Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > File Transfer

Reply
 
Thread Tools Display Modes
  #1  
Old 12-12-2008, 11:04 AM
francisfox francisfox is offline
Registered User
 
Join Date: Dec 2008
Posts: 3
Secure FX and Cisco Switch/Router

I have ssh2 enabled on a cisco3750 & 7204 running IOS 12.2 & 12.4 respectively both with "ip scp server enable" configured, the idea being to sftp configs & IOS down to them using SecureFX. I can SecureCRT to both using SSH2 then attempt to open an sftp tab to do the file transfer. I have logging & ssh/scp debug enabled on each cisco box and attempt to open the sftp connection. In each case the authentication (using same credentials as for SSH2 session) is successful but then the connection just closes. Can anyone help?
Reply With Quote
  #2  
Old 12-12-2008, 02:35 PM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi francisfox,

I will work with you on this issue via the email you sent to me.
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
  #3  
Old 06-08-2009, 02:44 PM
mciszek mciszek is offline
Registered User
 
Join Date: Jun 2009
Posts: 1
Angry Secure FX and Cisco Switch/Router

Having the same issue, here is the log output:

i SecureFX version 6.2.1.215 (Official Release - April 28, 2009)
i Session 00004 established for session CiscoSwitch
i SSH2Core version 6.2.0.215
i Connecting to 10.10.10.1:22 ...
i Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
i Using protocol SSH2
i RECV : Remote Identifier = 'SSH-2.0-Cisco-1.25'
i CAP : Remote can re-key
i CAP : Remote sends language in password change requests
i CAP : Remote sends algorithm name in PK_OK packets
i CAP : Remote sends algorithm name in public key packets
i CAP : Remote sends algorithm name in signatures
i CAP : Remote sends error text in open failure packets
i CAP : Remote sends name in service accept packets
i CAP : Remote includes port number in x11 open packets
i CAP : Remote uses 160 bit keys for SHA1 MAC
i CAP : Remote supports new diffie-hellman group exchange messages
i CAP : Remote correctly handles unknown SFTP extensions
i CAP : Remote correctly encodes OID for gssapi
i CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
i CAP : Remote can do SFTP version 4
i CAP : Remote uses SHA1 hash in RSA signatures for x.509v3
i CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
i SEND : KEXINIT
i RECV : Read kexinit
i Available Remote Kex Methods = diffie-hellman-group1-sha1
i Selected Kex Method = diffie-hellman-group1-sha1
i Available Remote Host Key Algos = ssh-rsa
i Selected Host Key Algo = ssh-rsa
i Available Remote Send Ciphers = aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
i Selected Send Cipher = aes256-cbc
i Available Remote Recv Ciphers = aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
i Selected Recv Cipher = aes256-cbc
i Available Remote Send Macs = hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
i Selected Send Mac = hmac-sha1-96
i Available Remote Recv Macs = hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
i Selected Recv Mac = hmac-sha1-96
i Available Remote Compressors = none
i Selected Compressor = none
i Available Remote Decompressors = none
i Selected Decompressor = none
i Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
i SEND : KEXDH_INIT
i RECV : KEXDH_REPLY
i SEND : NEWKEYS
i Changing state from STATE_KEY_EXCHANGE to STATE_EXPECT_NEWKEYS
i RECV : NEWKEYS
i Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION
i SEND: SERVICE_REQUEST[ssh-userauth]
i RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
i SENT : USERAUTH_REQUEST [none]
i RECV : SSH_MSG_USERAUTH_BANNER
i RECV : USERAUTH_FAILURE, continuations [keyboard-interactive,password]
i SENT : USERAUTH_REQUEST [password]
i RECV : AUTH_SUCCESS
i Channel Closed: 00000000 (The operation completed successfully. )

I get the login banner, click OK, than the connection just closes. Is there something additional I need to configure on the Cisco switch? I am using the 'ip scp server enable' command and have SSH v2.0 working using the vty port.

Please Assist,
Thanks!
Reply With Quote
  #4  
Old 06-08-2009, 05:02 PM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi mciszek,

It appears as though you are attempting to use the SFTP protocol when attempting to connect to a Cisco device.

By way of explanation, Cisco devices do not support the SFTP protocol, rather they support SCP which is a non-standard carry-over from the SSH1 days.

Currently SecureFX does not support SCP file transfers.

I have added this forum thread to a feature request in our SecureFX development database to add the capability to transfer files using SCP.

Should a future release of SecureFX support transferring files using SCP, we will post to this forum thread.

