Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > File Transfer

Reply
 
Thread Tools Display Modes
  #1  
Old 03-17-2014, 07:42 AM
Casey Casey is offline
Registered User
 
Join Date: Oct 2011
Posts: 114
SecureFx SCP to Cisco?

I'm having trouble using SecureFX to connect to a Cisco router via SCP.

I get the following SecureFX Error: "Attempt to connect to <Router IP> Failed. Unknown application error: E0000001"

The router is a Cisco 2951 ISRg2 running IOS 15.1(4)M6


Here's the buffer log:

Code:
i SecureFX version 7.2.0.415 (Official Release - December 12, 2013) 
i Attempting to connect to <router ip> 
i Session 00005 established for quick connect
i SSH2Core version 7.2.0.415
i Connecting to <router ip>:22 ...
i Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
i Using protocol SSH2
i RECV : Remote Identifier = 'SSH-2.0-Cisco-1.25'
i CAP  : Remote can re-key
i CAP  : Remote sends language in password change requests
i CAP  : Remote sends algorithm name in PK_OK packets
i CAP  : Remote sends algorithm name in public key packets
i CAP  : Remote sends algorithm name in signatures
i CAP  : Remote sends error text in open failure packets
i CAP  : Remote sends name in service accept packets
i CAP  : Remote includes port number in x11 open packets
i CAP  : Remote uses 160 bit keys for SHA1 MAC
i CAP  : Remote supports new diffie-hellman group exchange messages
i CAP  : Remote correctly handles unknown SFTP extensions
i CAP  : Remote correctly encodes OID for gssapi
i CAP  : Remote correctly uses connected addresses in forwarded-tcpip requests
i CAP  : Remote can do SFTP version 4
i CAP  : Remote uses SHA1 hash in RSA signatures for x.509v3
i CAP  : Remote x.509v3 uses ASN.1 encoding for DSA signatures
i CAP  : Remote correctly handles zlib@openssh.com
i SSPI : Requesting full delegation
i SSPI : [Kerberos] SPN : host@<router ip>
i SSPI : [Kerberos] InitializeSecurityContext() failed.
i SSPI : [Kerberos] The specified target is unknown or unreachable
i SSPI : [Kerberos] Disabling gss mechanism
i GSS  : Requesting full delegation
i GSS  : [Kerberos] SPN : host@<router ip>
i GSS  : [Kerberos] InitializeSecurityContext() failed.
i GSS  : [Kerberos] Could not load library 'gssapi64.dll': The specified module could not be found.
i GSS  : [Kerberos] Disabling gss mechanism
i GSS  : [Kerberos] Disabling gss mechanism
i The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==
i SSPI : Requesting full delegation
i SSPI : [Kerberos (Group Exchange)] SPN : host@<router ip>
i SSPI : [Kerberos (Group Exchange)] InitializeSecurityContext() failed.
i SSPI : [Kerberos (Group Exchange)] The specified target is unknown or unreachable
i SSPI : [Kerberos (Group Exchange)] Disabling gss mechanism
i GSS  : Requesting full delegation
i GSS  : [Kerberos (Group Exchange)] SPN : host@<router ip>
i GSS  : [Kerberos (Group Exchange)] InitializeSecurityContext() failed.
i GSS  : [Kerberos (Group Exchange)] Could not load library 'gssapi64.dll': The specified module could not be found.
i GSS  : [Kerberos (Group Exchange)] Disabling gss mechanism
i GSS  : [Kerberos (Group Exchange)] Disabling gss mechanism
i The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==
i SEND : KEXINIT
i RECV : Read kexinit
i Available Remote Kex Methods = diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
i Selected Kex Method = diffie-hellman-group14-sha1
i Available Remote Host Key Algos = ssh-rsa
i Selected Host Key Algo = ssh-rsa
i Available Remote Send Ciphers = aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
i Selected Send Cipher = aes256-cbc
i Available Remote Recv Ciphers = aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
i Selected Recv Cipher = aes256-cbc
i Available Remote Send Macs = hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
i Selected Send Mac = hmac-sha1
i Available Remote Recv Macs = hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
i Selected Recv Mac = hmac-sha1
i Available Remote Compressors = none
i Selected Compressor = none
i Available Remote Decompressors = none
i Selected Decompressor = none
i Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
i SEND : KEXDH_INIT
i RECV : KEXDH_REPLY
i Changing state from STATE_KEY_EXCHANGE to STATE_READY_FOR_NEW_KEYS
i RECV: Remote Hostkey: <the key>
i SEND : NEWKEYS
i Changing state from STATE_READY_FOR_NEW_KEYS to STATE_EXPECT_NEWKEYS
i RECV : NEWKEYS
i Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION
i SEND: SERVICE_REQUEST[ssh-userauth]
i RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
i RECV : SSH_MSG_USERAUTH_BANNER
i 
! <Our Banner page>
i 
i SENT : USERAUTH_REQUEST [none]
i RECV : USERAUTH_FAILURE, continuations [publickey,keyboard-interactive,password]
i SENT : USERAUTH_REQUEST [password]
i RECV : AUTH_SUCCESS
i SEND[0]: SSH_MSG_CHANNEL_OPEN('session')
i SEND[0]: Pty Request (term: vt100, rows: 1024, cols: 256)
i RECV[0]: pty request succeeded
i SEND[0]: shell request
i RECV[0]: shell request succeeded
i RECV[0]:
i SEND[0]: terminal length 0
i RECV[0]: (router name)>terminal length 0
i SEND[0]: pwd
i RECV[0]: (router name)>pwd
i RECV[0]: Translating "pwd"...domain server (dns ip)
i RECV[0]: % Bad IP address or host name
i RECV[0]: Translating "pwd"...domain server (dns ip)
i The reply received from the server was not recognized.//
i RECV[0]:  (dns ip)
i RECV[0]: % Unknown command or computer name, or unable to find computer address
i Channel Closed.

