any sensitive information from the log - a private key and its password don't appear in the log, but the password for the authenticating user does (if you use one). Once we will receive the result it will be sent to the Third party with your examples.

Best regards,
edited by asanscartier on 11/10/2014

André Sanscartier

signaturesignature

Clock6 yrs

Awesome, thanks Andre. I will keep an eye out.

Clock6 yrs

Hi,
This is in the latest beta?

http://remotedesktopmanager.com/Home/Download#beta

David Hervieux

signaturesignature

Clock6 yrs

Ok, I have the data attached to this post.

AdvancedTelnetSSH.log - Log for the connection
Test-for-dev-nopass.ppk - Key used for connection (No password)

I also have noticed something odd. If I go to connect to a switch using a key that has not been added to the switch, it will error out like normal (Key has not been accepted by the switch) but if it has been added to the switch, it will error out with Packet 60 error.

Test-for-dev-nopass[1].ppk
AdvancedTelnetSSH.log
Clock6 yrs

Ok, lastest update has fixed the issue smile Thanks for all the hard work guys smile

Clock6 yrs

Thank you very much for you help. We got an hot fix from the third party yesterday.

David Hervieux

signaturesignature

Clock6 yrs