This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SSH login getting terminated after entering user name

0

Hi All, I am trying to login to the linux based device via SSH port i.e., 22 using putty. When trying to login, device is prompting for User name, but after entering to the device, ssh session terminates. Captured log using wireshark tool while performing this. Pasted below for your reference. Can anyone help me what would be a reason for this kind of behavior.

In this image, could see that device (IP address 172.27.129.134) is sending FIN,ACK to the Client.

alt text

asked 20 Feb '17, 01:48

Chandrashekar_MV's gravatar image

Chandrasheka...
6112
accept rate: 0%

Can you share a capture in a publicly accessible spot, e.g. CloudShark?

(20 Feb '17, 02:10) Jaap ♦
(20 Feb '17, 05:56) Chandrasheka...

One Answer:

0

The capture does show, as mentioned in your question, the server closing the connection after the second packet of encrypted data from the client.

Unfortunately this is all that the capture can tell us, Wireshark is unable to decrypt SSH sessions. To determine why the server application closed the connection you will need to inspect the ssh logs on the server, possibly turning on debug logging to assist.

answered 21 Feb '17, 05:26

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%