Last edited by rtb; 03-17-2014 at 07:50 AM.
Reply With Quote
  #2  
Old 03-17-2014, 07:56 AM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi Casey,

It seems possible that the router is not in enable mode after you connect and authenticate. If this is the case, we have a new build of SecureFX that has the ability to automatically elevate the user account. If you would like to test it, please send an email to support@vandyke.com with a subject of Attn: Support - Forum thread #11427.
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730

Last edited by rtb; 08-26-2014 at 08:34 AM.
Reply With Quote
  #3  
Old 03-17-2014, 08:03 AM
Casey Casey is offline
Registered User
 
Join Date: Oct 2011
Posts: 114
Ahh, yes.. that is probably it. For most of our gear, we require you to enter the enable password after you've been authenticated.
Reply With Quote
  #4  
Old 03-17-2014, 08:15 AM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Thanks for the confirmation Casey. Please send an email as indicated and I will make the pre-release build of SecureFX available to you for testing.
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
  #5  
Old 04-05-2014, 01:47 AM
SeebacherM SeebacherM is offline
Registered User
 
Join Date: Oct 2009
Posts: 1
SCP to Cisco ASA

HI Todd,


is the new Version of SecureFX available as you wrote in this post? I need to connect to Cisco ASA and before SCP works i have to set the ASA in enable mode.

Is it possible to script that?

enable
password
etc.

Regards,

Martin
Reply With Quote
  #6  
Old 04-05-2014, 12:39 PM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi Martin,

Thanks for the post. The version of SecureFX is available. Please send an email to support@vandyke.com with a subject of Attn: Support - Forum thread #11427. In the body of the email, please include the email address you use for your download account if it is not the email address you use to send the email.

SecureFX does not have a scripting API like SecureCRT.

Can you tell me more about the problem you are trying to solve?

Are you using SFXCL?
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730

Last edited by bgagnon; 05-05-2014 at 12:47 PM. Reason: forum thread wrong (changed 11472 to 11427)
Reply With Quote
  #7  
Old 06-05-2014, 12:43 PM
jens jens is offline
Registered User
 
Join Date: Jun 2014
Posts: 5
Hi,
is there already a fix for the ASA which requires to manually change into enable mode?

/jens
Reply With Quote
  #8  
Old 06-05-2014, 01:07 PM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi jens,

Thanks for the post. We do have a pre-release version of SecureFX that can handle elevation when using SCP. If you would like to try it out, send us an email as posted previously.
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
  #9  
Old 06-05-2014, 03:45 PM
camsnow camsnow is offline
Registered User
 
Join Date: Jun 2014
Posts: 1
SCP connection

Hi, I just had a similar problem using SecureFX for the first time. I added ip scp server enable to the router and everything started working. I hope this helps.

Cam
Reply With Quote
  #10  
Old 06-06-2014, 07:02 AM
Casey Casey is offline
Registered User
 
Join Date: Oct 2011
Posts: 114
Once we set our gear up do drop us directly into enable mode (handled via radius authentication), then SecureFX worked perfectly. The only issue we have with SecureFX's SCP copy is that sometimes it's horrendously slow. IE: A file copy using TFTP will take 5 minutes, but via SCP it will take 45.

I don't think it's SecureFX though, I've seen others (via google) experience the same issue. I think it's just our gear. Over all, we're loving SecureFX and feel it was well worth the money.
Reply With Quote
  #11  
Old 06-06-2014, 07:50 AM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Thanks for the update Casey.

I am glad to hear that things are working for you.
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 04:33 PM.