My main goal is to be able to simulate a device so I can SSH into it from a Python application and get the output of the commands. But first, I’m trying to manually SSH into the device from the terminal.
I’m using GNS3 to simulate the network and a CISCO C7200 image. I’m using Manjaro Linux. My topology:
Router config:
conf t
username admin privilege 15 password 1234
hostname R1
ip domain-name local
crypto key generate rsa
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
interface fa0/0
ip address 192.168.12.1 255.255.255.0
no shut
end
I’m setting up the interface using an IP address from the same subnet of my WiFi adapter. Apparently, I can ping it just fine:
$ ping 192.168.12.1
PING 192.168.12.1 (192.168.12.1) 56(84) bytes of data.
64 bytes from 192.168.12.1: icmp_seq=1 ttl=64 time=3.11 ms
64 bytes from 192.168.12.1: icmp_seq=2 ttl=64 time=3.72 ms
But when trying to SSH into it:
$ ssh admin@192.168.12.1
admin@192.168.12.1's password:
Permission denied, please try again.
admin@192.168.12.1's password:
Permission denied, please try again.
admin@192.168.12.1's password:
admin@192.168.12.1: Permission denied (publickey,password).
This is the verbose output:
OpenSSH_9.5p1, OpenSSL 3.1.4 24 Oct 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 2: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: Connecting to 192.168.12.1 [192.168.12.1] port 22.
debug1: Connection established.
debug1: identity file /home/gabriel/.ssh/id_rsa type 0
debug1: identity file /home/gabriel/.ssh/id_rsa-cert type -1
debug1: identity file /home/gabriel/.ssh/id_ecdsa type -1
debug1: identity file /home/gabriel/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/gabriel/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/gabriel/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/gabriel/.ssh/id_ed25519 type 3
debug1: identity file /home/gabriel/.ssh/id_ed25519-cert type -1
debug1: identity file /home/gabriel/.ssh/id_ed25519_sk type -1
debug1: identity file /home/gabriel/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/gabriel/.ssh/id_xmss type -1
debug1: identity file /home/gabriel/.ssh/id_xmss-cert type -1
debug1: identity file /home/gabriel/.ssh/id_dsa type -1
debug1: identity file /home/gabriel/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.5
debug1: Remote protocol version 2.0, remote software version dropbear_2012.55
debug1: compat_banner: no match: dropbear_2012.55
debug1: Authenticating to 192.168.12.1:22 as 'admin'
debug1: load_hostkeys: fopen /home/gabriel/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group1-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: (redacted)
debug1: load_hostkeys: fopen /home/gabriel/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.12.1' is known and matches the RSA host key.
debug1: Found key in /home/gabriel/.ssh/known_hosts:4
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 2 keys
debug1: Will attempt key: /home/gabriel/.ssh/id_ed25519 ED25519 (redacted) agent
debug1: Will attempt key: /home/gabriel/.ssh/id_rsa RSA (redacted) agent
debug1: Will attempt key: /home/gabriel/.ssh/id_ecdsa
debug1: Will attempt key: /home/gabriel/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/gabriel/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/gabriel/.ssh/id_xmss
debug1: Will attempt key: /home/gabriel/.ssh/id_dsa
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/gabriel/.ssh/id_ed25519 ED25519 (redacted) agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/gabriel/.ssh/id_rsa RSA (redacted) agent
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/gabriel/.ssh/id_ecdsa
debug1: Trying private key: /home/gabriel/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/gabriel/.ssh/id_ed25519_sk
debug1: Trying private key: /home/gabriel/.ssh/id_xmss
debug1: Trying private key: /home/gabriel/.ssh/id_dsa
debug1: Next authentication method: password
admin@192.168.12.1's password:
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
admin@192.168.12.1's password:
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
admin@192.168.12.1's password:
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
admin@192.168.12.1: Permission denied (publickey,password).
My /etc/ssh/ssh_config
:
# Include drop-in configurations
Include /etc/ssh/ssh_config.d/*.conf
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP no
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
PubkeyAcceptedAlgorithms +ssh-rsa
HostKeyAlgorithms +ssh-rsa
# PubkeyAuthentication yes
Tried regenerating the RSA key inside the router and also avoid upgrading to SSH 2.0. Didn’t work. What am I doing wrong?