Wired Intelligent Edge

Good morning,

We have 4 new Arubaos-cx 8320 switches at a customer site where we are no longer able to connect via SSH. With Putty we get the error "Network error: Software caused connection abort", with Bitvise we see "The SSH session has terminated with error. Reason: FlowSocketReader: Error receiving bytes. Windows error 10054: An existing connection was forcibly closed by the remote host."

Rebooting the switch helps for a few hours;
Accessing the switch via serial and executing no ssh server vrf default and ssh server vrf default <sometimes> helps, for a few hours.
But always the problem returns. Debug sshutils all on the switch doesn't show any entries when trying to connect.

OS version is TL.10.06.0010

Keep in mind that we want as little fuzz as possible with with certificate generation and all that, certificates always like to expire at the worst possible time. We just want to connect to the switch.

Has anybody had this issue or any ideas to keep ssh working?

Thank you,
Kris

------------------------------
Kris
------------------------------

We have a similar setup and use local/remote ssh extensively.

Disclaimer: I am an aoscx noob.

Forcing different symptoms to cause us to think out of the box:

1. Try another remote client and OS to see if SSH break symptoms are identical.
2. If your customer has the knowledge, have them locally SSH to one of the 8320's and try to force a prolonged SSH session.
3.  If you SSH to one 8320 and then from the first 8320, SSH to a second 8320, do any of the connections break in a similar manner?

------------------------------
R-Air
------------------------------

Original Message:
Sent: Feb 02, 2021 04:09 AM
From: Kris Vervisch
Subject: SSH connection abort

Good morning,

We have 4 new Arubaos-cx 8320 switches at a customer site where we are no longer able to connect via SSH. With Putty we get the error "Network error: Software caused connection abort", with Bitvise we see "The SSH session has terminated with error. Reason: FlowSocketReader: Error receiving bytes. Windows error 10054: An existing connection was forcibly closed by the remote host."

Rebooting the switch helps for a few hours;
Accessing the switch via serial and executing no ssh server vrf default and ssh server vrf default <sometimes> helps, for a few hours.
But always the problem returns. Debug sshutils all on the switch doesn't show any entries when trying to connect.

OS version is TL.10.06.0010

Keep in mind that we want as little fuzz as possible with with certificate generation and all that, certificates always like to expire at the worst possible time. We just want to connect to the switch.

Has anybody had this issue or any ideas to keep ssh working?

Thank you,
Kris

------------------------------
Kris
------------------------------

Hi,

Thanks for your reply. I've tried this:
1: tried from different machines (all windows OS'es however) with bitvise or putty, from different subnets
2: once your're in, you stay in until the idle timer runs out; no disconnects before that. then sometimes you can connect again but mostly the issue returns
3: i have a serial connection to one of the switches now, when I try to access another one from there:

Aruba8320-DC1-1# ping aruba8320-dc1-2
PING aruba8320-dc1-2.<domain> (192.168.255.42) 100(128) bytes of data.
108 bytes from 192.168.255.42: icmp_seq=1 ttl=64 time=0.215 ms
108 bytes from 192.168.255.42: icmp_seq=2 ttl=64 time=0.257 ms
108 bytes from 192.168.255.42: icmp_seq=3 ttl=64 time=0.250 ms
108 bytes from 192.168.255.42: icmp_seq=4 ttl=64 time=0.255 ms
108 bytes from 192.168.255.42: icmp_seq=5 ttl=64 time=0.269 ms

--- aruba8320-dc1-2.<domain> ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4076ms
rtt min/avg/max/mdev = 0.215/0.249/0.269/0.020 ms
Aruba8320-DC1-1# ssh aruba8320-dc1-2
kex_exchange_identification: read: Connection reset by peer
Aruba8320-DC1-1# ssh 192.168.255.42
kex_exchange_identification: read: Connection reset by peer

Kind regards

------------------------------
Kris Vervisch
------------------------------

Original Message:
Sent: Feb 03, 2021 08:00 AM
From: R-Air R-Head
Subject: SSH connection abort

We have a similar setup and use local/remote ssh extensively.

