Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
771
Views
0
Helpful
3
Replies

SSH issues after upgrading to ASYNC 8.0 M670

Go to solution
HT Managed_Services
Level 1
Level 1

‎06-06-2013 05:27 PM

I can no longer connect to 2 WSA from the M670 appliance after upgrading to 8.0.  I get prompted for credentials then it just hangs when I input my credentials.

Before running this latest AsyncOS update release, I checked the configuration of the log subscription files to verify the SSH1 setting and it was not configured.  Apparently, there were other configurations that use SSH1 that I was not aware of so it was not checked and changed.  Just on a side note, I tried to run the command 'logconfig > hostkeyconfig' (via Putty) on the M670 appliance but the command would run and it would immediately exit out of Putty so I was not able to view or change the SSH settings.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Alvaro J Gordon-Escobar
Cisco Employee
Cisco Employee

‎06-10-2013 08:28 AM

Hello

We have recently found a defect tjay lead to this behavior.  Degeft ID CSCuh38818

The problem only happens if the SMA appliance has a SSHv1 key in its configuration before upgrading to the AsyncOS 8.0 for management.

Workaround:

On the Cisco Security Management Appliance (SMA) running 8.0 version:

1) Save the configuration file under GUI > System Administration > Configure

2) Ensure that the passwords are un-masked so that we can re-upload the configuration file

3) Open the configuration file in a text editor, search for "hostkey" and delete the host key/s which look like below

2048 xx .....

4) Upload the new configuration on SMA and commit changes

5) Once done, the WSA appliance should be able to authenticate  any WSA and ESA appliance.

Regards,

-Alvaro

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Puja Mahapatra
Cisco Employee
Cisco Employee

‎06-08-2013 10:56 AM

Hello,

Kindly open a TAC case to get futher assistance.

Regards,

Puja

0 Helpful

Go to solution
Alvaro J Gordon-Escobar
Cisco Employee
Cisco Employee

‎06-10-2013 08:28 AM

Hello

We have recently found a defect tjay lead to this behavior.  Degeft ID CSCuh38818

The problem only happens if the SMA appliance has a SSHv1 key in its configuration before upgrading to the AsyncOS 8.0 for management.

Workaround:

On the Cisco Security Management Appliance (SMA) running 8.0 version:

1) Save the configuration file under GUI > System Administration > Configure

2) Ensure that the passwords are un-masked so that we can re-upload the configuration file

3) Open the configuration file in a text editor, search for "hostkey" and delete the host key/s which look like below

2048 xx .....

4) Upload the new configuration on SMA and commit changes

5) Once done, the WSA appliance should be able to authenticate  any WSA and ESA appliance.

Regards,

-Alvaro

0 Helpful

Go to solution
HT Managed_Services
Level 1
Level 1

‎06-13-2013 04:43 PM

Alvaro,

Thank you for your response, your recommendation worked like a charm.  Following the upload of the configuration without the " 2048 xx ....." entries and a reboot, connectivity was restored.

0 Helpful
Customers Also Viewed These Support Documents