AP9630 v6.6.4/v1.0.8 ssh problem

Anonymous user · ‎2021-07-08

Hi

After upgrading our AP9630 to APC OSv6.6.4 / APC Boot Monitor v1.0.8, we can no longer connect via SSH. There are 6 cards in 6 Smart-UPS 2200. None can be connected via SSH. FTP and HHTPS is still possible. We have tried several SSH clients.

Telnet is still possible

This is the output to the console command:

apc>console

E000: Success

Telnet: enabled

SSH: enabled

Telnet Port: 23

SSH port: 22

Baud rate: 9600

Before the update the connection with SSH was no problem. Any idea where the problem is?

Best and many thanks for your feedback

Andreas

BillP · ‎2021-07-08

Thanks for sharing that debug output. I am not seeing any similar problems using AOS 6.6.4 with OpenSSH v7.2p2 or v7.4p1 as well as PuTTy v0.70. In searching online for ssh_exchange_identification: read: Connection reset by peer message (as I think those other messages about key_load_public are OK/normal and I have them too when I connect, this could be a few different things. I know that the NMC devices reboot during upgrade but you could try rebooting at least one for testing, restarting the client/service, or trying a different SSH client altogether if you hadn't already to confirm it appears to only be specific to this OpenSSH client.

I also don't know if for example upon reboot, host keys were re-generated which is causing a problem. This thread, among some others saying similar things https://ubuntuforums.org/showthread.php?t=2219400 seem to point to looking at allowhosts and denyhosts configurations. I know you said the client hasn't changed but worth a try and look.

See Answer In Context

BillP · ‎2021-07-08

Hi,

Which SSH client(s) are you using or trying? It would be helpful to see a verbose debug log from the client, if possible.

Also, which version of APC firmware did you upgrade from for reference? And is it possible the client was recently updated too?

Problems like this as of late are often mismatches between what the APC devices and SSH clients can support as far as cipher algorithms and HMAC options. Looking at a verbose debugging log from the client would help confirm where the issue is possibly and see if there is a work-around.

Using tools like OpenSSH, you can add -vvv to the CLI command and try to get the connection logs to put in a file. Other tools may have similar logging options.

Anonymous user · ‎2021-07-08

Hi Angela

This is the output when i add -vvv.

baumaand@drz-ubu:~$ ssh 172.31.122.201 -vvv

OpenSSH_7.6p1 Ubuntu-4ubuntu0.1, OpenSSL 1.0.2n 7 Dec 2017

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 19: Applying options for *

debug2: resolving "172.31.122.201" port 22

debug2: ssh_connect_direct: needpriv 0

debug1: Connecting to 172.31.122.201 [172.31.122.201] port 22.

debug1: Connection established.