Disclaimer: I am an aoscx noob.

Forcing different symptoms to cause us to think out of the box:

1. Try another remote client and OS to see if SSH break symptoms are identical.
2. If your customer has the knowledge, have them locally SSH to one of the 8320's and try to force a prolonged SSH session.
3.  If you SSH to one 8320 and then from the first 8320, SSH to a second 8320, do any of the connections break in a similar manner?

------------------------------
R-Air

Original Message:
Sent: Feb 02, 2021 04:09 AM
From: Kris Vervisch
Subject: SSH connection abort

Good morning,

We have 4 new Arubaos-cx 8320 switches at a customer site where we are no longer able to connect via SSH. With Putty we get the error "Network error: Software caused connection abort", with Bitvise we see "The SSH session has terminated with error. Reason: FlowSocketReader: Error receiving bytes. Windows error 10054: An existing connection was forcibly closed by the remote host."

Rebooting the switch helps for a few hours;
Accessing the switch via serial and executing no ssh server vrf default and ssh server vrf default <sometimes> helps, for a few hours.
But always the problem returns. Debug sshutils all on the switch doesn't show any entries when trying to connect.

OS version is TL.10.06.0010

Keep in mind that we want as little fuzz as possible with with certificate generation and all that, certificates always like to expire at the worst possible time. We just want to connect to the switch.

Has anybody had this issue or any ideas to keep ssh working?

Thank you,
Kris

------------------------------
Kris
------------------------------

Quick reply only because I have limited time.

I obviously misunderstood your original issue.

Yes, I regularly have the "kex_exchange_identification: read: Connection reset by peer" "8320" problem.

My TEMP fix has been to BOOT the destination 8320.  Yes, I believe their is an AOS-CX bug.  I have never had this problem on our 6300's running FL.10.06.0010.

Will try to reply later with more insight.

------------------------------
R-Air
------------------------------

Original Message:
Sent: Feb 03, 2021 10:40 AM
From: Kris Vervisch
Subject: SSH connection abort

Hi,

Thanks for your reply. I've tried this:
1: tried from different machines (all windows OS'es however) with bitvise or putty, from different subnets
2: once your're in, you stay in until the idle timer runs out; no disconnects before that. then sometimes you can connect again but mostly the issue returns
3: i have a serial connection to one of the switches now, when I try to access another one from there:

Aruba8320-DC1-1# ping aruba8320-dc1-2
PING aruba8320-dc1-2.<domain> (192.168.255.42) 100(128) bytes of data.
108 bytes from 192.168.255.42: icmp_seq=1 ttl=64 time=0.215 ms
108 bytes from 192.168.255.42: icmp_seq=2 ttl=64 time=0.257 ms
108 bytes from 192.168.255.42: icmp_seq=3 ttl=64 time=0.250 ms
108 bytes from 192.168.255.42: icmp_seq=4 ttl=64 time=0.255 ms
108 bytes from 192.168.255.42: icmp_seq=5 ttl=64 time=0.269 ms

--- aruba8320-dc1-2.<domain> ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4076ms
rtt min/avg/max/mdev = 0.215/0.249/0.269/0.020 ms
Aruba8320-DC1-1# ssh aruba8320-dc1-2
kex_exchange_identification: read: Connection reset by peer
Aruba8320-DC1-1# ssh 192.168.255.42
kex_exchange_identification: read: Connection reset by peer

Kind regards

------------------------------
Kris Vervisch

Original Message:
Sent: Feb 03, 2021 08:00 AM
From: R-Air R-Head
Subject: SSH connection abort

We have a similar setup and use local/remote ssh extensively.

Disclaimer: I am an aoscx noob.

Forcing different symptoms to cause us to think out of the box:

1. Try another remote client and OS to see if SSH break symptoms are identical.
2. If your customer has the knowledge, have them locally SSH to one of the 8320's and try to force a prolonged SSH session.
3.  If you SSH to one 8320 and then from the first 8320, SSH to a second 8320, do any of the connections break in a similar manner?

