- Community Home
- >
- Networking
- >
- IMC
- >
- ssh key exchange
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2016 02:55 AM - edited 03-07-2016 02:57 AM
03-07-2016 02:55 AM - edited 03-07-2016 02:57 AM
ssh key exchange
Hello,
I am trying to abckup my cisco ASA and it's getting failed.
SNMP parameters are ok
SSH test is ok from the web interface
Telnet is ok to
but when i see the logs on the firewall i can see an error called ssh key excahgnes fails.
what can be the couse.
iMC is installed on win 2008 r2 server.
- Tags:
- ssh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2016 11:58 AM
03-07-2016 11:58 AM
Re: ssh key exchange
Which version of IMC do you have? There was an issue with earlier versions of IMC, where the ASA backup adapter did correctly not handle the prompt to save a new SSH key.
Also, what file transfer type are you using?
You can also look at the imccfgbakdm logs to see what's going on.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2016 11:53 PM - edited 03-07-2016 11:54 PM
03-07-2016 11:53 PM - edited 03-07-2016 11:54 PM
Re: ssh key exchange
Hello Lindsay,
i am currently using Version:-iMC PLAT 7.2 (E0403) and file transfer type TFTP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2016 12:27 AM
03-08-2016 12:27 AM
Re: ssh key exchange
#####################this is the error which i got in logs##########
.815 [WARNING (0)] [THREAD(6000)] [CQvDBReaderADP::~CQvDBReaderADP] Cancel current SQL when data have not be fetched out.
2016-03-07 07:58:24.818 [INFO (-1)] [THREAD(5924)] [CSnmpOper::iCommitOper] writecommunity is empty for snmpv1/2 set operation.->[194.XX.XX.XX]
2016-03-07 07:58:24.818 [INFO (-1)] [THREAD(5924)] [CSnmpOper::iCommitOper] writecommunity is empty for snmpv1/2 set operation.->[194.XX.XX.XX]
2016-03-07 07:58:24.818 [ERROR (-1)] [THREAD(5924)] [CCiscoMIBFileTransferImp::mibTransferSession] Failed to commit snmp pdu,server = 10.XX.XX.XX,filename = running_1688437152.cfg, protocol = 2(1,ftp;2,tftp)
2016-03-07 07:58:24.818 [INFO (25)] [THREAD(5924)] [CCiscoMIBFileTransferImp::collect()] mibTransferSession() return: 25
2016-03-07 07:58:24.818 [INFO (0)] [THREAD(5924)] [CFileTransferTask::transferFileEx] Do file transfer, device ip: 194.XX.XX.XX, transfer protocol: TRANSFER_PROTOCOL_CISCO_MIB, result code: 25
2016-03-07 07:58:24.818 [ERROR (-1)] [THREAD(5924)] [CFileTransferIf::doFileTransfer] not support,type = 2
2016-03-07 07:58:24.818 [INFO (0)] [THREAD(5924)] [CFileTransferTask::transferFileEx] Do file transfer, device ip: 194.XX.XX.XX, telnet transfer protocol: 1,result code: 12
2016-03-07 07:58:24.818 [ERROR (-1)] [THREAD(5924)] [CFileTransferIf::doFileTransfer] not support,type = 2
2016-03-07 07:58:24.818 [INFO (0)] [THREAD(5924)] [CFileTransferTask::transferFileEx] Do file transfer, device ip: 194.XX.XX.XX, telnet transfer protocol: 2,result code: 12
2016-03-07 07:58:24.818 [ERROR (-1)] [THREAD(5924)] [CFileTransferIf::doFileTransfer] not support,type = 2
2016-03-07 07:58:24.818 [INFO (0)] [THREAD(5924)] [CFileTransferTask::transferFileEx] Do file transfer, device ip: 194.XX.XX.XX, telnet transfer protocol: 3,result code: 12
2016-03-07 07:58:24.818 [ERROR (-1)] [THREAD(5924)] [CFileTransferIf::doFileTransfer] not support,type = 2
2016-03-07 07:58:24.818 [INFO (0)] [THREAD(5924)] [CFileTransferTask::transferFileEx] Do file transfer, device ip: 194.XX.XX.XX, telnet transfer protocol: 7,result code: 12
2016-03-07 07:58:25.008 [INFO (0)] [THREAD(5924)] [CTelnetService::receiveRespond] This is username, return RT_USER
2016-03-07 07:58:25.030 [WARNING (0)] [THREAD(5932)] [CTelnetService::executeCmd] strRespond is empty.
2016-03-07 07:58:25.030 [INFO (0)] [THREAD(5932)] [CFileTransferTask::transferFileEx] Do file transfer, device ip: 10.XX.XX.XXX, telnet transfer protocol: 2,result code: 11
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2016 12:58 PM
03-08-2016 12:58 PM
Re: ssh key exchange
Looks like you're using Telnet + TFTP, not SSH?
You should really change that something secure.
There should be a few more related logs in imccfgbakdm, showing the output of the Expect session. But my first guess is that you don't have the right Telnet credentials defined. Note that the Telnet & SSH credentials defined on the device details page are different. So if you had defined SSH credentials, then changed the Login Type to Telnet, it would have nothing defined for Telnet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2016 03:32 AM
03-10-2016 03:32 AM
Re: ssh key exchange
we prefer to user ssh while backup
yes the telnet superpassword is incorrect
this is the log which i found on ASA
6|Mar 10 2016|10:08:47|315011|10.XX.XX.XX1||||SSH session from 10.XX.XX.XX on interface LAN for user XX.XX.XX" disconnected by SSH server reason: "Time-out activated" (0x3c)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2016 12:32 PM
03-10-2016 12:32 PM
Re: ssh key exchange
Set your login type to SSH, and your file transfer mode to SCP.
Then get all the logs from imccfgbakdm. There should be more logs than your earlier snippets. Sometimes the logs will be a bit spread out, or appear slightly out of order.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2016 11:54 PM
03-10-2016 11:54 PM
Re: ssh key exchange
Well i tried an alernative way i got the superpassword for telnet on ASA and allowed telnet access it's seeams to be working and there is was issue with the adapter.xml file to.
but now the only issue is there is not startup backup it's getting failed can see only running config.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2016 02:45 PM
03-11-2016 02:45 PM
Re: ssh key exchange
Using Telnet for managing your firewalls is a bad idea, but it's your network.
What problem did you have with adapter.xml? That's a very simple file, and I would not expect to see any problems with it.
What do your logs say about the failed startup config backup?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2016 07:50 AM - edited 03-12-2016 07:54 AM
03-12-2016 07:50 AM - edited 03-12-2016 07:54 AM
Re: ssh key exchange
Even i fell the same there is nothing wrong with SSH it works perfect when i do a test.
but i have no idea why it's getting failed. evrey thing is perfect i can ssh from IMC server from application SNMP is perfect,
but still we are the same issue, it leaves me no chocie to use telnet to backup my firewall.
there was some OID missing in the file after updating it few firewalls started working via telnet.
i need to check the logs again what there is failure in startup config.