09-09-2020 05:19 AM
Hello,
I have created a new SFTP repository on a ISE 2.7 Patch 1 in GUI.
And I get the error below when I try to validate the repository. What did I miss for the config?
Repository validation failed due to error - SSH connect error. Verify configuration. In case Backup was restored on different setup, please re-configure the repository passwords (Expected behaviour)
Below the SFTP server's logs (Windows 2K19 OpenSSH works fine with another SFTP Backup for an other app ) :
13484 2020-09-09 14:15:45.563 debug1: inetd sockets after dupping: 4, 4
13484 2020-09-09 14:15:45.564 Connection from 10.10.9.13 port 15115 on 10.10.9.4 port 22
13484 2020-09-09 14:15:45.566 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
13484 2020-09-09 14:15:45.567 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6 PKIX[11.0]
13484 2020-09-09 14:15:45.567 debug1: match: OpenSSH_7.6 PKIX[11.0] pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
13484 2020-09-09 14:15:45.668 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
13484 2020-09-09 14:15:45.668 debug1: SSH2_MSG_KEXINIT sent [preauth]
13484 2020-09-09 14:15:45.668 debug1: SSH2_MSG_KEXINIT received [preauth]
13484 2020-09-09 14:15:45.668 debug1: kex: algorithm: curve25519-sha256 [preauth]
13484 2020-09-09 14:15:45.668 debug1: kex: host key algorithm: ssh-rsa [preauth]
13484 2020-09-09 14:15:45.668 debug1: kex: client->server cipher: aes128-gcm@openssh.com MAC: <implicit> compression: none [preauth]
13484 2020-09-09 14:15:45.668 debug1: kex: server->client cipher: aes128-gcm@openssh.com MAC: <implicit> compression: none [preauth]
13484 2020-09-09 14:15:45.668 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
13484 2020-09-09 14:15:45.694 debug1: rekey out after 4294967296 blocks [preauth]
13484 2020-09-09 14:15:45.694 debug1: SSH2_MSG_NEWKEYS sent [preauth]
13484 2020-09-09 14:15:45.694 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
13484 2020-09-09 14:15:45.694 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
13484 2020-09-09 14:15:45.695 Connection closed by 10.10.9.13 port 15115 [preauth]
13484 2020-09-09 14:15:45.696 debug1: do_cleanup [preauth]
13484 2020-09-09 14:15:45.697 debug1: monitor_read_log: child log fd closed
13484 2020-09-09 14:15:45.697 debug1: do_cleanup
13484 2020-09-09 14:15:45.697 debug1: Killing privsep child 11252
Solved! Go to Solution.
09-09-2020 06:52 AM
Did you add the server host key to the ISE server CLI using the command "crypto host_key add"?
09-09-2020 06:52 AM
Did you add the server host key to the ISE server CLI using the command "crypto host_key add"?
02-24-2021 08:14 AM
FYSA I also had a similar issue with ISE2.7p2. The fix was re-adding the host key via CLI as @Colby LeMaire suggested.
08-12-2021 12:09 AM
Hi Mike, I tried your method but it did not work. Is there anything else I can explore?
Best Regards,
Ng Turng Hui
08-12-2021 12:29 AM
Hi @NgTurngHui7950,
Have you executed 'crypto host_key add' on same server you are trying to access it from? In case of multiple ISE nodes, you need to repeat command on all nodes from which you are attempting to read repository.
BR,
Milos
08-12-2021 02:30 AM
Hi Milo,
Yes i did add Crypto host_key add host <Hostname of SFTP Server> on the exec mode.
This was working fine before I upgrade the Cisco ISE from version 2.3.0 to 2.7.0 . I redo the entire process which is to remove the host_key from the CLI and remove the SFTP Server setting on the GUI, reboot the services, added the SFTP Server settings again and lastly added the host_key.
When i type "show repository <Repository Name>" , I am left with the following error.
"Repository sftprepo could not be accessed. In case Backup was restored on different setup, please re-configure the repository passwords (Expected behaviour). Failure occurred during request"
I am in a pickle here. This is just SFTP and is giving me so much problems. Do you have any idea what may be causing this?
Best Regards,
Ng Turng Hui
05-05-2022 08:48 AM
Hi Ng Tung Hui
I have a similar problem and I would like to know if you managed to resolve your problem and how if you did?
Thanks,
Sydney
05-13-2022 10:00 PM
Hi Sydney,
How I resolve the issue is to upgrade the Cisco ISE to Version 2.7 Patch 4. There is a bug is Cisco Ise Version 2.7 which resulted in failure using SFTP. Hope this helps.
Best Regards,
Ng Turng Hui
08-12-2021 06:38 AM
You could try to look at logs on the server side, to try to understand something from there, if possible.
It looks you did everything you should. I would contact TAC as next step, as I can't recommend any reasonable troubleshooting step from here.
BR,
Milos
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: