We are having an issue getting the syntax right. Our source server is sccrptfserv02 and source dir is c:\export\colado\ the destination server is hpesw133.can.hp.com target dir is c:\vsm_depot\outbound. We keep getting this error when we run VCP.


Vcp -auth publickey -I "C:\Documents and Settings\PCDAUT1\Application Data\VanDyke\identity_pub" -c 3des-cbc -m SHA1 -noprompt pcdaut1@sccrptfserv02:C:\EXECUTE\COLADO\import pcdaut1@hpesw133.can.hp.com:c:\vsm_depot\outbound
The remote system refused the connection. This
probably means that the remote system does not
provide the service you are attempting to access,
or that the service is being provided on a different
port.

Here is the corresponding log entries. Any help would be deeply appreciated.

15:06:14,dbg ,00136: [LOCAL DEBUG] SEND : KEXINIT
15:06:14,dbg ,00136: [LOCAL DEBUG] RECV : Read kexinit
15:06:14,dbg ,00136: [LOCAL DEBUG] Available Remote Kex Methods = diffie-hellman-group1-sha1
15:06:14,dbg ,00136: [LOCAL DEBUG] Selected Kex Method = diffie-hellman-group1-sha1
15:06:14,dbg ,00136: [LOCAL DEBUG] Available Remote Host Key Algos = ssh-dss,ssh-rsa
15:06:14,dbg ,00136: [LOCAL DEBUG] Selected Host Key Algo = ssh-dss
15:06:14,dbg ,00136: [LOCAL DEBUG] Available Remote Send Ciphers = blowfish-cbc,3des-cbc
15:06:14,dbg ,00136: [LOCAL DEBUG] Selected Send Cipher =
15:06:14,dbg ,00136: [LOCAL DEBUG] Available Remote Recv Ciphers = blowfish-cbc,3des-cbc
15:06:14,dbg ,00136: [LOCAL DEBUG] Selected Recv Cipher =
15:06:14,dbg ,00136: [LOCAL DEBUG] Available Remote Send Macs = hmac-sha1,hmac-md5-96,hmac-md5,hmac-sha1-96
15:06:14,dbg ,00136: [LOCAL DEBUG] Selected Send Mac = hmac-sha1
15:06:14,dbg ,00136: [LOCAL DEBUG] Available Remote Recv Macs = hmac-sha1,hmac-md5-96,hmac-md5,hmac-sha1-96
15:06:14,dbg ,00136: [LOCAL DEBUG] Selected Recv Mac = hmac-sha1
15:06:14,dbg ,00136: [LOCAL DEBUG] Available Remote Compressors = none
15:06:14,dbg ,00136: [LOCAL DEBUG] Selected Compressor = none
15:06:14,dbg ,00136: [LOCAL DEBUG] Available Remote Decompressors = none
15:06:14,dbg ,00136: [LOCAL DEBUG] Selected Decompressor = none
15:06:14,conn,00136: Key exchange failed. Client supports cipher algorithms: blowfish-cbc, 3des-cbc.
15:06:14,conn,00136: Key exchange failed. Disconnecting client.

> 15:06:14,dbg ,00136: [LOCAL DEBUG] Available Remote Send Ciphers = blowfish-cbc,3des-cbc
> 15:06:14,dbg ,00136: [LOCAL DEBUG] Selected Send Cipher =
> 15:06:14,dbg ,00136: [LOCAL DEBUG] Available Remote Recv Ciphers = blowfish-cbc,3des-cbc
> 15:06:14,dbg ,00136: [LOCAL DEBUG] Selected Recv Cipher =

At first glance, it would appear that VShell isn't configured to allow the 3DES cipher (VShell control panel, General/Cipher category, ensure that the 3DES cipher is enabled).

Since on the vcp command line, you are specifically forcing the use of 3DES and not allowing any other cipher, VShell is disconnecting the client at the very start.

Another resolution might be to remove the "-c 3des-cbc" from the vcp command line and allow the use of any of the supported ciphers.

Does this information help?

I have configured our staging area to be identicle to production. I have verified that 3des is enabled on the server side. I have also removed the -c and -m param from the vcp.exe command line but I am still experiencing the error. I turned on verbose logging hoping that will help out.

