Brocade Fibre Channel Networking Community

Expand all | Collapse all

Supportsave fails while conigupload succeeds

Jump to Best Answer
  • 1.  Supportsave fails while conigupload succeeds

    Posted 11-22-2018 05:53 AM

    Hello,

     

    did anyone experience failure of supportsave scp to server within the same LAN, while configupload succeeded to the same place?
    UID, pw same. subdirectory empty and 777. On the other hand, supportsave succeeds to laptop (within the same LAN). SSH settings are similar.

     

    Error dump:
    2018/11/22-10:38:17, [SS-1001], 2516, CHASSIS, WARNING, IBM_2498_B40, supportSave's upload operation to host IP address (...) aborted.
    Server ssh dump:
    ov 22 13:39:00 (...) sshd[7741]: Connection closed by (...IP...) port 33342 [preauth]


    What is the difference between configupload and supportsave that may cause the supportsave fail?


    #BrocadeFibreChannelNetworkingCommunity


  • 2.  Re: Supportsave fails while conigupload succeeds

    Posted 11-22-2018 11:39 PM

    Hello, 

     

    i'v detected that supportsave and firmware download doesn't work via scp without changed auth keys.

     

     

    You've to change ssh keys between switch and server.

     

    #Check if the switch user has proper privilige to generate keys.

     

    switch:admin>sshutil showuser
    admin 

    #If not you have to add it via command 

    sshutil allowuser user name 

    #generate key on switch side

    switch:alloweduser> sshutil genkey
    Enter passphrase (empty for no passphrase):


    #export key to server

    switch:admin> sshutil exportpubkey
    Enter IP address:192.168.1.1 <<< IP of destiantion server 
    Enter remote directory:~user/.ssh
    Enter login name:
    userPassword:
    public key out_going.pub is exported successfully.

     

    #convert key in Linux, you have to create authorized_keys  file in your Linux user folder user/.ssh/authorized_keys

    cd user
    touch ~/.ssh/authorized_keys
    cat ~/.ssh/out_going.pub >> authorized_keys

     


    #BrocadeFibreChannelNetworkingCommunity


  • 3.  Re: Supportsave fails while conigupload succeeds

    Posted 11-23-2018 01:36 AM

     Hello,

    Thanks for answering. That's not exactly the case here, because I can "send" supportsave to an other server without any problem.

    device->myworkstation
        configupload: ok

        supportsave: ok

     

    device->server2

        configupload: ok

        supportsave: FAIL

     

    myworkstation->server2
        scp all the files: Success

    We cannot find any difference in sshd configs and the authentication is also identical, so we assume that the device handle configupload and supportsave differently.

    Do you have any other idea that we can try?



    #BrocadeFibreChannelNetworkingCommunity


  • 4.  Re: Supportsave fails while conigupload succeeds

    Posted 11-23-2018 01:59 AM

    Hello,

     

    sorry, to be honest i did not read your question in details.

    What is the message of supportsave command ? Only supportsave failed?

     

    I am still thinking that its auth. problem. 

    From my experience SCP doesnt work properly without change of pub keys. It may be due the fact that with configupload you are only upload one file so only one auth. is needed. During supportsave you have to perform auth. with each file (if you dont change keys), which switch dont want to handle.

     

    I had something simmilar last time but its so strange that its working on your laptop.

     

    Do you have SCP server on your laptop or you have any Linux distro installed?

     

    To be honest try to change keys it will take you 5 minutes.


    #BrocadeFibreChannelNetworkingCommunity


  • 5.  Re: Supportsave fails while conigupload succeeds

    Posted 11-26-2018 02:28 AM

    Hello!

    First I'm gonna answer your questions.

    What is the message of supportsave command ? Only supportsave failed?

    Remote Host:Could not connect to remote host.
    SupportSave failed.

    Do you have SCP server on your laptop or you have any Linux distro installed?

    No, only OS default sshd (RHEL 7.5)
    OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
    
    The server have the exact same version

    So I tried to follow your guidenance to make pubkey and use that. My progression so far:
    1) Check and allow my user to use sshutil

    hubudsw03:admin> sshutil showuser
    admin
    
    hubudsw03:admin> sshutil allowuser ikokics
    Allowed user has been successfully changed to: ikokics.
    
    hubudsw03:admin> sshutil showuser
    ikokics

    2) Generate SSH rsa key

    hubudsw03:ikokics> sshutil genkey -rsa
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Key pair generated successfully.
    hubudsw03:ikokics> sshutil exportpubkey
    Enter IP address:9.149.26.79
    Enter remote directory:/home/huzz01vb/.ssh
    Enter login name:huzz01vb
    Password: 
    public key out_going_IBM_2498_B40.pub is exported successfully.