If you would like to be notified directly, please send an email to support@vandyke.com with a subject of Feature Request in Forum Thread #3345
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730

Last edited by jdev; 06-08-2009 at 05:28 PM.
Reply With Quote
  #5  
Old 10-08-2009, 06:27 PM
Maureen's Avatar
Maureen Maureen is offline
VanDyke Product Director
 
Join Date: Feb 2004
Location: Albuquerque, NM
Posts: 1,563
Support for SCP has been implemented in SecureFX 6.5, which is currently in beta testing. If you would like to try it, you can download it from the following web page.

http://www.vandyke.com/download/securefx/beta.html

The SCP protocol is available in the File Transfer protocol list in the Session Options dialog. SCP is also supported in the SFXCL command-line client.

Maureen
Reply With Quote
  #6  
Old 04-14-2010, 12:13 PM
francisfox francisfox is offline
Registered User
 
Join Date: Dec 2008
Posts: 3
securefx 6.5 doesn't work with cisco device

I am evaluating the new version of securefx supporting scp and I can't get it to work with a cisco device. see output from gui and command line below. GUI appeared to do key exchange OK then just failed. Using the command line it just kept offering the help rather than telling me what was wrong with my syntax. Can anyone help????

i SecureFX version 6.5.1.410 (Official Release - January 21, 2010)
i Session 00006 established for quick connect
i SSH2Core version 6.5.0.410
i Connecting to 192.168.0.1:22 ...
i Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
i Using protocol SSH2
i RECV : Remote Identifier = 'SSH-2.0-Cisco-1.25'
i CAP : Remote can re-key
i CAP : Remote sends language in password change requests
i CAP : Remote sends algorithm name in PK_OK packets
i CAP : Remote sends algorithm name in public key packets
i CAP : Remote sends algorithm name in signatures
i CAP : Remote sends error text in open failure packets
i CAP : Remote sends name in service accept packets
i CAP : Remote includes port number in x11 open packets
i CAP : Remote uses 160 bit keys for SHA1 MAC
i CAP : Remote supports new diffie-hellman group exchange messages
i CAP : Remote correctly handles unknown SFTP extensions
i CAP : Remote correctly encodes OID for gssapi
i CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
i CAP : Remote can do SFTP version 4
i CAP : Remote uses SHA1 hash in RSA signatures for x.509v3
i CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
i SEND : KEXINIT
i RECV : Read kexinit
i Available Remote Kex Methods = diffie-hellman-group1-sha1
i Selected Kex Method = diffie-hellman-group1-sha1
i Available Remote Host Key Algos = ssh-rsa
i Selected Host Key Algo = ssh-rsa
i Available Remote Send Ciphers = aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
i Selected Send Cipher = aes256-cbc
i Available Remote Recv Ciphers = aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
i Selected Recv Cipher = aes256-cbc
i Available Remote Send Macs = hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
i Selected Send Mac = hmac-sha1
i Available Remote Recv Macs = hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
i Selected Recv Mac = hmac-sha1
i Available Remote Compressors = none
i Selected Compressor = none
i Available Remote Decompressors = none
i Selected Decompressor = none
i Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
i SEND : KEXDH_INIT
i RECV : KEXDH_REPLY
i SEND : NEWKEYS
i Changing state from STATE_KEY_EXCHANGE to STATE_EXPECT_NEWKEYS
i RECV: Remote Hostkey: 9a:e8:84:4d:f2:31:e0:77:75:45:ff:c9:2c:58:f0:4f
i RECV : NEWKEYS
i Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION
i SEND: SERVICE_REQUEST[ssh-userauth]
i RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
i SENT : USERAUTH_REQUEST [none]
i RECV : USERAUTH_FAILURE, continuations [keyboard-interactive,password]
i SENT : USERAUTH_REQUEST [password]
i RECV : AUTH_SUCCESS
i SEND[0]: SSH_MSG_CHANNEL_OPEN('session')
i SEND[0]: exec request: cd "." && pwd
i RECV[0]: exec request succeeded
i RECV[0]: remote process exit-status: 0
i RECV[0]: channel eof
i SEND[0]: SSH_MSG_CHANNEL_EOF
i The reply received from the server was not recognized.

i Changing state from STATE_CONNECTION to STATE_CLOSED






C:\Program Files\VanDyke Software\SecureFX>sfxcl.exe /Log d:\sfx.log /DefaultType binary d:\tmp\c3825-advipservicesk9-mz.124-21.bin scp://Adminassword@192.168.0.1;type=i
sfxcl version 6.5.1 (build 410)
SSH2Core version 6.5.0.410

sfxcl [options] source [source [...]] destination
sfxcl [options] /Move source [source [...]] destination
sfxcl [options] /QuickSync localpath sessionpath remotepath direction [no-subdir]
sfxcl [options] /Synchronize syncsessionname
sfxcl [options] /Delete remotesource [remotesource [...]]
sfxcl [options] /Rename remotesource [remotesource [...]] newname
sfxcl [options] /List remotesource [remotesource [...]]