C:\Program Files\SecureCRT>Vcp -auth publickey -I "C:\Documents and Settings\sch
all.AMERICAS\Application Data\VanDyke\Identity.pub" -v -noprompt schall@schall2:
22 C:\test schall@htndep05.can.hp.com:22 c:\test
[LOCAL DEBUG] : vcp(4.0.4 (build 413)) : Using SSH2Core v2.3.0.295
[LOCAL DEBUG] : State Change: SSH_STATE_UNINITIALIZED->SSH_STATE_CONNECTING
[LOCAL DEBUG] : State Change: SSH_STATE_CONNECTING->SSH_STATE_CLOSED
[LOCAL DEBUG] : Connected for 0 seconds, 0 bytes sent, 0 bytes received
The remote system refused the connection. This
probably means that the remote system does not
provide the service you are attempting to access,
or that the service is being provided on a different
port.

I am able to login via the console so I know port 22 is open on the firewall. I tried to manually specify port 22 in the vcp command line not sure if I did that properly.

I am able to login via the console so I know port 22 is open on the firewall. I tried to manually specify port 22 in the vcp command line not sure if I did that properly.
The port isn't specified properly. The syntax looks like:
vcp [options] [[user@]host[#port]:]file [[user@]host[#port]:]file

For you it would be:

C:\Program Files\SecureCRT>Vcp -auth publickey -I "C:\Documents and Settings\schall.AMERICAS\Application Data\VanDyke\Identity.pub" -v -noprompt schall@schall2#22:c:\test schall@htndep05.can.hp.com#22:c:\test

This would copy the file c:\test from schall2 to htndep05.can.hp.com

The previous command was probably confused as to what it was connecting to.

Makes me think we need to log what connection we are attempting.

Thanks,

Have you tried telnetting to the first host vcp will connect to? "telenet schall2 22"

If you are just trying to copy from your local machine, I'd recommend dropping the host and do the following:
C:\Program Files\SecureCRT>Vcp -auth publickey -I "C:\Documents and Settings\schall.AMERICAS\Application Data\VanDyke\Identity.pub" -v -noprompt c:\test schall@htndep05.can.hp.com#22:c:\test

Thanks,

I just tried vsh and I can connect to the host fine??? Can vsh copy a file or is that just for vcp?