------------------------------
R-Air

Original Message:
Sent: Feb 02, 2021 04:09 AM
From: Kris Vervisch
Subject: SSH connection abort

Good morning,

We have 4 new Arubaos-cx 8320 switches at a customer site where we are no longer able to connect via SSH. With Putty we get the error "Network error: Software caused connection abort", with Bitvise we see "The SSH session has terminated with error. Reason: FlowSocketReader: Error receiving bytes. Windows error 10054: An existing connection was forcibly closed by the remote host."

Rebooting the switch helps for a few hours;
Accessing the switch via serial and executing no ssh server vrf default and ssh server vrf default <sometimes> helps, for a few hours.
But always the problem returns. Debug sshutils all on the switch doesn't show any entries when trying to connect.

OS version is TL.10.06.0010

Keep in mind that we want as little fuzz as possible with with certificate generation and all that, certificates always like to expire at the worst possible time. We just want to connect to the switch.

Has anybody had this issue or any ideas to keep ssh working?

Thank you,
Kris

------------------------------
Kris
------------------------------

What do you have on the configuration about SSH? do you are using VRF ?

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281
------------------------------

Original Message:
Sent: Feb 03, 2021 10:40 AM
From: Kris Vervisch
Subject: SSH connection abort

Hi,

Thanks for your reply. I've tried this:
1: tried from different machines (all windows OS'es however) with bitvise or putty, from different subnets
2: once your're in, you stay in until the idle timer runs out; no disconnects before that. then sometimes you can connect again but mostly the issue returns
3: i have a serial connection to one of the switches now, when I try to access another one from there:

Aruba8320-DC1-1# ping aruba8320-dc1-2
PING aruba8320-dc1-2.<domain> (192.168.255.42) 100(128) bytes of data.
108 bytes from 192.168.255.42: icmp_seq=1 ttl=64 time=0.215 ms
108 bytes from 192.168.255.42: icmp_seq=2 ttl=64 time=0.257 ms
108 bytes from 192.168.255.42: icmp_seq=3 ttl=64 time=0.250 ms
108 bytes from 192.168.255.42: icmp_seq=4 ttl=64 time=0.255 ms
108 bytes from 192.168.255.42: icmp_seq=5 ttl=64 time=0.269 ms

--- aruba8320-dc1-2.<domain> ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4076ms
rtt min/avg/max/mdev = 0.215/0.249/0.269/0.020 ms
Aruba8320-DC1-1# ssh aruba8320-dc1-2
kex_exchange_identification: read: Connection reset by peer
Aruba8320-DC1-1# ssh 192.168.255.42
kex_exchange_identification: read: Connection reset by peer

Kind regards

------------------------------
Kris Vervisch

Original Message:
Sent: Feb 03, 2021 08:00 AM
From: R-Air R-Head
Subject: SSH connection abort

We have a similar setup and use local/remote ssh extensively.

Disclaimer: I am an aoscx noob.

Forcing different symptoms to cause us to think out of the box:

1. Try another remote client and OS to see if SSH break symptoms are identical.
2. If your customer has the knowledge, have them locally SSH to one of the 8320's and try to force a prolonged SSH session.
3.  If you SSH to one 8320 and then from the first 8320, SSH to a second 8320, do any of the connections break in a similar manner?

------------------------------
R-Air

Original Message:
Sent: Feb 02, 2021 04:09 AM
From: Kris Vervisch
Subject: SSH connection abort

Good morning,

We have 4 new Arubaos-cx 8320 switches at a customer site where we are no longer able to connect via SSH. With Putty we get the error "Network error: Software caused connection abort", with Bitvise we see "The SSH session has terminated with error. Reason: FlowSocketReader: Error receiving bytes. Windows error 10054: An existing connection was forcibly closed by the remote host."

Rebooting the switch helps for a few hours;
Accessing the switch via serial and executing no ssh server vrf default and ssh server vrf default <sometimes> helps, for a few hours.
But always the problem returns. Debug sshutils all on the switch doesn't show any entries when trying to connect.

