Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1188
Views
0
Helpful
2
Replies

saving config via scp doesn't since update to 8.24

Go to solution
holger.weinel
Level 1
Level 1

‎04-06-2011 02:25 AM - edited ‎03-11-2019 01:17 PM

Hi there,

since our update of Cisco ASA 5510 (active/standby cluster) from version 8.22 to version 8.24 it isn't possible to transfer files from/to a sftp client.

The request just times out. SSH from this client is possible.

sh ssh
ssh secure copy : ENABLED
Timeout: 15 minutes
Version allowed: 2
...

Clientsite I get in verbose mode the following information:

C:\Dokumente und Einstellungen\h.weinel.BSNETZ>pscp -scp -v user@asa:startup.cfg startup.cfg
Looking up host "asa"
Connecting to asa port 22
Server version: SSH-2.0-Cisco-1.25
We believe remote version has SSH-1 ignore bug
We believe remote version needs a plain SSH-1 password
We believe remote version can't handle SSH-1 RSA authentication
We claim version: SSH-2.0-PuTTY_Release_0.60
Using SSH protocol version 2
Using Diffie-Hellman with standard group "group1"
Doing Diffie-Hellman key exchange with hash SHA-1
Host key fingerprint is:
ssh-rsa 2048 36:58:08:33:93:d7:04:b4:31:64:b0:3c:27:f4:1a:47
Initialised AES-256 CBC client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 CBC server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "weinelh".
user@asa's password:
Sent password
Access granted
Opened channel for session
Started a shell/command
Using SCP1
Connected to asa

....

and then nothing happens. After a view attempts the ressource ssh reaches the limit and after that no SSH and scp isn't possible

show resource usage
Resource              Current         Peak      Limit        Denied Context
SSH                         5            5          5             2 System
ASDM                        2            2          5             0 System
Syslogs [rate]            100         1902        N/A             0 System
Conns                    7538         8899     130000             0 System
Hosts                    1333         1385        N/A             0 System
Conns [rate]               19         1889        N/A             0 System
Inspects [rate]             2          664        N/A             0 System

How can I solve the problem

best regards

Holger Weinel

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎04-08-2011 06:23 AM

Looks like it's affected by bugID: CSCtk34526

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtk34526

Hope this answers your question.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎04-08-2011 06:23 AM

Looks like it's affected by bugID: CSCtk34526

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtk34526

Hope this answers your question.

0 Helpful

Go to solution
holger.weinel
Level 1
Level 1
In response to Jennifer Halim

‎07-05-2011 11:43 PM

We update ASA to Version 8.25 and the problem disapered.

The recommended action in the bugreport (avoid scp and/or reboot the firewall) isn't really a way to solve the problem.

The workaround till update we did was use the filetransfer tool in asdm.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card