Community Home > Discuss > Technology > Network Management > Re: AirWave 8.2.9.0 Won't take Flashbackups of MD'...

Network Management

Reply
mholden
Contributor II
mholden

AirWave 8.2.9.0 Won't take Flashbackups of MD's

‎06-26-2019 04:40 PM

It appears that AirWave 8.2.9.0 enables stronger SSH ciphers. 

Specifically: 

Ciphers aes128-ctr,aes192-ctr,aes256-ctr

MACs hmac-sha1,hmac-sha2-256,hmac-sha2-512

KexAlgorithms diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384

 

AOS 8.2.1.1 (Aruba Activate's default image as of June 2019) does not support any of these ciphers.

 

The config will backup with proper SNMP configuration, but the flashbackup which uses SCP will fail.

 

Aruba TAC does not have an answer yet as to what the highest level of SSH cipher 8.2.1.1 will support to be able to add to AirWave /etc/ssh/sshd_config just yet.

 

So if you're flashbackups, and SCP firmware upgrades are failing after upgrading to 8.2.9.0 you'll likely need to downgrade the SSH cipher suites in use. 

 

For those using FTP to upgrade we are also running into issues with the ncftpget  process on the controllers and receiving a 

"could not accept data socket." error, switching over to SCP resolved the issue. 

 

Alert a Moderator
Message 1 of 5
873 Views
Reply
0 Kudos
MVP Guru
MVP Guru
Herman Robers

Re: AirWave 8.2.9.0 Won't take Flashbackups of MD's

‎06-27-2019 02:21 AM

Please open an Aruba TAC case. If what you describe is true, it should be fixed in the near future and TAC may be able to provide a workaround for now.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Alert a Moderator
Message 2 of 5
834 Views
Reply
0 Kudos
mholden
Contributor II
mholden

Re: AirWave 8.2.9.0 Won't take Flashbackups of MD's

‎06-27-2019 06:32 AM

Already have a TAC Case open, awaiting a response from them on the SSH Ciphers that 8.2.1.1 supports..

Alert a Moderator
Message 3 of 5
820 Views
Reply
0 Kudos
mholden
Contributor II
mholden

Re: AirWave 8.2.9.0 Won't take Flashbackups of MD's

‎06-27-2019 07:41 AM

Looks like the offending ciphers is aes128-cbc, aes256-cbc.

CBC was removed from AirWave 8.2.9.0, and the config / initial setup from Aruba Activate deploys 8.2.1.1 that does not appear to be using/supporting aes128-ctr or aes256-ctr.

Alert a Moderator
Message 4 of 5
812 Views
Reply
0 Kudos
Highlighted
mholden
Contributor II
mholden

Re: AirWave 8.2.9.0 Won't take Flashbackups of MD's

‎07-04-2019 06:56 AM

Resolution is to add aes128-ctr and/or aes256-ctr Ciphers back to /etc/ssh/sshd_config

Last update from TAC was that they may add these back I'm the next patch release.
Alert a Moderator
Message 5 of 5
695 Views
Reply
0 Kudos
Search Airheads
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

© Copyright 2019 Hewlett Packard Enterprise Development LP
All Rights Reserved.
Powered by Lithium