This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

SCP archive fails after upgrade to Extreme Management Center 8.2.4.42

SCP archive fails after upgrade to Extreme Management Center 8.2.4.42

Go to solution
Steve_Ballantyn
Contributor

‎02-25-2019 07:24 PM

Hello community,

Ever since I upgraded to XMC 8.2, my archive scripts that utilize SCP no longer work. I have done a few hours of debugging and determined that the upgrades to the SSH service on the XMC server are part to blame, as my Brocade switches utilize very outdated ciphers.

I added this to /etc/ssh/sshd_config (and restarted)
PubkeyAcceptedKeyTypes=+ssh-dss
KexAlgorithms=+diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1


Now, I can ssh and scp from my Brocades again - but now when utilizing the archive feature from within XMC.

This is what I see when I look at a failed archive in XMC in the "Description" field (10.60.60.150 is my XMC server) ...
KCHSANSW_3:root> configupload
Protocol (scp, ftp, local) [ftp]: scp
Server Name or IP Address [host]: 10.60.60.150
User Name [user]: root
Path/Filename [/config.txt]: /root/configs/tmp/10_200_200_51/10_200_200_51.cfg
Section (all|chassis|switch [all]): all
root@10.60.60.150's password: mypassword
root@10.60.60.150's password:


Note that it seems to not like the password. If I ssh into the switch, and run these same commands and use that same password, it works fine.

KCHSANSW_3:root> configUpload
Protocol (scp, ftp, local) [ftp]: scp
Server Name or IP Address [host]: 10.60.60.150
User Name [user]: root
Path/Filename [/config.txt]: /root/configs/tmp/10_200_200_51/10_200_200_51.cfg
Section (all|chassis|switch [all]): all
root@10.60.60.150's password:

configUpload complete: All selected config parameters are uploaded
KCHSANSW_3:root>


I have checked the SCP user settings in the Administration > Options > Inventory Manager > File Transfer, and all seems correct! Thinking maybe it was special characters in my password field I have tried changing my root password to a plain text password both in terminal (passwd root) and also in the File Transfer SCP settings. No change!

Seems like this was a problem long ago with a version of 6.1, but I don't see anything about this recently.

Anyone have any clues for me?
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Zdeněk_Pala
Extreme Employee

‎02-27-2019 07:42 PM

I guess then it is a timing issue.

Option 1 = change to Telnet and do tcpdump = you will see what is happening.
Option 2 = enable debug

7972b6cceb464855811eb4b60bbee924_383af372-e538-4d27-a2e1-46470dbfcf8b.png


Do not forget to pres OK and check the server.log then.
Regards Zdeněk Pala

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
Steve_Ballantyn
Contributor

‎02-28-2019 01:17 PM

I finally got it working. I created an FTP script where it would connect to a different FTP server, create a directory, log off and then try an upload to that directory, and I was still getting the "password incorrect" problem. After having witnessed a successful FTP connection. WEIRD!

You will see in my script that I am waiting for it to say "Do you want to continue" but it never asks, because the SSH key has already been accepted and stored away. I don't know why that was working before?

But aside from that, it was causing my script to miss a beat and I think it was sending the password in an untimely manner. So I added a little 2 second sleep in there.

Now it's working fine again!

Here is the final script ...

-- Use this script to manage a Brocade device
name="Brocade Switches - SCP"
desc="Brocade Switches SCP Scripts"
--
-----BEGIN PRE-SCRIPT "Configuration Upload"-----
create %ABSOLUTE_TARGET_FILE_PATH%
-----END PRE-SCRIPT-----
-----BEGIN SCRIPT "Configuration Upload"-----
echo I AM GOING TO UPLOAD TO %ABSOLUTE_TARGET_FILE_PATH%
configupload
@RECEIVEUNTIL 5 ".*Protocol.*"
scp
@RECEIVEUNTIL 5 ".*Server Name or IP Address.*"
%SCP_IP%
@RECEIVEUNTIL 5 ".*User Name.*"
%SCP_USER%
@RECEIVEUNTIL 5 ".*Path/Filename.*"
%ABSOLUTE_TARGET_FILE_PATH%
@RECEIVEUNTIL 5 ".*Section.*"
all
@RECEIVEUNTIL 5 ".*assword.*"@SLEEP 2%SCP_PSWD%
@RECEIVEUNTIL 10 ".*load complete.*"
exit
-----END SCRIPT-----
-----BEGIN SUCCESS "Configuration Upload"-----
complete: All selected config parameters
-----END SUCCESS-----
0 Kudos

Go to solution
Zdeněk_Pala
Extreme Employee

‎02-27-2019 07:42 PM

I guess then it is a timing issue.

Option 1 = change to Telnet and do tcpdump = you will see what is happening.
Option 2 = enable debug

7972b6cceb464855811eb4b60bbee924_383af372-e538-4d27-a2e1-46470dbfcf8b.png


Do not forget to pres OK and check the server.log then.
Regards Zdeněk Pala
0 Kudos

Go to solution
Steve_Ballantyn
Contributor

‎02-27-2019 07:24 PM

Oddly enough ... last night two of the eight Brocade switches backed up successfully. Yet - when I went in this morning (having changed nothing) and try to stamp a new version - they are all failing, even the two that were successful last night.

I am thinking there is a log file on the XMC server that might shed some insight. Does anyone know where that resides? Basically looking for any errors that are generated during the SCP process.
0 Kudos

Go to solution
Steve_Ballantyn
Contributor

‎02-26-2019 02:32 PM

Hello Z, I created a new SSH user in OneView named archiving, and made it an administrative user. Then set up my SCP the same way that you did (/home/archiving).

Now I am back to the same place, which is that it seems to be asking for the password a second time. But if I SSH into a switch and run through the process manually, it goes through fine. Maybe it's my script that is a problem at this point?

These are *old* Brocade DS-300B fiber switches.

Here is the script I am using ...

-- Use these scripts to manage Brocade devices
name="Brocade Switches - SCP"
desc="Brocade Switches SCP Scripts"
--
-----BEGIN SCRIPT "Configuration Upload"-----
configupload
@RECEIVEUNTIL 5 ".*Protocol.*"
scp
@RECEIVEUNTIL 5 ".*Server Name or IP Address.*"
%SCP_IP%
@RECEIVEUNTIL 5 ".*User Name.*"
%SCP_USER%
@RECEIVEUNTIL 5 ".*Path/Filename.*"
%ABSOLUTE_TARGET_FILE_PATH%
@RECEIVEUNTIL 5 ".*Section.*"
all
@RECEIVEUNTIL 5 ".*Do you want to continue.*"
y
@RECEIVEUNTIL 5 ".*assword.*"
%SCP_PSWD%
@RECEIVEUNTIL 30 ".*load complete.*"
exit
-----END SCRIPT-----
-----BEGIN SUCCESS "Configuration Upload"-----
complete: All selected config parameters
-----END SUCCESS-----



And this is what I see in the description field once I have clicked the stamp new version - and it has failed on me ...

KCHSANSW_3:root> configupload Protocol (scp, ftp, local) [ftp]: scp
Server Name or IP Address [host]: 10.60.60.150
User Name [user]: archiving Path/Filename [/config.txt]: /home/archiving/configs/tmp/10_200_200_51/10_200_200_51.cfg
Section (all|chassis|switch [all]): all
archiving@10.60.60.150's password: mypassword
archiving@10.60.60.150's password:
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN