Solved: Re: Cisco DNA and Winscp

Macky05 · ‎10-07-2022

Hi Everyone,

I am need to transfer a file in DNAC and trying to used Winscp but unfortunately I am getting some error messages like Bash is recommended. I change the shell setting to Bash but still no luck. Can someone please kindly advice or give some direction how I can get this file in the DNAC with or without winscp.

I need to get file: CSCwb00526.sh.zip from:https://software.cisco.com/download and transfer to DNAC /data/tmp

See some pic below:

I think I getting SCP / Shell setting wrong. Any direction to set this up. Please help!

It seems to have been authenticated but yet it fails with an error message. See below:

Any advice will be appreciated. Thanks

willwetherman · ‎10-08-2022

Ok that is interesting.

I have just installed the latest version of WinSCP (5.21.5), with default settings, and I can connect to my DNAC 2.3.3.4 server using SFTP and transfer files without any issues, however If I change the protocol to SCP, I receive the same error 'Error skipping startup message. Your shell is probably incompatible with the application (BASH is recommended)'.

For comparison, I performed the same test on a DNAC 2.2.2.8 server and I can connect and transfer files using both SFTP and SCP so I suspect that the SCP issue is related to the restricted shell feature that is enabled by default in the later versions of DNAC.

I disabled restricted shell on DNAC 2.3.3.4 and now SCP is working correctly. You can disable the restricted shell using the following command. Can you give this a go and see if it fixes the issue?

_shell -c 'sudo magctl ssh shell bash'

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-3-3/admin_guide/b_cisco_dna_center_admin_guide_2_3_3/b_cisco_dna_center_admin_guide_2_3_3_chapter_010.html#Cisco_Task_in_List_GUI.dita_54088...

If this still fails to work, DNAC has an SFTP/SCP client that can be used to transfer files from a remote server to a local path. For example, you can use the following command from the DNAC CLI to transfer file 'test.txt' from remote SFTP server 192.168.1.1 to /data/tmp.

sftp user@192.168.1.1:test.txt /data/tmp

View solution in original post

willwetherman · ‎10-07-2022

Hi @Macky05

I use WinSCP regularly to transfer files to/from DNAC. The fie protocol should be SFTP and not SCP. Can you set the protocol to SFTP and try again?

Hope that this helps

Will

Macky05 · ‎10-07-2022

Hi @willwetherman

I also tried with SFTP, and it failed.

With DNAC version Version 2.3.2.0, it seems there is no option to setup the stfp server.

However, I once troubleshooted with TAC and scp was used with some changes made in the Advance setting -> Shell of winSCP, just can't remember how the shell path was set. I have tried different paths but no luck. I am sure Cisco customized the defaults shell paths. Can anyone please let me know what this path could be or the advance setting?

willwetherman · ‎10-08-2022

Ok that is interesting.

I have just installed the latest version of WinSCP (5.21.5), with default settings, and I can connect to my DNAC 2.3.3.4 server using SFTP and transfer files without any issues, however If I change the protocol to SCP, I receive the same error 'Error skipping startup message. Your shell is probably incompatible with the application (BASH is recommended)'.

For comparison, I performed the same test on a DNAC 2.2.2.8 server and I can connect and transfer files using both SFTP and SCP so I suspect that the SCP issue is related to the restricted shell feature that is enabled by default in the later versions of DNAC.

I disabled restricted shell on DNAC 2.3.3.4 and now SCP is working correctly. You can disable the restricted shell using the following command. Can you give this a go and see if it fixes the issue?

_shell -c 'sudo magctl ssh shell bash'

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-3-3/admin_guide/b_cisco_dna_center_admin_guide_2_3_3/b_cisco_dna_center_admin_guide_2_3_3_chapter_010.html#Cisco_Task_in_List_GUI.dita_54088...

If this still fails to work, DNAC has an SFTP/SCP client that can be used to transfer files from a remote server to a local path. For example, you can use the following command from the DNAC CLI to transfer file 'test.txt' from remote SFTP server 192.168.1.1 to /data/tmp.

sftp user@192.168.1.1:test.txt /data/tmp

Macky05 · ‎10-18-2022

Hi @willwetherman

Thanks very much.

Bypassing the restriction shell with the command:

_shell -c 'sudo magctl ssh shell bash'

I could get remote access with winSCP via SFTP or SCP.

The reference link you provided is also very handy:

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-3-3/admin_guide/b_cisco_dna_center_admin_guide_2_3_3/b_cisco_dna_center_admin_guide_2_3_3_chapter_010.html#Cisco_Task_in_List_GUI.dita_54088...

Thanks a lot.

estetson · ‎10-12-2022

Are you using "maglev" as your username? I can't speak on WinSCP, but I'm able to connect to my Cisco DNA Cluster running 2.3.2.1 using SFTP with Filezilla.

For a protocol I'm using SFTP, port 2222 and username maglev. You need to use your maglev username/password since you're essentially accessing the CLI, not the administrator GUI username/password.
Other than that, my advanced, transfer settings, charset, etc are all default.