    3) Try configupload without password (Works without pw)

    hubudsw03:ikokics> configupload
    Protocol (scp, ftp, sftp, local) [ftp]: scp
    Do you want to continue with CRA (Y/N) [N]:
    Server Name or IP Address [host]: 9.149.26.79
    User Name [user]: huzz01vb
    Path/Filename [

    4) Try supportsave as well, without giving my pw (Doesn't work)

    hubudsw03:ikokics> supportsave 
    This command collects RASLOG, TRACE, supportShow, core file, FFDC data
    and then transfer them to a FTP/SCP/SFTP server or a USB device.
    This operation can take several minutes.
    NOTE: supportSave will transfer existing trace dump file first, then
    automatically generate and transfer latest one. There will be two trace dump
    files transferred after this command.
    OK to proceed? (yes, y, no, n): [no] y
    
    Host IP or Host Name: 9.149.26.79
    User Name: huzz01vb
    Password: 
    Protocol (ftp | scp | sftp): scp
    Remote Directory: /home/huzz01vb/conf/
    
    Do you want to continue with CRA (Y/N) [N]: 
    Please specify either none or both of user name and password. If none of user name and password are specified, then anonymous ftp will be used
    Usage:	supportSave [-n] [-c] [-k] [-a] [-u user_name
    		-p password -h host_name -d remote_dir -l protocol]
    	supportSave [-R]
    	supportSave [-U -d remote_dir]
    	supportSave [-t[2-5]]
    SupportSave failed.

    5) Try supportsave, with my pw (Doesn't work either)

    hubudsw03:ikokics> supportsave 
    This command collects RASLOG, TRACE, supportShow, core file, FFDC data
    and then transfer them to a FTP/SCP/SFTP server or a USB device.
    This operation can take several minutes.
    NOTE: supportSave will transfer existing trace dump file first, then
    automatically generate and transfer latest one. There will be two trace dump
    files transferred after this command.
    OK to proceed? (yes, y, no, n): [no] y
    
    Host IP or Host Name: 9.149.26.79
    User Name: huzz01vb
    Password: 
    Protocol (ftp | scp | sftp): scp
    Remote Directory: /home/huzz01vb/conf/
    
    Do you want to continue with CRA (Y/N) [N]: 
    Saving support information for switch:hubudsw03, module:RAS...
    ..................................................................................... 
    Remote Host:Could not connect to remote host.
    SupportSave failed.


    What am I doing wrong? (My username is different on the switch and on the server. That shouldn't be a problem right?)
    How should I trigger supportsave to use pubkey instead of password?

    Thank you for helping

    István Kokics


    #BrocadeFibreChannelNetworkingCommunity


  • 6.  Re: Supportsave fails while conigupload succeeds

    Posted 11-26-2018 03:21 AM

    Hello!

    First I'm gonna answer your questions.

    What is the message of supportsave command ? Only supportsave failed?

    Remote Host:Could not connect to remote host.
    SupportSave failed.

    Do you have SCP server on your laptop or you have any Linux distro installed?

    No, only OS default sshd (RHEL 7.5)
    OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
    
    (The server have the exact same version)

     

    So I tried to follow your guidenance to make pubkey and use that. My progression so far:
    1) Check and allow my user to use sshutil

    hubudsw03:admin> sshutil showuser
    admin
    
    hubudsw03:admin> sshutil allowuser ikokics
    Allowed user has been successfully changed to: ikokics.
    
    hubudsw03:admin> sshutil showuser
    ikokics

    2) Generate SSH rsa key

    hubudsw03:ikokics> sshutil genkey -rsa
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Key pair generated successfully.
    hubudsw03:ikokics> sshutil exportpubkey
    Enter IP address:9.149.26.79
    Enter remote directory:/home/huzz01vb/.ssh
    Enter login name:huzz01vb
    Password: 
    public key out_going_IBM_2498_B40.pub is exported successfully.

    3) Try configupload without password (Works without pw)

    hubudsw03:ikokics> configupload 
    Protocol (scp, ftp, sftp, local) [ftp]: scp
    Do you want to continue with CRA (Y/N) [N]: 
    Server Name or IP Address [host]: 9.149.26.79
    User Name [user]: huzz01vb
    Path/Filename [

    4) Try supportsave as well, without giving my pw (Doesn't work)

    hubudsw03:ikokics> supportsave 
    This command collects RASLOG, TRACE, supportShow, core file, FFDC data
    and then transfer them to a FTP/SCP/SFTP server or a USB device.
    This operation can take several minutes.
    NOTE: supportSave will transfer existing trace dump file first, then
    automatically generate and transfer latest one. There will be two trace dump
    files transferred after this command.
    OK to proceed? (yes, y, no, n): [no] y
    
    Host IP or Host Name: 9.149.26.79
    User Name: huzz01vb
    Password: 
    Protocol (ftp | scp | sftp): scp
    Remote Directory: /home/huzz01vb/conf/
    
    Do you want to continue with CRA (Y/N) [N]: 
    Please specify either none or both of user name and password. If none of user name and password are specified, then anonymous ftp will be used
    Usage:	supportSave [-n] [-c] [-k] [-a] [-u user_name
    		-p password -h host_name -d remote_dir -l protocol]
    	supportSave [-R]
    	supportSave [-U -d remote_dir]
    	supportSave [-t[2-5]]
    SupportSave failed.

