Community discussions

MikroTik App
 
eguun
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Fri Apr 10, 2020 10:18 pm

BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Thu May 07, 2020 3:15 pm

Hi,

From a mikrotik CCR router, I'm attempting to connect to a cisco switch using SSH
I confirm SSH connection works fine without keys (ie: with interactive password typing)
I have imported private/public keys, and when those are imported, I am getting this error message back
error:0D078079:lib(13):func(120):reason(121)

in context:
[admin@router] > /system ssh user=readUser address=172.16.4.240
error:0D078079:lib(13):func(120):reason(121)

Welcome back!
[admin@router] > 
The logs on the Cisco switch doesn't show an authentication error, but states it received a disconnect from Mikrotik.
SSH log: Received disconnect from 172.16.4.254 port 60452:9:

I'm stuck with no lead to move forward, as the error seems to point towards the routerOS code
routerOS current-firmware: 6.46.6

What is your recommendation?

Kind Regards
 
pe1chl
Forum Guru
Forum Guru
Posts: 10511
Joined: Mon Jun 08, 2015 12:09 pm

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Thu May 07, 2020 3:42 pm

Maybe the key type you generated (dsa, rsa, ecdsa, ed25519, ...) is not compatible with one of the two sides?
 
eguun
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Fri Apr 10, 2020 10:18 pm

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Thu May 07, 2020 3:46 pm

Maybe the key type you generated (dsa, rsa, ecdsa, ed25519, ...) is not compatible with one of the two sides?
Thanks

I actually tried this key on a macOS, works fine.
Seems the key is fine.
 
eguun
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Fri Apr 10, 2020 10:18 pm

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Thu May 07, 2020 3:47 pm

To add on the key topic:

I generated keys on a macOS using the command from this post:
viewtopic.php?t=151017#p744315
ssh-keygen -t rsa -m PEM
Nothing really exotic
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 10855
Joined: Mon Dec 04, 2017 9:19 pm

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Thu May 07, 2020 3:49 pm

The key itself may be fine but the Cisco may not advertise support of that key type so Mikrotik gives up without Cisco knowing the reason.
 
eguun
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Fri Apr 10, 2020 10:18 pm

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Thu May 07, 2020 3:58 pm

The key itself may be fine but the Cisco may not advertise support of that key type so Mikrotik gives up without Cisco knowing the reason.
Thanks for the response.

I'm not sure I follow you here

When used on macOS for authentication on the switch it works as intended: successful login without having to type a password
$ ssh -i ~/.ssh/id_rsa readUser@172.16.4.240
Wouldn't this indicate that the keys are working as intended and are supported/accepted OK by the Cisco switch?

Thanks
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 10855
Joined: Mon Dec 04, 2017 9:19 pm

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)  [SOLVED]

Thu May 07, 2020 4:38 pm

When used on macOS for authentication on the switch it works as intended: successful login without having to type a password
...
Wouldn't this indicate that the keys are working as intended and are supported/accepted OK by the Cisco switch?
Put this way it of course does, but you haven't stated before that you can use the key to log in to the Cisco from the Mac - you've only stated that you've generated the key on the Mac.

So all in all - you can log in to the Cisco from the Mikrotik using password authentication, you can log in to the Cisco from the Mac using a key, but using the same key on Mikrotik doesn't work. Now can you connect using the same key from the Mikrotik somewhere else than to the Cisco? Theoretically the Mikrotik may have problems to handle the key no matter where it attempts to connect.

After clarifying this, it makes sense to report this to support@mikrotik.com, including a key specially made solely for the purpose of demonstrating the issue to Mikrotik, which you will then remove from all your systems as a security measure.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10511
Joined: Mon Jun 08, 2015 12:09 pm

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Thu May 07, 2020 5:04 pm

I would say when you used type rsa and it works on the Mac but not on the MikroTik the key type is not the issue.
(either when you use old types that could be no longer supported (dsa) or new types that are not yet supported by some dated equipment (ed25519) that could have been the problem)
 
eguun
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Fri Apr 10, 2020 10:18 pm

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Thu May 07, 2020 5:06 pm

Thanks sindy,

That's a great idea: to try that same key someplace else.

I followed your idea and tried to connect from mikrotik to my macOS using that key
As you foreseen, I also got that very same same error back.

I will send this to the support team, and hopefully it will be actionable enough that they will be able to reproduce and troubleshoot.

Thank you very much


To be fair, I did call out that I successfully used that key on the mac without issue, on my response to pe1chl, just before the post you referenced regarding key generation... but it might have been unclear or easily overlooked; no worries.
Maybe the key type you generated (dsa, rsa, ecdsa, ed25519, ...) is not compatible with one of the two sides?
Thanks

I actually tried this key on a macOS, works fine.
Seems the key is fine.
 
eguun
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Fri Apr 10, 2020 10:18 pm

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Thu May 07, 2020 5:07 pm

I would say when you used type rsa and it works on the Mac but not on the MikroTik the key type is not the issue.
(either when you use old types that could be no longer supported (dsa) or new types that are not yet supported by some dated equipment (ed25519) that could have been the problem)
Thank you for your support.

Next step for me is to raise this to the support@mikrotik.com
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 10855
Joined: Mon Dec 04, 2017 9:19 pm

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Thu May 07, 2020 5:37 pm

To be fair...
Sorry, I've somehow missed post #3 and only read post #4.
 
eguun
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Fri Apr 10, 2020 10:18 pm

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Fri May 08, 2020 10:27 am

Thanks for your support,

Sorry I haven't written earlier, but I managed to create a support ticket yesterday as per your recommendation:
Reference: SUP-15797
Currently pending support
 
eguun
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Fri Apr 10, 2020 10:18 pm

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Fri May 08, 2020 5:33 pm

Support was quick to reply, and asked a few steps, including to add debugging in log output:
/system logging add topics=ssh

I had deleted the keys so I re-imported them (both via console and the winbox), but couldn't reproduce the issue.
Still puzzled why I repeatedly got this error message yesterday, and today all is working as intended - with the same keys and setup.
And yesterday I did the import several times, but still it yielded that error.

Thumbs up for prompt support both of Mikrotik and community, thanks
 
Pun1sh3r
just joined
Posts: 11
Joined: Thu Jul 27, 2017 11:19 am

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Mon Jun 07, 2021 1:04 am

Same trouble here.
Keys worked on my 4011 => RBD52G's at 6.47.9, but i received error:0D078079:lib(13):func(120):reason(121) after upgrading all of them to 6.47.10.
Keys are fine 100%.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10511
Joined: Mon Jun 08, 2015 12:09 pm

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Mon Jun 07, 2021 10:50 am

Sometimes the key storage is corrupted and you have to re-generate and reload it.
 
lcqxinyun
just joined
Posts: 6
Joined: Thu Dec 03, 2015 4:42 pm

Re: BUG? ssh with key from Mikrotik to Cisco switch - error:0D078079:lib(13):func(120):reason(121)

Mon Oct 25, 2021 11:13 pm

use 1024bit RSA work for me!
ssh-keygen -b 1024 -t rsa -m PEM

Who is online

Users browsing this forum: No registered users and 41 guests