source A URL, localpath, or /S sessionpath remotepath
destination A URL, localpath, or /S sessionpath [remotepath]
remotesource A URL or /S sessionpath remotepath
localpath Path on the local filesystem
sessionpath Session database path for host information
remotepath Path on the remote file system
direction upload | download | mirror-both | mirror-local |
mirror-remote
no-subdir Turn off recursive copying of sub-directories
syncsessionname Session name from synchronize database
newname New filename on the remote file system

Options:
/AcceptHostKeys Automatically accept host keys
/Command command Sends the specified quote command to the FTP server
/DefaultType type Transfer type used for undefined file extensions
(type = binary | ascii | prompt)
/F path Specifies the location of the SecureFX
configuration folder
/I file Identity to use with public-key authentication
/Log file Log output to the specified file
/NoPrompt Fail if prompted for user input
/Overwrite action Action to take when a filename collision occurs
(action = always | never | older | prompt)
/P passphrase Passphrase to use for public-key authentication
/Q Prevents output to the console window
/RetryCount count Maximum attempts to re-establish a connection
(count = 0..32767 | infinite)
/RetryDelay seconds Time to wait between connection retries

C:\Program Files\VanDyke Software\SecureFX>
C:\Program Files\VanDyke Software\SecureFX>
Reply With Quote
  #7  
Old 04-14-2010, 02:11 PM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi francisfox,

I am sorry to hear that you are having difficulty with SecureFX 6.5.1.

Our developers are investigating what appears to be a bug in the Cisco SCP implementation. We will post any updates regarding this issue to this forum thread. If you would like to be notified directly, please complete and submit the form at the following location:
Submit Bug Report
You may also want to contact your Cisco technical representative to report the problem you are seeing.

With regards to the SFXCL command-line syntax problem, we are aware that SFXCL SCP commands using the URL format fail with a usage statement, and it should be resolved in SecureFX 6.5.2. You can download SecureFX 6.5.2 from the following location:
http://www.vandyke.com/download/securefx/download.html
Does SecureFX 6.5.2 continue to give you a usage statement when you issue the SFXCL command (6.5.2 only addresses the command-line syntax problem you have reported)?
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730

Last edited by rtb; 01-26-2012 at 11:25 AM. Reason: Fixing sentence
Reply With Quote
  #8  
Old 04-20-2010, 09:18 AM
francisfox francisfox is offline
Registered User
 
Join Date: Dec 2008
Posts: 3
sfxcl 6.5.2 behaves same as GUI

I have installed 6.5.2 and tried command line tool with a URL as a parameter and that part now works. The command line tool now fails with exactly the same error as the GUI.
Reply With Quote
  #9  
Old 04-20-2010, 11:50 AM
miked's Avatar
miked miked is offline
Registered User
 
Join Date: Feb 2004
Posts: 2,040
Hello,

Thanks for the update about the command-line program. It sounds like the remaining issue revolves around SCP implementation and the following client side error message:
i The reply received from the server was not recognized.
We will post a follow up message to this forum thread when we have an update regarding SCP and Cisco devices.
__________________
Mike
VanDyke Software
Technical Support
[http://www.vandyke.com/support]
Reply With Quote
  #10  
Old 03-22-2012, 01:30 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,159
A recent e-mail contact brought to our attention that some of the information in this thread could be misconstrued. We would like to clarify.

There are different variations of SCP. Since there is no standard for SCP, support of SCP can mean different things.

In the case of SecureFX, the SCP implementation that was added in version 6.5 is one that involves multiple remote executes that help vet remote paths and files (to be sure they exist) and allows browsing of the remote file structure.

This is in contrast to the simplistic approach of issuing a single remote exec for accomplishing a file upload or download. For example, the Unix 'scp' command-line utility uses this simplistic approach. There's no browsing capability; only the ability to perform a simple upload or download.

Cisco devices do not support more than one remote execute per connection. Clients that are successful connecting to Cisco devices use the above simplistic approach.

Any SCP client that uses a complex approach similar to SecureFX (ie: WinSCP) will also be unable to work with the simplistic approach implemented by Cisco devices.

I have added this thread to a feature request in our product enhancement database for support of Cisco's implementation of SCP. Should a future release of SecureFX include Cisco SCP support, notification will be posted here.

If you prefer direct e-mail notification, contact support@vandyke.com and include "Feature Request (Cisco SCP) - Forum Thread #3345" in the subject line.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #11  
Old 07-26-2013, 03:52 PM
Maureen's Avatar
Maureen Maureen is offline
VanDyke Product Director
 
Join Date: Feb 2004
Location: Albuquerque, NM
Posts: 1,563
Support for SCP to Cisco devices has been added to a pre-beta version of SecureFX. If you would be interested in trying it, please email me at Maureen.Jett@vandyke.com.

Maureen
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 02:49 PM.