    5) Try supportsave, with my pw (Doesn't work either)

    ubudsw03:ikokics> supportsave 
    This command collects RASLOG, TRACE, supportShow, core file, FFDC data
    and then transfer them to a FTP/SCP/SFTP server or a USB device.
    This operation can take several minutes.
    NOTE: supportSave will transfer existing trace dump file first, then
    automatically generate and transfer latest one. There will be two trace dump
    files transferred after this command.
    OK to proceed? (yes, y, no, n): [no] y
    
    Host IP or Host Name: 9.149.26.79
    User Name: huzz01vb
    Password: 
    Protocol (ftp | scp | sftp): scp
    Remote Directory: /home/huzz01vb/conf/
    
    Do you want to continue with CRA (Y/N) [N]: 
    Saving support information for switch:hubudsw03, module:RAS...
    ..................................................................................... 
    Remote Host:Could not connect to remote host.
    SupportSave failed.

    What am I doing wrong? (My username is different on the switch and on the server. That shouldn't be a problem right?)
    How should I trigger supportsave to use pubkey instead of password?

     

    Thank you for helping

     

    István Kokics


    #BrocadeFibreChannelNetworkingCommunity


  • 7.  Re: Supportsave fails while conigupload succeeds

    Posted 11-26-2018 04:23 AM
    Hello,

    did you add pub key in your authorized_keys ?
    #BrocadeFibreChannelNetworkingCommunity


  • 8.  Re: Supportsave fails while conigupload succeeds

    Posted 11-26-2018 04:31 AM

    Hello,

    Yes I did. Thats why configupload works without pw.

    István Kokics


    #BrocadeFibreChannelNetworkingCommunity


  • 9.  Re: Supportsave fails while conigupload succeeds

    Posted 11-26-2018 04:42 AM

    Hello,

     

    then it looks like the problem with sshd configuration.

    Did you compare whole sshd config from both machines?

     

    It looks like that switch has problem with multiple authentificiaton.

     

    This i've found four supportsave and SCP:

     

    If you plan to use SCP to transfer files, it is impor-
    tant to test the supportSave command prior to its use
    with various SCP-mode services. Because the supportSave
    command makes several access requests to copy files, it
    is important that the SCP-mode service be configured so
    that passwords are not required for each attempted
    transfer by the supportSave command. Failure to config-
    ure the service correctly may result in significant
    delays in obtaining transferred output from the sup-
    portSave command.

    #BrocadeFibreChannelNetworkingCommunity


  • 10.  Re: Supportsave fails while conigupload succeeds

    Posted 11-26-2018 04:49 AM

    Hello,

    Yes, maybe it's sshd configuration.

    But I still don't understand why configupload now works without even asking for pw (it uses pubkey), but if I try supportsave, then:
    1) I give my user/pw -> doesn't work
    2) I give just my user -> "Please specify either none or both of user name and password."

    Why supportsave doesn't use pubkey authentication at all?

    István Kokics


    #BrocadeFibreChannelNetworkingCommunity


  • 11.  Re: Supportsave fails while conigupload succeeds
    Best Answer

    Posted 11-26-2018 05:08 AM

    Hello,

     

    It looks like that first time switch will auth. with password and then will use pub key.


    i've tried same as you without option bellow i got



    Do you want to continue with CRA (Y/N) N
    
    Remote Host:Could not connect to remote host.
    SupportSave failed.

    You have to put CRA to Y.

     

    Do you want to continue with CRA (Y/N) [N]: y
    Saving support information for switch:switchname, module:RAS...
    ..........................................................................

     


    #BrocadeFibreChannelNetworkingCommunity


  • 12.  Re: Supportsave fails while conigupload succeeds

    Posted 11-26-2018 06:42 AM

    Hello,

     

    If I use CRA, then yes it does work, but it always authenticate with password. If I allow only publickey authentication (and disable password auth) on the server, then configupload works, but supportsave doesn't work at all.

    Is it possible that supportsave is only working with password authentication?

     

    Thanks

    István Kokics


    #BrocadeFibreChannelNetworkingCommunity


  • 13.  Re: Supportsave fails while conigupload succeeds

    Posted 11-26-2018 11:53 PM
    Hello,

    as i said i think that first switch will authenticate with password and then it will use public key..but this is only mi opinion. This is really not well documented...
    #BrocadeFibreChannelNetworkingCommunity


  • 14.  Re: Supportsave fails while conigupload succeeds

    Posted 11-27-2018 02:32 AM

    Hello,

     

    I tested both supportsave and configupload a lot, and came to the conclusion that supportsave isn't supporting publickey at all.
    (Fabric OS: v7.4.2c)

    I mark your answer as accepted where you mentioned CRA.

    Thank you for all the effort.

    István Kokics


    #BrocadeFibreChannelNetworkingCommunity