For more details, please see ourCookie Policy.


Fibre Channel (SAN)

Reply
Highlighted
Visitor
Posts: 1
Registered: ‎11-22-2018
Accepted Solution

Supportsave fails while conigupload succeeds

Hello,

 

did anyone experience failure of supportsave scp to server within the same LAN, while configupload succeeded to the same place?
UID, pw same. subdirectory empty and 777. On the other hand, supportsave succeeds to laptop (within the same LAN). SSH settings are similar.

 

Error dump:
2018/11/22-10:38:17, [SS-1001], 2516, CHASSIS, WARNING, IBM_2498_B40, supportSave's upload operation to host IP address (...) aborted.
Server ssh dump:
ov 22 13:39:00 (...) sshd[7741]: Connection closed by (...IP...) port 33342 [preauth]


What is the difference between configupload and supportsave that may cause the supportsave fail?

Regular Contributor
Posts: 208
Registered: ‎04-04-2018

Re: Supportsave fails while conigupload succeeds

[ Edited ]

Hello, 

 

i'v detected that supportsave and firmware download doesn't work via scp without changed auth keys.

 

 

You've to change ssh keys between switch and server.

 

#Check if the switch user has proper privilige to generate keys.

 

switch:admin>sshutil showuser
admin 

#If not you have to add it via command 

sshutil allowuser user name 

#generate key on switch side

switch:alloweduser> sshutil genkey
Enter passphrase (empty for no passphrase):<leave empty>
Enter same passphrase again:<leave empty>
Key pair generated successfully.


#export key to server

switch:admin> sshutil exportpubkey
Enter IP address:192.168.1.1 <<< IP of destiantion server 
Enter remote directory:~user/.ssh
Enter login name:
userPassword:
public key out_going.pub is exported successfully.

 

#convert key in Linux, you have to create authorized_keys  file in your Linux user folder user/.ssh/authorized_keys

cd user
touch ~/.ssh/authorized_keys
cat ~/.ssh/out_going.pub >> authorized_keys

 

Please mark this response as "Accept as Solution" if it answers your question.

Marian Bezeg
Occasional Contributor
Posts: 7
Registered: ‎10-18-2018

Re: Supportsave fails while conigupload succeeds

[ Edited ]

 Hello,

Thanks for answering. That's not exactly the case here, because I can "send" supportsave to an other server without any problem.

device->myworkstation
    configupload: ok

    supportsave: ok

 

device->server2

    configupload: ok

    supportsave: FAIL

 

myworkstation->server2
    scp all the files: Success

We cannot find any difference in sshd configs and the authentication is also identical, so we assume that the device handle configupload and supportsave differently.

Do you have any other idea that we can try?


Regular Contributor
Posts: 208
Registered: ‎04-04-2018

Re: Supportsave fails while conigupload succeeds

[ Edited ]

Hello,

 

sorry, to be honest i did not read your question in details.

What is the message of supportsave command ? Only supportsave failed?

 

I am still thinking that its auth. problem. 

From my experience SCP doesnt work properly without change of pub keys. It may be due the fact that with configupload you are only upload one file so only one auth. is needed. During supportsave you have to perform auth. with each file (if you dont change keys), which switch dont want to handle.

 

I had something simmilar last time but its so strange that its working on your laptop.

 

Do you have SCP server on your laptop or you have any Linux distro installed?

 

To be honest try to change keys it will take you 5 minutes.

Please mark this response as "Accept as Solution" if it answers your question.

Marian Bezeg
Occasional Contributor
Posts: 7
Registered: ‎10-18-2018

Re: Supportsave fails while conigupload succeeds

[ Edited ]

Hello!

First I'm gonna answer your questions.

What is the message of supportsave command ? Only supportsave failed?

Remote Host:Could not connect to remote host.
SupportSave failed.

Do you have SCP server on your laptop or you have any Linux distro installed?

No, only OS default sshd (RHEL 7.5)
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017

The server have the exact same version

So I tried to follow your guidenance to make pubkey and use that. My progression so far:
1) Check and allow my user to use sshutil

hubudsw03:admin> sshutil showuser
admin

hubudsw03:admin> sshutil allowuser ikokics
Allowed user has been successfully changed to: ikokics.

hubudsw03:admin> sshutil showuser
ikokics

2) Generate SSH rsa key

hubudsw03:ikokics> sshutil genkey -rsa
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Key pair generated successfully.
hubudsw03:ikokics> sshutil exportpubkey
Enter IP address:9.149.26.79
Enter remote directory:/home/huzz01vb/.ssh
Enter login name:huzz01vb
Password: 
public key out_going_IBM_2498_B40.pub is exported successfully.

