Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

SSH to Controllers, problem with encryption?

This thread has been viewed 1 times

  • 1.  SSH to Controllers, problem with encryption?

    Posted Oct 02, 2012 08:10 AM

    I can use freely available code to connect to SSH appliances, like NetApp.

    But I am struggling to get a connection to the Aruba controllers.

    [I'm using C# and the Tamir SharpSSH library]

     

    Here is an excerpt from Putty, detailing the differences.

    (Has anyone else overcome this problem? Or can offer some advice?)


    I wonder of the Library can't handle SHA 256, or AES 256.

    Can those be adjusted on the Aruba controller?

     

    Any help appreciated though, thanks.

     

    NetApp, works

    2012-09-27 18:07:23 Looking up host "nas0001"
    2012-09-27 18:07:23 Connecting to 172.16.0.200 port 22
    2012-09-27 18:07:23 Server version: SSH-2.0-OpenSSH_3.4p1
    2012-09-27 18:07:23 We claim version: SSH-2.0-PuTTY_Release_0.60
    2012-09-27 18:07:23 Using SSH protocol version 2
    2012-09-27 18:07:24 Using Diffie-Hellman with standard group "group1"
    2012-09-27 18:07:24 Doing Diffie-Hellman key exchange with hash SHA-1
    2012-09-27 18:07:24 Host key fingerprint is:
    2012-09-27 18:07:24 ssh-rsa 768 <removed>
    2012-09-27 18:07:24 Initialised triple-DES CBC client->server encryption
    2012-09-27 18:07:24 Initialised HMAC-SHA1 client->server MAC algorithm

     

    Aruba, fails

    2012-09-27 18:08:19 Looking up host "aru0001"
    2012-09-27 18:08:19 Connecting to 172.16.12.1 port 22
    2012-09-27 18:08:19 Server version: SSH-2.0-OpenSSH_4.6
    2012-09-27 18:08:19 We claim version: SSH-2.0-PuTTY_Release_0.60
    2012-09-27 18:08:19 Using SSH protocol version 2
    2012-09-27 18:08:19 Doing Diffie-Hellman group exchange
    2012-09-27 18:08:19 Doing Diffie-Hellman key exchange with hash SHA-256
    2012-09-27 18:08:19 Host key fingerprint is:
    2012-09-27 18:08:19 ssh-rsa 2048 <removed>
    2012-09-27 18:08:19 Initialised AES-256 SDCTR client->server encryption
    2012-09-27 18:08:19 Initialised HMAC-SHA1 client->server MAC algorithm



  • 2.  RE: SSH to Controllers, problem with encryption?

    Posted Oct 02, 2012 10:18 AM

    hi tammi,

     

    are trying to connect to Aruba Controller using Putty SSH ?

     

    and it failed ?

     

    what appear on screen once you enter MC IP and start using SSH ?

     

    did you tried to use Telnet or SSHv1 (did it work or not)?

     

    are you trying to get access from wireless or using wire ?

     

    can you verify the Controller configuration ?



  • 3.  RE: SSH to Controllers, problem with encryption?

    Posted Oct 02, 2012 11:56 AM

    I am connecting programmatically.

     

    I resolved the issues though. Basically, the Tamir OpenSSH library cannot use:  AES-256 SDCTR

    So I switched my code to Renci SSH.Net library, and now I can add RAP configuration to my controllers with a Windows GUI.

     

    This means our site engineers can provision and install RAPs themselves without have an admin account on the wireless controller.

    (And they don't have to wait for a super-admin(tm) just to install an AP!)