OS version is TL.10.06.0010

Keep in mind that we want as little fuzz as possible with with certificate generation and all that, certificates always like to expire at the worst possible time. We just want to connect to the switch.

Has anybody had this issue or any ideas to keep ssh working?

Thank you,
Kris

------------------------------
Kris
------------------------------

Hi,

Its very basic: the default vrf and just ssh enabled. I would expect to get the certificate warning popup and then be able to continue.

------------------------------
Kris Vervisch
------------------------------

Original Message:
Sent: Feb 04, 2021 07:58 AM
From: Alexis La Goutte
Subject: SSH connection abort

What do you have on the configuration about SSH? do you are using VRF ?

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Feb 03, 2021 10:40 AM
From: Kris Vervisch
Subject: SSH connection abort

Hi,

Thanks for your reply. I've tried this:
1: tried from different machines (all windows OS'es however) with bitvise or putty, from different subnets
2: once your're in, you stay in until the idle timer runs out; no disconnects before that. then sometimes you can connect again but mostly the issue returns
3: i have a serial connection to one of the switches now, when I try to access another one from there:

Aruba8320-DC1-1# ping aruba8320-dc1-2
PING aruba8320-dc1-2.<domain> (192.168.255.42) 100(128) bytes of data.
108 bytes from 192.168.255.42: icmp_seq=1 ttl=64 time=0.215 ms
108 bytes from 192.168.255.42: icmp_seq=2 ttl=64 time=0.257 ms
108 bytes from 192.168.255.42: icmp_seq=3 ttl=64 time=0.250 ms
108 bytes from 192.168.255.42: icmp_seq=4 ttl=64 time=0.255 ms
108 bytes from 192.168.255.42: icmp_seq=5 ttl=64 time=0.269 ms

--- aruba8320-dc1-2.<domain> ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4076ms
rtt min/avg/max/mdev = 0.215/0.249/0.269/0.020 ms
Aruba8320-DC1-1# ssh aruba8320-dc1-2
kex_exchange_identification: read: Connection reset by peer
Aruba8320-DC1-1# ssh 192.168.255.42
kex_exchange_identification: read: Connection reset by peer

Kind regards

------------------------------
Kris Vervisch

Original Message:
Sent: Feb 03, 2021 08:00 AM
From: R-Air R-Head
Subject: SSH connection abort

We have a similar setup and use local/remote ssh extensively.

Disclaimer: I am an aoscx noob.

Forcing different symptoms to cause us to think out of the box:

1. Try another remote client and OS to see if SSH break symptoms are identical.
2. If your customer has the knowledge, have them locally SSH to one of the 8320's and try to force a prolonged SSH session.
3.  If you SSH to one 8320 and then from the first 8320, SSH to a second 8320, do any of the connections break in a similar manner?

------------------------------
R-Air

Original Message:
Sent: Feb 02, 2021 04:09 AM
From: Kris Vervisch
Subject: SSH connection abort

Good morning,

We have 4 new Arubaos-cx 8320 switches at a customer site where we are no longer able to connect via SSH. With Putty we get the error "Network error: Software caused connection abort", with Bitvise we see "The SSH session has terminated with error. Reason: FlowSocketReader: Error receiving bytes. Windows error 10054: An existing connection was forcibly closed by the remote host."

Rebooting the switch helps for a few hours;
Accessing the switch via serial and executing no ssh server vrf default and ssh server vrf default <sometimes> helps, for a few hours.
But always the problem returns. Debug sshutils all on the switch doesn't show any entries when trying to connect.

OS version is TL.10.06.0010

Keep in mind that we want as little fuzz as possible with with certificate generation and all that, certificates always like to expire at the worst possible time. We just want to connect to the switch.

Has anybody had this issue or any ideas to keep ssh working?

Thank you,
Kris

------------------------------
Kris
------------------------------

Hello,
Can you please share following:
show version
show system 
show running configuration

Good day!

------------------------------
Yash NN
------------------------------

Original Message:
Sent: Feb 08, 2021 03:30 AM
From: Kris Vervisch
Subject: SSH connection abort

Hi,

Its very basic: the default vrf and just ssh enabled. I would expect to get the certificate warning popup and then be able to continue.

