There is a plenty of free space so storage depletion is not the root cause. It might be the filesystem corruption, though...
I suggest you the following plan of action:
1. Backup saved-configuration of the switch somewhere outside embedded flash memory - chances are it will get lost during the troubleshooting.
2. Try to fix eventual file system errors by running '
fixdisk flash:' command
3. Reboot the switch
4. Try to create RSA key.
5. If Step 4 fails, reboot the switch, enter Extended Bootrom and use option '
Ctrl+F: Format file system'. After formatting the filesystem, upload the .IPE file and reinstall the software.
6. After software installation boot to Comware and check if you can generate new RSA public-key. If it works, restore the configuraiton and you are good to go.
7. Otherwise, open a case with TAC, tell them what is the issue and what troubleshooting has been already done.
------------------------------
Ivan Bondar
------------------------------
Original Message:
Sent: Dec 13, 2021 11:47 AM
From: Nicolas Leseignoux
Subject: HPE 5130 48G POE+ 4SFP+ - cannot ssh login with new firmware 3507
Thank you for your help, yes storage could be the problem, here is the output:
<HPE>dir /all /all-filesystemsDirectory of flash:0 -rw- 76831744 Jan 01 2013 00:57:51 5130EI-CMW710-R3507P02.ipe1 -rw- 9505792 Jan 01 2013 00:46:24 5130ei-cmw710-boot-r3115p08.bin2 -rw- 5580800 Aug 08 2008 20:00:00 5130ei-cmw710-boot-r3506p11.bin3 -rw- 5579776 Jan 01 2013 00:05:29 5130ei-cmw710-boot-r3507.bin4 -rw- 5579776 Jan 01 2013 00:58:04 5130ei-cmw710-boot-r3507p02.bin5 -rw- 61483008 Jan 01 2013 00:46:17 5130ei-cmw710-system-r3115p08.bin6 -rw- 70495232 Aug 08 2008 20:00:00 5130ei-cmw710-system-r3506p11.bin7 -rw- 70644736 Jan 01 2013 00:06:18 5130ei-cmw710-system-r3507.bin8 -rw- 71244800 Jan 01 2013 00:58:57 5130ei-cmw710-system-r3507p02.bin9 drw- - Jan 01 2013 00:00:40 diagfile10 -rw- 735 Jan 01 2013 00:50:46 hostkey11 -rw- 559 Jan 01 2013 00:11:59 lauth.dat12 drw- - Jan 01 2013 00:00:37 license13 drw- - Jan 01 2013 00:06:30 logfile14 drw- - Jan 01 2013 00:39:01 pkey15 drw- - Jan 01 2013 00:01:02 pki16 drw- - Jan 01 2013 00:00:40 seclog17 -rw- 591 Jan 01 2013 00:50:46 serverkey18 drw- - Jan 01 2013 01:01:42 versionInfo19 drwh - Jan 01 2013 00:33:35 .trash524288 KB total (154328 KB free)<HPE>
I tried with another 5130 and cloud create the public-key rsa pair without any problems...
Original Message:
Sent: Dec 13, 2021 11:13 AM
From: Ivan ivan.bondar@hpe.com
Subject: HPE 5130 48G POE+ 4SFP+ - cannot ssh login with new firmware 3507
Yes, absence of RSA keys causes SSH sessions to fail, but what causes this inability to generate new keys... Maybe there is an issue with storage... Could you post here output from 'dir /all /all-filesystems' ?
------------------------------
Ivan Bondar
Original Message:
Sent: Dec 13, 2021 11:04 AM
From: Nicolas Leseignoux
Subject: HPE 5130 48G POE+ 4SFP+ - cannot ssh login with new firmware 3507
Here is the output of display public-key local rsa public:
[HPE]display public-key local rsa public[HPE]
And when I try to regenerate a new rsa key pair, it fails:
[HPE]public-key local create rsaThe local key pair already exists.Confirm to replace it? [Y/N]:YThe range of public key modulus is (512 ~ 4096).If the key modulus is greater than 512, it will take a few minutes.Press CTRL+C to abort.Input the modulus length [default = 1024]:Generating Keys.....Failed to create a local key pair.[HPE]
And when I try to destroy and regenerate a key, it also fails:
[HPE]public-key local destroy rsaConfirm to destroy the key pair? [Y/N]:Y[HPE]public-key local create rsaThe local key pair already exists.Confirm to replace it? [Y/N]:YThe range of public key modulus is (512 ~ 4096).If the key modulus is greater than 512, it will take a few minutes.Press CTRL+C to abort.Input the modulus length [default = 1024]:Generating Keys.....Failed to create a local key pair.
Original Message:
Sent: Dec 13, 2021 10:35 AM
From: Ivan ivan.bondar@hpe.com
Subject: HPE 5130 48G POE+ 4SFP+ - cannot ssh login with new firmware 3507
Hello!
Could you post 'display public-key local rsa public' output from the switch?
------------------------------
Ivan Bondar
Original Message:
Sent: Dec 09, 2021 08:51 AM
From: Nicolas Leseignoux
Subject: HPE 5130 48G POE+ 4SFP+ - cannot ssh login with new firmware 3507
Dear community,
I have a problem with the new firmware for our 5130 switchs. When activating the SSH server function on a new switch, I cannot do an ssh connection to this switch.
My linux client report this error (same with putty):
Unable to negotiate with 172.29.49.12 port 22: no matching host key type found. Their offer:
And the switchs says:
%Dec 9 13:45:17:265 2021 HPE SSHS/6/SSHS_ALGORITHM_MISMATCH: SSH client X.X.X.X failed to log in because of public key mismatch.%Dec 9 13:45:17:266 2021 HPE SSHS/6/SSHS_DISCONNECT: SSH user (null) (IP: X.X.X.X) disconnected from the server.
As you can see it seems that the switch does not offer any type of algorithms.
Here is my configuration which was working on 3115P08:
public-key local create rsassh server enablelocal-user deploy class manage password simple password service-type ssh authorization-attribute user-role network-adminline vty 0 63 authentication-mode scheme protocol inbound ssh
Do I miss something obvious ?
Thanks for your help.
Regards,