Permission denied when trying to SSH into CISCO virtual router

Question

My main goal is to be able to simulate a device so I can SSH into it from a Python application and get the output of the commands. But first, I'm trying to manually SSH into the device from the terminal.

I'm using GNS3 to simulate the network and a CISCO C7200 image. I'm using Manjaro Linux. My topology:

Router config:

conf t
username admin privilege 15 password 1234
hostname R1
ip domain-name local
crypto key generate rsa
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
interface fa0/0
ip address 192.168.12.1 255.255.255.0
no shut
end

I'm setting up the interface using an IP address from the same subnet of my WiFi adapter. Apparently, I can ping it just fine:

$ ping 192.168.12.1
PING 192.168.12.1 (192.168.12.1) 56(84) bytes of data.
64 bytes from 192.168.12.1: icmp_seq=1 ttl=64 time=3.11 ms
64 bytes from 192.168.12.1: icmp_seq=2 ttl=64 time=3.72 ms

But when trying to SSH into it:

$ ssh admin@192.168.12.1
admin@192.168.12.1's password: 
Permission denied, please try again.
admin@192.168.12.1's password: 
Permission denied, please try again.
admin@192.168.12.1's password: 
admin@192.168.12.1: Permission denied (publickey,password).

This is the verbose output:

OpenSSH_9.5p1, OpenSSL 3.1.4 24 Oct 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 2: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: Connecting to 192.168.12.1 [192.168.12.1] port 22.
debug1: Connection established.
debug1: identity file /home/gabriel/.ssh/id_rsa type 0
debug1: identity file /home/gabriel/.ssh/id_rsa-cert type -1
debug1: identity file /home/gabriel/.ssh/id_ecdsa type -1
debug1: identity file /home/gabriel/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/gabriel/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/gabriel/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/gabriel/.ssh/id_ed25519 type 3
debug1: identity file /home/gabriel/.ssh/id_ed25519-cert type -1
debug1: identity file /home/gabriel/.ssh/id_ed25519_sk type -1
debug1: identity file /home/gabriel/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/gabriel/.ssh/id_xmss type -1
debug1: identity file /home/gabriel/.ssh/id_xmss-cert type -1
debug1: identity file /home/gabriel/.ssh/id_dsa type -1
debug1: identity file /home/gabriel/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.5
debug1: Remote protocol version 2.0, remote software version dropbear_2012.55
debug1: compat_banner: no match: dropbear_2012.55
debug1: Authenticating to 192.168.12.1:22 as 'admin'
debug1: load_hostkeys: fopen /home/gabriel/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group1-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: (redacted)
debug1: load_hostkeys: fopen /home/gabriel/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.12.1' is known and matches the RSA host key.
debug1: Found key in /home/gabriel/.ssh/known_hosts:4
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 2 keys
debug1: Will attempt key: /home/gabriel/.ssh/id_ed25519 ED25519 (redacted) agent
debug1: Will attempt key: /home/gabriel/.ssh/id_rsa RSA (redacted) agent
debug1: Will attempt key: /home/gabriel/.ssh/id_ecdsa 
debug1: Will attempt key: /home/gabriel/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/gabriel/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/gabriel/.ssh/id_xmss 
debug1: Will attempt key: /home/gabriel/.ssh/id_dsa 
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/gabriel/.ssh/id_ed25519 ED25519 (redacted) agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/gabriel/.ssh/id_rsa RSA (redacted) agent
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/gabriel/.ssh/id_ecdsa
debug1: Trying private key: /home/gabriel/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/gabriel/.ssh/id_ed25519_sk
debug1: Trying private key: /home/gabriel/.ssh/id_xmss
debug1: Trying private key: /home/gabriel/.ssh/id_dsa
debug1: Next authentication method: password
admin@192.168.12.1's password: 
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
admin@192.168.12.1's password: 
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
admin@192.168.12.1's password: 
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
admin@192.168.12.1: Permission denied (publickey,password).

My /etc/ssh/ssh_config:

# Include drop-in configurations
Include /etc/ssh/ssh_config.d/*.conf
This is the ssh client system-wide configuration file.  See
ssh_config(5) for more information.  This file provides defaults for
users, and the values can be changed in per-user configuration files
or on the command line.
Configuration data is parsed as follows:
1. command line options
2. user-specific file
3. system-wide file
Any configuration value is only changed the first time it is set.
Thus, host-specific definitions should be at the beginning of the
configuration file, and defaults at the end.
Site-wide defaults for some commonly used options.  For a comprehensive
list of available options, their meanings and defaults, please see the
ssh_config(5) man page.
Host *
ForwardAgent no
ForwardX11 no
PasswordAuthentication yes
HostbasedAuthentication no
GSSAPIAuthentication no
GSSAPIDelegateCredentials no
BatchMode no
CheckHostIP no
AddressFamily any
ConnectTimeout 0
StrictHostKeyChecking ask
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
IdentityFile ~/.ssh/id_ecdsa
IdentityFile ~/.ssh/id_ed25519
Port 22
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,umac-64@openssh.com
EscapeChar ~
Tunnel no
TunnelDevice any:any
PermitLocalCommand no
VisualHostKey no
ProxyCommand ssh -q -W %h:%p gateway.example.com
RekeyLimit 1G 1h
UserKnownHostsFile ~/.ssh/known_hosts.d/%k
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
PubkeyAcceptedAlgorithms +ssh-rsa
HostKeyAlgorithms +ssh-rsa

PubkeyAuthentication yes

Tried regenerating the RSA key inside the router and also avoid upgrading to SSH 2.0. Didn't work. What am I doing wrong?

Answer 1

There are different ways to connect your GNS3 topology to the real world.

1. TAP You can create TAP interfaces that you can access directly from the system that GNS3 runs on, and you can add those TAP devices to a bridge.

2. Adding an adapter to the configuration (NIO_ETHERNET). This requires sufficient permissions to access the adapter. It works if you run GNS3 as root.

Using a WiFi adapter may give some additional problems. Many WiFi adapters have problems when there are different MAC-ID's.

Answer 2

Turns out 192.168.12.1 was actually the IP for my home's router, that's why I could ping it and SSH always failed.

I created a TAP interface and added it to my Cloud in GNS3, linking the router interface to the TAP interface. Everything worked fine that way. Somehow using the WiFi adapter in the Cloud didn't work.