On Sep 3, 2009, at 5:38 AM, Phil Mayers wrote: > All, > > I've been having some problems using Conch/SSH to talk to the SSH > server > on Cisco IOS (specifically the netconf subsystem) > > It seems that the IOS SSH server reacts badly to the following: > > c: syn > s: syn,ack > c: ack > c: PSH <my version>, <my kex> > s: PSH <ios version> > <hang> > > i.e. IOS doesn't like being bombarded with either the version string > or > KEX before it's sent its own banner.
I'm surprised to hear that, given that other users have posted programs using conch that run commands against multiple Cisco routers -- and apparently those programs worked. Do you have a particularly old IOS? (Or maybe particularly new?) But if that's the case, it is clearly a bug in their ssh implementation. From http://www.ietf.org/rfc/rfc4253.txt: > Since the new client MAY immediately send additional data after its > identification string (before receiving the server's identification > string), the old protocol may already be corrupt when the client > learns that the server is old. When this happens, the client > SHOULD > close the connection to the server, and reconnect using the old > protocol. But anyhow, a patch to add a "broken-server-bug-workaround" option seems reasonable. Once you've reported the bug to Cisco, so they'll fix it at some point, that is. James _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
