10-06-2021 12:54 PM - edited 10-06-2021 12:55 PM
My end goal is to copy a running configuration from a Cisco Switch to a server using SFTP or SCP. Once confirmed working, i will use Kron to automate backup.
I followed the steps on how to configure SCP on the switch:
I installed OpenSSH on windows server 2019
From my PC, i was able to connect to OpenSSH server through WinSCP.
I was getting an error when i connect from Cisco Switch to OpenSSH server.
Since i was going down the rabbit hole troubleshooting, I though i would test if I can simply SSH from the Cisco device to the OpenSSH server. It did not work. I get this error:
Oct 6 18:32:57.316: SSH2 CLIENT 0: Channel open failed, reason = 1752134516
Oct 6 18:32:57.317: SSH CLIENT0: Session disconnected - error 0x00
Now, i looked at what encryption keys Cisco switch supports, found these:
SSHv2 only cipher list:
aes128-cbc AES 128 bits
aes128-ctr AES-CTR 128 bits
aes192-cbc AES 192 bits
aes192-ctr AES-CTR 192 bits
aes256-cbc AES 256 bits
aes256-ctr AES-CTR 256 bits
I also looked at OpenSSH docs and it supports AES256-CTR by default. So i tried, but same error.
OpenSSH server is behind a firewall, firewall monitoring shows traffic allowed from Cisco Switch to OpenSSH.
I also temporarily disabled windows firewall. No go.
Seems like a very easy concept, but I couldnt get it to work. Any help is greatly appreciated.
Thank you in advance!
Attached is the debug ip ssh logs.
10-06-2021 11:33 PM
- Check the logs of the OpenSSH server (Windows) , and look for anomalies if any (if needed turn on debugging)
M.
10-07-2021 06:58 AM
I looked at the event viewer specifically for OpenSSH and the only thing related event that i saw was the OpenSSH server accepted the SSHv2 password from the switch.
sshd: Accepted password for <username> from <switch ip address> port 17790 ssh2
10-07-2021 01:22 AM
Hello,
If you are using version of OpenSSH before 7.0, then try to find and comment out the value
notify_hostkeys()
call in sshd.c file on the server.
10-07-2021 07:02 AM
I assume I'm using a new version?
Oct 7 14:00:10.629: SSH CLIENT0: protocol version id is - SSH-2.0-OpenSSH_for_Windows_7.7
Oct 7 14:00:10.629: SSH CLIENT0: sent protocol version id SSH-2.0-Cisco-1.25
Oct 7 14:00:10.630: SSH2 CLIENT 0: kexinit sent: kex algo = diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Oct 7 14:00:10.630: SSH2 CLIENT 0: kexinit sent: encryption algo = aes128-ctr,aes192-ctr,aes256-ctr
Oct 7 14:00:10.630: SSH2 CLIENT 0: kexinit sent: mac algo = hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
Since there is a new version of OpenSSH, i might try that first. If you have other solutions please let me know!
01-12-2022 08:04 AM
hi,
Did you get this working in the end as I'm facing the same issues however I'm trying without keys to see if that simplifies the solution...
01-12-2022 09:29 AM
I did not get it to work with OpenSSH. I end up using a different program (Bitvise SSH)
Then i used the archive command to copy the config file with scp automatically.
01-20-2022 02:03 AM
if you install OpenSSH from Server 2019 using the features install, it only installs version 7.5.
You have to go and manually download a later version from https://github.com/PowerShell/Win32-OpenSSH/releases/tag/V8.6.0.0p1-Beta
I've now managed to get it to work with password and ciphers but I've not disabled password to force ciphers only
This was helpful as well
https://issueexplorer.com/issue/PowerShell/Win32-OpenSSH/1788
If you have the below line in sshd_config then you are good.
Ciphers aes128-cbc,3des-cbc
was placing the Ciphers on a new line underneath the Match Group and when starting sshd.exe -ddd it was making it clear that was the issue. So placed that block of configuration elsewhere and now the service starts fine and the device connects and uploads backups with no error.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide