- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
06-26-2019 04:40 PM
It appears that AirWave 8.2.9.0 enables stronger SSH ciphers.
Specifically:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,hmac-sha2-256,hmac-sha2-512
KexAlgorithms diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384
AOS 8.2.1.1 (Aruba Activate's default image as of June 2019) does not support any of these ciphers.
The config will backup with proper SNMP configuration, but the flashbackup which uses SCP will fail.
Aruba TAC does not have an answer yet as to what the highest level of SSH cipher 8.2.1.1 will support to be able to add to AirWave /etc/ssh/sshd_config just yet.
So if you're flashbackups, and SCP firmware upgrades are failing after upgrading to 8.2.9.0 you'll likely need to downgrade the SSH cipher suites in use.
For those using FTP to upgrade we are also running into issues with the ncftpget process on the controllers and receiving a
"could not accept data socket." error, switching over to SCP resolved the issue.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: AirWave 8.2.9.0 Won't take Flashbackups of MD's
06-27-2019 02:21 AM
Please open an Aruba TAC case. If what you describe is true, it should be fixed in the near future and TAC may be able to provide a workaround for now.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: AirWave 8.2.9.0 Won't take Flashbackups of MD's
06-27-2019 06:32 AM
Already have a TAC Case open, awaiting a response from them on the SSH Ciphers that 8.2.1.1 supports..
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: AirWave 8.2.9.0 Won't take Flashbackups of MD's
06-27-2019 07:41 AM
Looks like the offending ciphers is aes128-cbc, aes256-cbc.
CBC was removed from AirWave 8.2.9.0, and the config / initial setup from Aruba Activate deploys 8.2.1.1 that does not appear to be using/supporting aes128-ctr or aes256-ctr.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
07-04-2019 06:56 AM
Last update from TAC was that they may add these back I'm the next patch release.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator