Switching

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  TFPP-server not working

    Posted 07-07-2022 10:43
    Hello,

    I have an EX2300 and I want to transfer log files to my PC I 've use SecureCRT (SecureFX)  to do that in the past but now I can't seem to establish a connection between my PC and the switch using SecureCRT.  It seems to work fine with EX2200 switches but not EX2300 switches.   Could it be configuration issue on the EX2300 switch? 


    This is what I captured when trying to make a connection to switch with SecureCRT if this helps.

    i SENT : USERAUTH_REQUEST [none]
    i Authenticating as user test
    i RECV : USERAUTH_FAILURE, continuations [publickey,password,keyboard-interactive]
    i SENT : USERAUTH_REQUEST [password]
    i RECV : AUTH_SUCCESS
    i SEND[0]: SSH_MSG_CHANNEL_EOF
    i SSH2Core version 8.5.0.1942
    i Connecting to 10.34.36.249:22 ...
    i Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
    i Using protocol SSH2
    i RECV : Remote Identifier = 'SSH-2.0-OpenSSH_7.5'
    i CAP : Remote can re-key
    i CAP : Remote sends language in password change requests
    i CAP : Remote sends algorithm name in PK_OK packets
    i CAP : Remote sends algorithm name in public key packets
    i CAP : Remote sends algorithm name in signatures
    i CAP : Remote sends error text in open failure packets
    i CAP : Remote sends name in service accept packets
    i CAP : Remote includes port number in x11 open packets
    i CAP : Remote uses 160 bit keys for SHA1 MAC
    i CAP : Remote supports new diffie-hellman group exchange messages
    i CAP : Remote correctly handles unknown SFTP extensions
    i CAP : Remote correctly encodes OID for gssapi
    i CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
    i CAP : Remote can do SFTP version 4
    i CAP : Remote uses SHA1 hash in RSA signatures for x.509v3
    i CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
    i CAP : Remote correctly handles zlib@openssh.com
    i SSPI : Requesting full delegation
    i SSPI : [Kerberos] SPN : host@10.34.36.249
    i SSPI : [Kerberos] InitializeSecurityContext() failed.
    i SSPI : [Kerberos] The specified target is unknown or unreachable
    i SSPI : [Kerberos] Disabling gss mechanism
    i GSS : Requesting full delegation
    i GSS : [Kerberos] SPN : host@10.34.36.249
    i GSS : [Kerberos] InitializeSecurityContext() failed.
    i GSS : [Kerberos] Could not load library 'gssapi64.dll': The specified module could not be found.
    i GSS : [Kerberos] Disabling gss mechanism
    i GSS : [Kerberos] Disabling gss mechanism
    i The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==
    i SSPI : Requesting full delegation
    i SSPI : [Kerberos (Group Exchange)] SPN : host@10.34.36.249
    i SSPI : [Kerberos (Group Exchange)] InitializeSecurityContext() failed.
    i SSPI : [Kerberos (Group Exchange)] The specified target is unknown or unreachable
    i SSPI : [Kerberos (Group Exchange)] Disabling gss mechanism
    i GSS : Requesting full delegation
    i GSS : [Kerberos (Group Exchange)] SPN : host@10.34.36.249
    i GSS : [Kerberos (Group Exchange)] InitializeSecurityContext() failed.
    i GSS : [Kerberos (Group Exchange)] Could not load library 'gssapi64.dll': The specified module could not be found.
    i GSS : [Kerberos (Group Exchange)] Disabling gss mechanism
    i GSS : [Kerberos (Group Exchange)] Disabling gss mechanism
    i The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==
    i SEND : KEXINIT
    i SEARCH: C:\ProgramData\VanDyke\Known Hosts\
    i SEARCH: C:\SecureCRT logs\SecureCRT\Config\KnownHosts\
    i RECV : Read kexinit
    i Available Remote Kex Methods = curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
    i Selected Kex Method = curve25519-sha256@libssh.org
    i Available Remote Host Key Algos = ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
    i Selected Host Key Algo = ssh-rsa
    i Available Remote Send Ciphers = chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    i Selected Send Cipher = aes256-ctr
    i Available Remote Recv Ciphers = chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    i Selected Recv Cipher = aes256-ctr
    i Available Remote Send Macs = umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    i Selected Send Mac = hmac-sha2-512
    i Available Remote Recv Macs = umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    i Selected Recv Mac = hmac-sha2-512
    i Available Remote Compressors = none,zlib@openssh.com
    i Selected Compressor = none
    i Available Remote Decompressors = none,zlib@openssh.com
    i Selected Decompressor = none
    i Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
    i SEND : SSH_MSG_KEX_ECDH_INIT
    i RECV : SSH_MSG_KEX_ECDH_REPLY
    i Changing state from STATE_KEY_EXCHANGE to STATE_READY_FOR_NEW_KEYS
    i RECV: Remote Hostkey (SHA-2 hash hex): 30:9f:8a:db:73:78:37:e2:35:d1:4d:9f:67:26:bf:c0:a6:94:c8:5b:f6:89:5f:02:61:da:d9:a4:be:c6:38:fd
    i RECV: Remote Hostkey (SHA-2 hash base64): MJ+K23N4N+I10U2fZya/wKaUyFv2iV8CYdrZpL7GOP0
    i RECV: Remote Hostkey (SHA-1 hash): d8:8e:5e:01:2f:94:d9:99:10:7c:51:8e:8a:ff:3f:2b:02:7f:5f:23
    i RECV: Remote Hostkey (MD5 hash): dc:7b:68:f0:00:96:1d:4e:7b:b5:ef:b0:d9:20:6a:02
    i SEARCH: 0 entries found for host
    i SEARCH: 1 entries found for host
    i SEARCH: hostkey was matched in database.
    i SEND : NEWKEYS
    i Changing state from STATE_READY_FOR_NEW_KEYS to STATE_EXPECT_NEWKEYS
    i RECV : NEWKEYS
    i Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION
    i SEND: SERVICE_REQUEST[ssh-userauth]
    i RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
    i SENT : USERAUTH_REQUEST [none]
    i Authenticating as user test
    i RECV : USERAUTH_FAILURE, continuations [publickey,password,keyboard-interactive]
    i SENT : USERAUTH_REQUEST [password]
    i RECV : AUTH_SUCCESS
    i SEND[0]: SSH_MSG_CHANNEL_EOF


  • 2.  RE: TFPP-server not working

    Posted 07-07-2022 16:38
    set system services ssh sftp-server

    That is needed on newer code.

    ------------------------------
    David Divins
    ------------------------------



  • 3.  RE: TFPP-server not working

    Posted 07-07-2022 16:48
    Thanks David worked like a charm.