Unable to connect to ADC NSIP (version 12.1 and 13.0) using SSH/SFTP

[Mike1709156907]

I have  a brand new setup of two ADCs. One is 12.1 and the other is 13.0. Both are running on XenServer 8.0. I can connect to the ADCs using the GUI without any problems. I already configured reverse ICA, LB, etc. so far so good. The only problem that I encountered is connecting using PuTTY, WinSCP or FileZilla.

 

** In WinSCP, I get this message: "Network error: Software caused connection abort" and "Could not connect to server"

      the protocol is SFTP and the port is 22 as usual...

** In PuTTY, same error message as above. I am using the SSH and port 22 as well.

** In FileZilla, I get same error as well.

 

There is no firewall and the NSIP and my jumpbox where I initiate the connection is on the same subnet.

Most settings should still be at default.

 

I checked the NSIP configuration under Network > IP > Configure IP and they are as expected, the Enable Management Access to support the below listed apps are all selected correctly: Telnet, SSH, GUI, FTP, SNMP are all checked.

the "Allow access only to management applications" box is unchecked.

"Secure Access Only" check box is unchecked.

 

I also tried enabling management on the SNIP by ticking some of these boxes and then tried to connect using the SNIP but same issue as NSIP.

 

Any suggestions on troubleshooting this would be appreciated.

Edited November 7, 2019 by aosmantx

[Byron quotKeithquot Dalrymple]

Similar issue upon upgrading to 12.1.54.6 with these errors upon attempting to start the SSH daemon

/etc/sshd_config line 18: Deprecated option UsePrivilegeSeparation
/etc/sshd_config line 34: Bad SSH2 mac spec 'hmac-sha1,hmac-ripemd160'

 

Has anyone else seen this issue?

[Sean Ritter]

I am having the same issue as @Byron quotKeithquot Dalrymple after upgrading firmware to 12.1.55.13.

 

Were you able to resolve this?  I'm assuming these lines need to be removed?

 

In addition, after performing this upgrade, when performing any function in the GUI logged in as nsroot it is returning "not authorized to execute this command"

 

 

 

[MASON WITT]

We are seeing this as well after updating to 12.1 54.13. Have you figured anything out? 

 

 

[Sean Ritter]

Yes, I had to connect with a serial cable and comment out these lines in /nsconfig/sshd_config one of which was added to address this false positive. https://support.citrix.com/article/CTX209398

 

#option UsePrivilegeSeparation

#MACs hmac-sha1,hmac-ripemd160

When you connect with a serial cable and try to start ssh (/usr/sbin/sshd –f /etc/sshd_config) you will see errors like “/etc/ssh/sshd_config line 10: Deprecated option UsePrivilegeSeparation“

[MASON WITT]

Thanks Sean. I was hoping that wouldn't be the case. Guess I'm taking a drive to their location.

[Kee Xiong Wong]

On 1/17/2020 at 6:01 AM, Sean Ritter said:

Yes, I had to connect with a serial cable and comment out these lines in /nsconfig/sshd_config one of which was added to address this false positive. https://support.citrix.com/article/CTX209398

 

#option UsePrivilegeSeparation

#MACs hmac-sha1,hmac-ripemd160

When you connect with a serial cable and try to start ssh (/usr/sbin/sshd –f /etc/sshd_config) you will see errors like “/etc/ssh/sshd_config line 10: Deprecated option UsePrivilegeSeparation“

Can provide the Step how changes the file?