3) Try configupload without password (Works without pw)

hubudsw03:ikokics> configupload 
Protocol (scp, ftp, sftp, local) [ftp]: scp
Do you want to continue with CRA (Y/N) [N]:
Server Name or IP Address [host]: 9.149.26.79
User Name [user]: huzz01vb
Path/Filename [<home dir>/config.txt]:
Section (all|chassis|switch [all]):

configUpload complete: All selected config parameters are uploaded

4) Try supportsave as well, without giving my pw (Doesn't work)

hubudsw03:ikokics> supportsave 
This command collects RASLOG, TRACE, supportShow, core file, FFDC data
and then transfer them to a FTP/SCP/SFTP server or a USB device.
This operation can take several minutes.
NOTE: supportSave will transfer existing trace dump file first, then
automatically generate and transfer latest one. There will be two trace dump
files transferred after this command.
OK to proceed? (yes, y, no, n): [no] y

Host IP or Host Name: 9.149.26.79
User Name: huzz01vb
Password: 
Protocol (ftp | scp | sftp): scp
Remote Directory: /home/huzz01vb/conf/

Do you want to continue with CRA (Y/N) [N]: 
Please specify either none or both of user name and password. If none of user name and password are specified, then anonymous ftp will be used
Usage:	supportSave [-n] [-c] [-k] [-a] [-u user_name
		-p password -h host_name -d remote_dir -l protocol]
	supportSave [-R]
	supportSave [-U -d remote_dir]
	supportSave [-t[2-5]]
SupportSave failed.

5) Try supportsave, with my pw (Doesn't work either)

hubudsw03:ikokics> supportsave 
This command collects RASLOG, TRACE, supportShow, core file, FFDC data
and then transfer them to a FTP/SCP/SFTP server or a USB device.
This operation can take several minutes.
NOTE: supportSave will transfer existing trace dump file first, then
automatically generate and transfer latest one. There will be two trace dump
files transferred after this command.
OK to proceed? (yes, y, no, n): [no] y

Host IP or Host Name: 9.149.26.79
User Name: huzz01vb
Password: 
Protocol (ftp | scp | sftp): scp
Remote Directory: /home/huzz01vb/conf/

Do you want to continue with CRA (Y/N) [N]: 
Saving support information for switch:hubudsw03, module:RAS...
..................................................................................... 
Remote Host:Could not connect to remote host.
SupportSave failed.


What am I doing wrong? (My username is different on the switch and on the server. That shouldn't be a problem right?)
How should I trigger supportsave to use pubkey instead of password?

Thank you for helping

István Kokics

Occasional Contributor
Posts: 7
Registered: ‎10-18-2018

Re: Supportsave fails while conigupload succeeds

Hello!

First I'm gonna answer your questions.

What is the message of supportsave command ? Only supportsave failed?

Remote Host:Could not connect to remote host.
SupportSave failed.

Do you have SCP server on your laptop or you have any Linux distro installed?

No, only OS default sshd (RHEL 7.5)
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017

(The server have the exact same version)

 

So I tried to follow your guidenance to make pubkey and use that. My progression so far:
1) Check and allow my user to use sshutil

hubudsw03:admin> sshutil showuser
admin

hubudsw03:admin> sshutil allowuser ikokics
Allowed user has been successfully changed to: ikokics.

hubudsw03:admin> sshutil showuser
ikokics

2) Generate SSH rsa key

hubudsw03:ikokics> sshutil genkey -rsa
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Key pair generated successfully.
hubudsw03:ikokics> sshutil exportpubkey
Enter IP address:9.149.26.79
Enter remote directory:/home/huzz01vb/.ssh
Enter login name:huzz01vb
Password: 
public key out_going_IBM_2498_B40.pub is exported successfully.