C:\Program Files\SecureCRT>Vsh -auth publickey -I "C:\Documents and Settings\sch
all.AMERICAS\Application Data\VanDyke\Identity.pub" -v htndep05.cce.hp.com
[LOCAL DEBUG] : vsh(4.0.4 (build 413)) : Using SSH2Core v2.3.0.295
[LOCAL DEBUG] : State Change: SSH_STATE_UNINITIALIZED->SSH_STATE_CONNECTING
[LOCAL DEBUG] : State Change: SSH_STATE_CONNECTING->SSH_STATE_EXPECT_IDENTIFIER
[LOCAL DEBUG] : connected
[LOCAL DEBUG] : RECV : Remote Identifier = "SSH-2.0-VShell_Special_Edition_2_1_4
_154 VShell"
[LOCAL DEBUG] : CAP : Remote can re-key
[LOCAL DEBUG] : CAP : Remote sends language in password change requests
[LOCAL DEBUG] : CAP : Remote sends algorithm name in PK_OK packets
[LOCAL DEBUG] : CAP : Remote sends algorithm name in public key packets
[LOCAL DEBUG] : CAP : Remote sends algorithm name in signatures
[LOCAL DEBUG] : CAP : Remote sends error text in open failure packets
[LOCAL DEBUG] : CAP : Remote sends name in service accept packets
[LOCAL DEBUG] : CAP : Remote includes port number in x11 open packets
[LOCAL DEBUG] : CAP : Remote uses 160 bit keys for SHA1 MAC
[LOCAL DEBUG] : CAP : Remote supports new diffie-hellman group exchange message
s
[LOCAL DEBUG] : CAP : Remote correctly handles unknown SFTP extensions
[LOCAL DEBUG] : CAP : Remote is IETF-DRAFT compliant
[LOCAL DEBUG] : SEND : KEXINIT
[LOCAL DEBUG] : State Change: SSH_STATE_EXPECT_IDENTIFIER->SSH_STATE_INITIAL_KEY
EXCHANGE
[LOCAL DEBUG] : RECV : Read kexinit
[LOCAL DEBUG] : Kex Method = diffie-hellman-group1-sha1
[LOCAL DEBUG] : Host Key Algo = ssh-dss
[LOCAL DEBUG] : Send Cipher = aes128-cbc
[LOCAL DEBUG] : Recv Cipher = aes128-cbc
[LOCAL DEBUG] : Send Mac = hmac-md5
[LOCAL DEBUG] : Recv Mac = hmac-md5
[LOCAL DEBUG] : Compressor = none
[LOCAL DEBUG] : Decompressor = none
[LOCAL DEBUG] : SEND : KEXDH_INIT
[LOCAL DEBUG] : RECV : KEXDH_REPLY
[LOCAL DEBUG] : Hash Packet:
[LOCAL DEBUG] : SEND : NEWKEYS
[LOCAL DEBUG] : State Change: SSH_STATE_INITIAL_KEYEXCHANGE->SSH_STATE_INITIAL_E
XPECT_NEWKEYS
[LOCAL DEBUG] : RECV : NEWKEYS
[LOCAL DEBUG] : State Change: SSH_STATE_INITIAL_EXPECT_NEWKEYS->SSH_STATE_USERAU
TH
[LOCAL DEBUG] : SEND : SERVICE_REQUEST [userauth]
[LOCAL DEBUG] : RECV : SERVICE_ACCEPT
[LOCAL DEBUG] : SENT : USERAUTH_REQUEST [none]
[LOCAL DEBUG] : RECV : SSH_MSG_USERAUTH_BANNER
HP Internal Use ONLY!

This is a private system operated for Hewlett-Packard company business. Authoriz
ation from HP management is required to use this system. The HP Standards of Bus
iness Conduct and all HP Information Security policies and standards must be str
ictly followed. Use by unauthorized persons is prohibited and may result in civi
l and/or criminal liability and prosecution.
[LOCAL DEBUG] : RECV : USERAUTH_FAILURE, continuations [publickey,password]
[LOCAL DEBUG] : SENT : USERAUTH_REQUEST [publickey - unsigned, fingerprint: c4:6
1:f4:02:10:79:32:b1:73:86:3d:fe:f3:a4:69:31]
Passphrase ("schall@SCHALL2"):
[LOCAL DEBUG] : SENT : USERAUTH_REQUEST [publickey - signed,May 2000 Standard]
[LOCAL DEBUG] : RECV : AUTH_SUCCESS
[LOCAL DEBUG] : State Change: SSH_STATE_USERAUTH->SSH_STATE_CONNECTION
[LOCAL DEBUG] : SEND: pty request
[LOCAL DEBUG] : RECV: pty request succeeded
[LOCAL DEBUG] : SEND: x11 forwarding request
[LOCAL DEBUG] : RECV: x11 request failed
[LOCAL DEBUG] : SEND: agent forwarding request
[LOCAL DEBUG] : RECV: agent request failed
[LOCAL DEBUG] : SEND: shell request
[LOCAL DEBUG] : RECV: shell request succeeded
************************************************** *****************
* *
* This is a private system operated for Hewlett-Packard Company *
* business. Authorization from HP management is required to use *
* this system. Use by unauthorized persons is prohibited. *
* *
* WARNING - This computer system is accessed by users outside *
* of HP. All security and control procedures must *
* be strictly followed. *
* *
************************************************** *****************


Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\>

Hi schall,

Vsh will only allow you to access the remote system via a command line.
Can you tell me what the results were when you tried to use the command string that res suggested?

C:\Program Files\SecureCRT>Vcp -auth publickey -I "C:\Documents and Settings\schall.AMERICAS\Application Data\VanDyke\Identity.pub" -v -noprompt schall@schall2#22:c:\test schall@htndep05.can.hp.com#22:c:\test

Thanks,

bocks