Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

Permission denied when trying to SSH into CISCO virtual router

by |Published

My main goal is to be able to simulate a device so I can SSH into it from a Python application and get the output of the commands. But first, I’m trying to manually SSH into the device from the terminal.

I’m using GNS3 to simulate the network and a CISCO C7200 image. I’m using Manjaro Linux. My topology:

enter image description here

Router config:

conf t
username admin privilege 15 password 1234
hostname R1
ip domain-name local
crypto key generate rsa
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
interface fa0/0
ip address 192.168.12.1 255.255.255.0
no shut
end

I’m setting up the interface using an IP address from the same subnet of my WiFi adapter. Apparently, I can ping it just fine:

$ ping 192.168.12.1
PING 192.168.12.1 (192.168.12.1) 56(84) bytes of data.
64 bytes from 192.168.12.1: icmp_seq=1 ttl=64 time=3.11 ms
64 bytes from 192.168.12.1: icmp_seq=2 ttl=64 time=3.72 ms

But when trying to SSH into it:

$ ssh admin@192.168.12.1
admin@192.168.12.1's password: 
Permission denied, please try again.
admin@192.168.12.1's password: 
Permission denied, please try again.
admin@192.168.12.1's password: 
admin@192.168.12.1: Permission denied (publickey,password).

This is the verbose output:

OpenSSH_9.5p1, OpenSSL 3.1.4 24 Oct 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 2: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: Connecting to 192.168.12.1 [192.168.12.1] port 22.
debug1: Connection established.
debug1: identity file /home/gabriel/.ssh/id_rsa type 0
debug1: identity file /home/gabriel/.ssh/id_rsa-cert type -1
debug1: identity file /home/gabriel/.ssh/id_ecdsa type -1
debug1: identity file /home/gabriel/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/gabriel/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/gabriel/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/gabriel/.ssh/id_ed25519 type 3
debug1: identity file /home/gabriel/.ssh/id_ed25519-cert type -1
debug1: identity file /home/gabriel/.ssh/id_ed25519_sk type -1
debug1: identity file /home/gabriel/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/gabriel/.ssh/id_xmss type -1
debug1: identity file /home/gabriel/.ssh/id_xmss-cert type -1
debug1: identity file /home/gabriel/.ssh/id_dsa type -1
debug1: identity file /home/gabriel/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.5
debug1: Remote protocol version 2.0, remote software version dropbear_2012.55
debug1: compat_banner: no match: dropbear_2012.55
debug1: Authenticating to 192.168.12.1:22 as 'admin'
debug1: load_hostkeys: fopen /home/gabriel/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group1-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: (redacted)
debug1: load_hostkeys: fopen /home/gabriel/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.12.1' is known and matches the RSA host key.
debug1: Found key in /home/gabriel/.ssh/known_hosts:4
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 2 keys
debug1: Will attempt key: /home/gabriel/.ssh/id_ed25519 ED25519 (redacted) agent
debug1: Will attempt key: /home/gabriel/.ssh/id_rsa RSA (redacted) agent
debug1: Will attempt key: /home/gabriel/.ssh/id_ecdsa 
debug1: Will attempt key: /home/gabriel/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/gabriel/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/gabriel/.ssh/id_xmss 
debug1: Will attempt key: /home/gabriel/.ssh/id_dsa 
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/gabriel/.ssh/id_ed25519 ED25519 (redacted) agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/gabriel/.ssh/id_rsa RSA (redacted) agent
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/gabriel/.ssh/id_ecdsa
debug1: Trying private key: /home/gabriel/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/gabriel/.ssh/id_ed25519_sk
debug1: Trying private key: /home/gabriel/.ssh/id_xmss
debug1: Trying private key: /home/gabriel/.ssh/id_dsa
debug1: Next authentication method: password
admin@192.168.12.1's password: 
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
admin@192.168.12.1's password: 
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
admin@192.168.12.1's password: 
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
admin@192.168.12.1: Permission denied (publickey,password).

My /etc/ssh/ssh_config:

# Include drop-in configurations
Include /etc/ssh/ssh_config.d/*.conf

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP no
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k
    KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
    PubkeyAcceptedAlgorithms +ssh-rsa
    HostKeyAlgorithms +ssh-rsa
#   PubkeyAuthentication yes

Tried regenerating the RSA key inside the router and also avoid upgrading to SSH 2.0. Didn’t work. What am I doing wrong?

You may also like