------------------------------
Kris Vervisch

Original Message:
Sent: Feb 04, 2021 07:58 AM
From: Alexis La Goutte
Subject: SSH connection abort

What do you have on the configuration about SSH? do you are using VRF ?

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Feb 03, 2021 10:40 AM
From: Kris Vervisch
Subject: SSH connection abort

Hi,

Thanks for your reply. I've tried this:
1: tried from different machines (all windows OS'es however) with bitvise or putty, from different subnets
2: once your're in, you stay in until the idle timer runs out; no disconnects before that. then sometimes you can connect again but mostly the issue returns
3: i have a serial connection to one of the switches now, when I try to access another one from there:

Aruba8320-DC1-1# ping aruba8320-dc1-2
PING aruba8320-dc1-2.<domain> (192.168.255.42) 100(128) bytes of data.
108 bytes from 192.168.255.42: icmp_seq=1 ttl=64 time=0.215 ms
108 bytes from 192.168.255.42: icmp_seq=2 ttl=64 time=0.257 ms
108 bytes from 192.168.255.42: icmp_seq=3 ttl=64 time=0.250 ms
108 bytes from 192.168.255.42: icmp_seq=4 ttl=64 time=0.255 ms
108 bytes from 192.168.255.42: icmp_seq=5 ttl=64 time=0.269 ms

--- aruba8320-dc1-2.<domain> ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4076ms
rtt min/avg/max/mdev = 0.215/0.249/0.269/0.020 ms
Aruba8320-DC1-1# ssh aruba8320-dc1-2
kex_exchange_identification: read: Connection reset by peer
Aruba8320-DC1-1# ssh 192.168.255.42
kex_exchange_identification: read: Connection reset by peer

Kind regards

------------------------------
Kris Vervisch

Original Message:
Sent: Feb 03, 2021 08:00 AM
From: R-Air R-Head
Subject: SSH connection abort

We have a similar setup and use local/remote ssh extensively.

Disclaimer: I am an aoscx noob.

Forcing different symptoms to cause us to think out of the box:

1. Try another remote client and OS to see if SSH break symptoms are identical.
2. If your customer has the knowledge, have them locally SSH to one of the 8320's and try to force a prolonged SSH session.
3.  If you SSH to one 8320 and then from the first 8320, SSH to a second 8320, do any of the connections break in a similar manner?

------------------------------
R-Air

Original Message:
Sent: Feb 02, 2021 04:09 AM
From: Kris Vervisch
Subject: SSH connection abort

Good morning,

We have 4 new Arubaos-cx 8320 switches at a customer site where we are no longer able to connect via SSH. With Putty we get the error "Network error: Software caused connection abort", with Bitvise we see "The SSH session has terminated with error. Reason: FlowSocketReader: Error receiving bytes. Windows error 10054: An existing connection was forcibly closed by the remote host."

Rebooting the switch helps for a few hours;
Accessing the switch via serial and executing no ssh server vrf default and ssh server vrf default <sometimes> helps, for a few hours.
But always the problem returns. Debug sshutils all on the switch doesn't show any entries when trying to connect.

OS version is TL.10.06.0010

Keep in mind that we want as little fuzz as possible with with certificate generation and all that, certificates always like to expire at the worst possible time. We just want to connect to the switch.

Has anybody had this issue or any ideas to keep ssh working?

Thank you,
Kris

------------------------------
Kris
------------------------------

Coming back to this old question, it was resolved some time ago with the help of TAC: the problem was an old version of IMC on the network that was messing things up. Updating IMC to the latest version fixed the problem.

------------------------------
Kris Vervisch
------------------------------

Original Message:
Sent: Feb 08, 2021 07:16 AM
From: Yash NN
Subject: SSH connection abort

Hello,
Can you please share following:
show version
show system 
show running configuration

Good day!

------------------------------
Yash NN

Original Message:
Sent: Feb 08, 2021 03:30 AM
From: Kris Vervisch
Subject: SSH connection abort

Hi,

Its very basic: the default vrf and just ssh enabled. I would expect to get the certificate warning popup and then be able to continue.