3) Try configupload without password (Works without pw)

hubudsw03:ikokics> configupload 
Protocol (scp, ftp, sftp, local) [ftp]: scp
Do you want to continue with CRA (Y/N) [N]: 
Server Name or IP Address [host]: 9.149.26.79
User Name [user]: huzz01vb
Path/Filename [<home dir>/config.txt]: 
Section (all|chassis|switch [all]): 

configUpload complete: All selected config parameters are uploaded

4) Try supportsave as well, without giving my pw (Doesn't work)

hubudsw03:ikokics> supportsave 
This command collects RASLOG, TRACE, supportShow, core file, FFDC data
and then transfer them to a FTP/SCP/SFTP server or a USB device.
This operation can take several minutes.
NOTE: supportSave will transfer existing trace dump file first, then
automatically generate and transfer latest one. There will be two trace dump
files transferred after this command.
OK to proceed? (yes, y, no, n): [no] y

Host IP or Host Name: 9.149.26.79
User Name: huzz01vb
Password: 
Protocol (ftp | scp | sftp): scp
Remote Directory: /home/huzz01vb/conf/

Do you want to continue with CRA (Y/N) [N]: 
Please specify either none or both of user name and password. If none of user name and password are specified, then anonymous ftp will be used
Usage:	supportSave [-n] [-c] [-k] [-a] [-u user_name
		-p password -h host_name -d remote_dir -l protocol]
	supportSave [-R]
	supportSave [-U -d remote_dir]
	supportSave [-t[2-5]]
SupportSave failed.

5) Try supportsave, with my pw (Doesn't work either)

ubudsw03:ikokics> supportsave 
This command collects RASLOG, TRACE, supportShow, core file, FFDC data
and then transfer them to a FTP/SCP/SFTP server or a USB device.
This operation can take several minutes.
NOTE: supportSave will transfer existing trace dump file first, then
automatically generate and transfer latest one. There will be two trace dump
files transferred after this command.
OK to proceed? (yes, y, no, n): [no] y

Host IP or Host Name: 9.149.26.79
User Name: huzz01vb
Password: 
Protocol (ftp | scp | sftp): scp
Remote Directory: /home/huzz01vb/conf/

Do you want to continue with CRA (Y/N) [N]: 
Saving support information for switch:hubudsw03, module:RAS...
..................................................................................... 
Remote Host:Could not connect to remote host.
SupportSave failed.

What am I doing wrong? (My username is different on the switch and on the server. That shouldn't be a problem right?)
How should I trigger supportsave to use pubkey instead of password?

 

Thank you for helping

 

István Kokics

Regular Contributor
Posts: 208
Registered: ‎04-04-2018

Re: Supportsave fails while conigupload succeeds

Hello,

did you add pub key in your authorized_keys ?
Please mark this response as "Accept as Solution" if it answers your question.

Marian Bezeg
Occasional Contributor
Posts: 7
Registered: ‎10-18-2018

Re: Supportsave fails while conigupload succeeds

Hello,

Yes I did. Thats why configupload works without pw.

István Kokics

Regular Contributor
Posts: 208
Registered: ‎04-04-2018

Re: Supportsave fails while conigupload succeeds

Hello,

 

then it looks like the problem with sshd configuration.

Did you compare whole sshd config from both machines?

 

It looks like that switch has problem with multiple authentificiaton.

 

This i've found four supportsave and SCP:

 

If you plan to use SCP to transfer files, it is impor-
tant to test the supportSave command prior to its use
with various SCP-mode services. Because the supportSave
command makes several access requests to copy files, it
is important that the SCP-mode service be configured so
that passwords are not required for each attempted
transfer by the supportSave command. Failure to config-
ure the service correctly may result in significant
delays in obtaining transferred output from the sup-
portSave command.
Please mark this response as "Accept as Solution" if it answers your question.

Marian Bezeg
Occasional Contributor
Posts: 7
Registered: ‎10-18-2018

Re: Supportsave fails while conigupload succeeds

Hello,

Yes, maybe it's sshd configuration.

But I still don't understand why configupload now works without even asking for pw (it uses pubkey), but if I try supportsave, then:
1) I give my user/pw -> doesn't work
2) I give just my user -> "Please specify either none or both of user name and password."

Why supportsave doesn't use pubkey authentication at all?

István Kokics

Join the Broadcom Community

Get quick and easy access to valuable resources across the Broadcom Community Network.