[c-nsp] 12.4(20)T oddities

Justin Shore justin at justinshore.com
Sat Aug 30 16:00:15 EDT 2008


Sorry, I forgot to mention that I only configure SSH v2 (ip ssh ver 2). 
  I didn't try allowing v1 to see if that made a difference.  I'll try 
that when I get back a place in the network that I can do that.

Were the problems you had with 20T or some other IOS?  I've never had 
any SCRT problems with Cisco's IOS.

Justin


Mike Louis wrote:
> Did you check the ssh version enabled? I have had issues with Secure CRT not working and linux working when using the default ssh version. Just a thought
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin Shore
> Sent: Saturday, August 30, 2008 5:04 AM
> To: 'Cisco-nsp'
> Subject: [c-nsp] 12.4(20)T oddities
> 
> I upgraded a 2811 to 20T the other night.  I did another 2811 tonight
> after a different maintenance window.  The routers are basically
> identical, except for the quantity of modules installed in them.  I
> noticed the first night that I was seeing a number of tracebacks.
> Nothing was a show-stopper though.  One happened on boot and I don't
> have it handy at the moment.  Here are 2 that I still have in the log:
> 
> 
> 000435: Aug 27 00:47:47 CDT: %SCHED-7-WATCH: Attempt to enqueue
> uninitialized watched queue (address 0). -Process= "Call Manager XML
> client", ipl= 0, pid= 342,  -Traceback= 0x41774928 0x42DF4DF8 0x42B15C58
> 0x42B54260
> 
> 000440: Aug 27 00:49:20 CDT: %SCHED-7-WATCH: Attempt to enqueue
> uninitialized watched queue (address 0). -Process= "SSH Process", ipl=
> 0, pid= 317,  -Traceback= 0x41774928 0x42DF4DF8 0x42B15C58 0x42B54260
> 
> 
> Another odd thing that I noticed was that SSH from SecureCRT broke after
> the upgrade.  SSH from a Linux command line (OpenSSH) still works
> though.  This error is logged on the router:
> 
> 
> 000552: Aug 30 03:45:26.430 CDT: SSH2 0:  Invalid modulus length
> 
> 
> I wiped the router's RSA keys and regenerated them first at with a 2048
> bit modulus and then 1024 bit.  Neither solved the problem.  I even
> removed the local SecureCRT known_hosts key for that host (though that
> shouldn't have matter because SCRT will prompt you if the key has
> changed).  Below is the output from debug ip ssh packet/detail:
> 
> 
> 001258: Aug 30 03:53:11.320 CDT: SSH0: starting SSH control process
> 001259: Aug 30 03:53:11.320 CDT: SSH0: sent protocol version id
> SSH-2.0-Cisco-1.25
> 001260: Aug 30 03:53:11.324 CDT: SSH0: protocol version id is -
> SSH-2.0-SecureCRT_6.0.0 (build 183) SecureCRT
> 001261: Aug 30 03:53:11.324 CDT: SSH2 0: send:packet of  length 344
> (length also includes padlen of 5)
> 001262: Aug 30 03:53:11.324 CDT: SSH2 0: SSH2_MSG_KEXINIT sent
> 001263: Aug 30 03:53:11.324 CDT: SSH2 0: ssh_receive: 424 bytes received
> 001264: Aug 30 03:53:11.324 CDT: SSH2 0: input: total packet length of
> 424 bytes
> 001265: Aug 30 03:53:11.324 CDT: SSH2 0: partial packet length(block
> size)8 bytes,needed 416 bytes,
>                 maclen 0
> 001266: Aug 30 03:53:11.324 CDT: SSH2 0: input: padlength 7 bytes
> 001267: Aug 30 03:53:11.324 CDT: SSH2 0: SSH2_MSG_KEXINIT received
> 001268: Aug 30 03:53:11.324 CDT: SSH2:kex: client->server enc:aes128-cbc
> mac:hmac-md5
> 001269: Aug 30 03:53:11.328 CDT: SSH2:kex: server->client enc:aes128-cbc
> mac:hmac-md5
> 001270: Aug 30 03:53:11.328 CDT: SSH2 0: ssh_receive: 24 bytes received
> 001271: Aug 30 03:53:11.328 CDT: SSH2 0: input: total packet length of
> 24 bytes
> 001272: Aug 30 03:53:11.328 CDT: SSH2 0: partial packet length(block
> size)8 bytes,needed 16 bytes,
>                 maclen 0
> 001273: Aug 30 03:53:11.328 CDT: SSH2 0: input: padlength 6 bytes
> 001274: Aug 30 03:53:11.328 CDT: SSH2 0: SSH2_MSG_KEX_DH_GEX_REQUEST
> received
> 001275: Aug 30 03:53:11.328 CDT: SSH2 0: Range sent by client is - 1024
> < 2046 < 2046
> 001276: Aug 30 03:53:11.328 CDT: SSH2 0:  Invalid modulus length
> 001277: Aug 30 03:53:11.428 CDT: SSH0: Session disconnected - error 0x00
> 
> 
> Any thoughts?  I'm holding off on any more 20T upgrades until this can
> be resolved.  While I do have a local NOC server that I can SSH from if
> needed I'm not inclined to hinder my management abilities like that.
> 
> As I was writing the config and disconnecting this 3rd traceback popped up:
> 
> 001301: Aug 30 03:59:06 CDT: %SCHED-7-WATCH: Attempt to enqueue
> uninitialized watched queue (address 0). -Process= "Virtual Exec", ipl=
> 0, pid= 354,  -Traceback= 0x41774928 0x42DF4DF8 0x42B15C58 0x42B54260[OK]
> 
> 
> Does anyone have any thoughts on any of this?  So far this has been the
> most problematic T release I've used.  They are generally more reliable.
>   So far I haven't noticed any VoIP issues or other actual
> show-stoppers.  I'm itching to try out some of the new and long-awaited
> features but I may have to wait for a (20)T1 to do that outside of a lab.
> 
> Thanks
>   Justin
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 
> Note: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure.  If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited.  If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately.
> 


More information about the cisco-nsp mailing list