------------------------------
Kris Vervisch

Original Message:
Sent: Feb 04, 2021 07:58 AM
From: Alexis La Goutte
Subject: SSH connection abort

What do you have on the configuration about SSH? do you are using VRF ?

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Feb 03, 2021 10:40 AM
From: Kris Vervisch
Subject: SSH connection abort

Hi,

Thanks for your reply. I've tried this:
1: tried from different machines (all windows OS'es however) with bitvise or putty, from different subnets
2: once your're in, you stay in until the idle timer runs out; no disconnects before that. then sometimes you can connect again but mostly the issue returns
3: i have a serial connection to one of the switches now, when I try to access another one from there:

Aruba8320-DC1-1# ping aruba8320-dc1-2
PING aruba8320-dc1-2.<domain> (192.168.255.42) 100(128) bytes of data.
108 bytes from 192.168.255.42: icmp_seq=1 ttl=64 time=0.215 ms
108 bytes from 192.168.255.42: icmp_seq=2 ttl=64 time=0.257 ms
108 bytes from 192.168.255.42: icmp_seq=3 ttl=64 time=0.250 ms
108 bytes from 192.168.255.42: icmp_seq=4 ttl=64 time=0.255 ms
108 bytes from 192.168.255.42: icmp_seq=5 ttl=64 time=0.269 ms

--- aruba8320-dc1-2.<domain> ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4076ms
rtt min/avg/max/mdev = 0.215/0.249/0.269/0.020 ms
Aruba8320-DC1-1# ssh aruba8320-dc1-2
kex_exchange_identification: read: Connection reset by peer
Aruba8320-DC1-1# ssh 192.168.255.42
kex_exchange_identification: read: Connection reset by peer

Kind regards

------------------------------
Kris Vervisch

Original Message:
Sent: Feb 03, 2021 08:00 AM
From: R-Air R-Head
Subject: SSH connection abort

We have a similar setup and use local/remote ssh extensively.

Disclaimer: I am an aoscx noob.

Forcing different symptoms to cause us to think out of the box:

1. Try another remote client and OS to see if SSH break symptoms are identical.
2. If your customer has the knowledge, have them locally SSH to one of the 8320's and try to force a prolonged SSH session.
3.  If you SSH to one 8320 and then from the first 8320, SSH to a second 8320, do any of the connections break in a similar manner?

------------------------------
R-Air

Original Message:
Sent: Feb 02, 2021 04:09 AM
From: Kris Vervisch
Subject: SSH connection abort

Good morning,

We have 4 new Arubaos-cx 8320 switches at a customer site where we are no longer able to connect via SSH. With Putty we get the error "Network error: Software caused connection abort", with Bitvise we see "The SSH session has terminated with error. Reason: FlowSocketReader: Error receiving bytes. Windows error 10054: An existing connection was forcibly closed by the remote host."

Rebooting the switch helps for a few hours;
Accessing the switch via serial and executing no ssh server vrf default and ssh server vrf default <sometimes> helps, for a few hours.
But always the problem returns. Debug sshutils all on the switch doesn't show any entries when trying to connect.

OS version is TL.10.06.0010

Keep in mind that we want as little fuzz as possible with with certificate generation and all that, certificates always like to expire at the worst possible time. We just want to connect to the switch.

Has anybody had this issue or any ideas to keep ssh working?

Thank you,
Kris

------------------------------
Kris
------------------------------

Thanks for the update, I just installed some 8230 switches in my network and had the exact same problem.  I am also running IMC.  It dawned on me that IMC trying to log in may be locking the SSH server out.  I just, 2 hours ago, deleted the 8320 switches out of IMC and I'm going to let things settle down before trying again.  My suspicion is that I didn't delete the object for the previous switch from IMC and it got mad at me.   Thanks for the follow up, it is greatly appreciated.  It re-enforces my thought process. 

Original Message:
Sent: Feb 03, 2022 09:27 AM
From: KrisVe
Subject: SSH connection abort

Coming back to this old question, it was resolved some time ago with the help of TAC: the problem was an old version of IMC on the network that was messing things up. Updating IMC to the latest version fixed the problem.

------------------------------
Kris Vervisch

Original Message:
Sent: Feb 08, 2021 07:16 AM
From: Yash NN
Subject: SSH connection abort

Hello,
Can you please share following:
show version
show system 
show running configuration

Good day!

------------------------------
Yash NN

Original Message:
Sent: Feb 08, 2021 03:30 AM
From: Kris Vervisch
Subject: SSH connection abort

Hi,

Its very basic: the default vrf and just ssh enabled. I would expect to get the certificate warning popup and then be able to continue.

------------------------------
Kris Vervisch

Original Message:
Sent: Feb 04, 2021 07:58 AM
From: Alexis La Goutte
Subject: SSH connection abort

What do you have on the configuration about SSH? do you are using VRF ?

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Feb 03, 2021 10:40 AM
From: Kris Vervisch
Subject: SSH connection abort

Hi,

Thanks for your reply. I've tried this:
1: tried from different machines (all windows OS'es however) with bitvise or putty, from different subnets
2: once your're in, you stay in until the idle timer runs out; no disconnects before that. then sometimes you can connect again but mostly the issue returns
3: i have a serial connection to one of the switches now, when I try to access another one from there:

Aruba8320-DC1-1# ping aruba8320-dc1-2
PING aruba8320-dc1-2.<domain> (192.168.255.42) 100(128) bytes of data.
108 bytes from 192.168.255.42: icmp_seq=1 ttl=64 time=0.215 ms
108 bytes from 192.168.255.42: icmp_seq=2 ttl=64 time=0.257 ms
108 bytes from 192.168.255.42: icmp_seq=3 ttl=64 time=0.250 ms
108 bytes from 192.168.255.42: icmp_seq=4 ttl=64 time=0.255 ms
108 bytes from 192.168.255.42: icmp_seq=5 ttl=64 time=0.269 ms

--- aruba8320-dc1-2.<domain> ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4076ms
rtt min/avg/max/mdev = 0.215/0.249/0.269/0.020 ms
Aruba8320-DC1-1# ssh aruba8320-dc1-2
kex_exchange_identification: read: Connection reset by peer
Aruba8320-DC1-1# ssh 192.168.255.42
kex_exchange_identification: read: Connection reset by peer

Kind regards

------------------------------
Kris Vervisch

Original Message:
Sent: Feb 03, 2021 08:00 AM
From: R-Air R-Head
Subject: SSH connection abort

We have a similar setup and use local/remote ssh extensively.

Disclaimer: I am an aoscx noob.

Forcing different symptoms to cause us to think out of the box:

1. Try another remote client and OS to see if SSH break symptoms are identical.
2. If your customer has the knowledge, have them locally SSH to one of the 8320's and try to force a prolonged SSH session.
3.  If you SSH to one 8320 and then from the first 8320, SSH to a second 8320, do any of the connections break in a similar manner?

------------------------------
R-Air

Original Message:
Sent: Feb 02, 2021 04:09 AM
From: Kris Vervisch
Subject: SSH connection abort

Good morning,

We have 4 new Arubaos-cx 8320 switches at a customer site where we are no longer able to connect via SSH. With Putty we get the error "Network error: Software caused connection abort", with Bitvise we see "The SSH session has terminated with error. Reason: FlowSocketReader: Error receiving bytes. Windows error 10054: An existing connection was forcibly closed by the remote host."

Rebooting the switch helps for a few hours;
Accessing the switch via serial and executing no ssh server vrf default and ssh server vrf default <sometimes> helps, for a few hours.
But always the problem returns. Debug sshutils all on the switch doesn't show any entries when trying to connect.

OS version is TL.10.06.0010

Keep in mind that we want as little fuzz as possible with with certificate generation and all that, certificates always like to expire at the worst possible time. We just want to connect to the switch.

Has anybody had this issue or any ideas to keep ssh working?

Thank you,
Kris

------------------------------
Kris
------------------------------