4.0 socksProxy or ssh works

Similar Questions

• Local database username and password SSH works not

  I have a weird problem. I recently install an ASA 5510 and SSH work. To make it easier on my VPN users I decided that I wanted to implement a policy Windows 2008 network for the RADIUS authentication server. Since I added the part of RAY to the aaa authentication, when I use SSH to connect to the ASA, should not be the local user name and the password I installed. However, I can get by using a domain user name and password. This is the SSH and AAA configuration. Am I missing something here? The user name and password in the ASA is not on the domain and it is as if the ASA does not even LOCAL when attempting to authenticate. I want to use the local user name and password if possible. I'm kind new to ASA...

  On another note, I have never been able to SSH in on internal interface. I always get an error message "the remote system refused the connection. I can only use the external interface.

  Site - ASA # sh run | in ssh

  authentication AAA ssh console LOCAL SERVER_RADIUS

  SSH 0.0.0.0 0.0.0.0 outdoors

  SSH 0.0.0.0 0.0.0.0 inside

  SSH timeout 60

  SSH version 2

  Site - ASA # sh run | in aaa

  RADIUS protocol AAA-server SERVER_RADIUS

  AAA-server SERVER_RADIUS (inside) host 10.0.0.6

  authentication AAA ssh console LOCAL SERVER_RADIUS

  Console HTTP authentication of the AAA SERVER_RADIUS LOCAL

  Site - ASA #.

  If there is no other config that would help I would be more than happy to show them

  Thank you!

  Hello

  Try as

  authentication AAA ssh console LOCAL SERVER_RADIUS

  because if the RADIUS is available the device does not check local users.

• the root account not working for vSphere Client 5.5, for SSH works fine

  Hey.

  I got this:

  I can connect to vCenter 5.5 by SSH and the root user and password works fine

  I can connect to vCenter 5.5 by vSphere Client and use domain user and everything works fine

  I cant't connection 5.5 by user of vSphere vCenter Client and use of root and the password. I have information on

  "Cannot complete the connection because username or password incorect.

  IM shure I use the right password for root.

  A suggestion?

  

  Ok. Thank you community vExpert and Lukasz of my team, we found easy reason perhaps, but not at the first glance for me

  We had the installer by default "Source of identity" for Active Directory then when I used only root for connection I got the error with wrong password.

  In this possible case is just to connect to vcenter using root@localos credintials.

  

  But in addition we sam of similar mistakes inside the SSO connects:

  Location of the vCenter Single Sign-On log files for vCenter Server 5.1 and 5.5 (2033430) | VMware KB

  /var/log/VMware/SSO/VMware-STS-idmd.log

  2016 06-21 13:57:31, ERROR 142 [IdentityManager] could not authenticate [root] main tenant [vsphere.local]

  javax.security.auth.login.LoginException: failed connection

  at com.vmware.identity.idm.server.provider.ldap.LdapWithAdMappingsProvider.authenticate(LdapWithAdMappingsProvider.java:327)

  at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:2412)

  at sun.reflect.GeneratedMethodAccessor24.invoke (unknown Source)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke (unknown Source)

  at java.lang.reflect.Method.invoke (unknown Source)

  at sun.rmi.server.UnicastServerRef.dispatch (unknown Source)

  to sun.rmi.transport.Transport$ 1.run (unknown Source)

  to sun.rmi.transport.Transport$ 1.run (unknown Source)

  at java.security.AccessController.doPrivileged (Native Method)

  at sun.rmi.transport.Transport.serviceCall (unknown Source)

  at sun.rmi.transport.tcp.TCPTransport.handleMessages (unknown Source)

  to sun.rmi.transport.tcp.TCPTransport$ ConnectionHandler.run0 (unknown Source)

  to sun.rmi.transport.tcp.TCPTransport$ ConnectionHandler.run (unknown Source)

  at java.util.concurrent.ThreadPoolExecutor.runWorker (unknown Source)

  to java.util.concurrent.ThreadPoolExecutor$ Worker.run (unknown Source)

  at java.lang.Thread.run (unknown Source)

  Caused by: com.vmware.identity.idm.InvalidPrincipalException: could not find the main id: {name: root domain: OurAdDomain.local}

  at com.vmware.identity.idm.server.provider.BaseLdapProvider.findAccountLdapEntry(BaseLdapProvider.java:543)

  at com.vmware.identity.idm.server.provider.ldap.LdapWithAdMappingsProvider.getUserDN(LdapWithAdMappingsProvider.java:1715)

  at com.vmware.identity.idm.server.provider.ldap.LdapWithAdMappingsProvider.authenticate(LdapWithAdMappingsProvider.java:323)

  ... 15 more

  2016-06-21 13:57:31, 144 ERROR [IdentityManager] failed to main checkUserAccountFlags [root] for tenant [vsphere.local]

  "2016-06-21 13:57:31, 144 exception ERROR [ServerUtils] ' com.vmware.identity.idm.IDMLoginException: the connection has failed.

  com.vmware.identity.idm.IDMLoginException: failed connection

  at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:2481)

  at sun.reflect.GeneratedMethodAccessor24.invoke (unknown Source)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke (unknown Source)

  at java.lang.reflect.Method.invoke (unknown Source)

  at sun.rmi.server.UnicastServerRef.dispatch (unknown Source)

  to sun.rmi.transport.Transport$ 1.run (unknown Source)

  to sun.rmi.transport.Transport$ 1.run (unknown Source)

  at java.security.AccessController.doPrivileged (Native Method)

  at sun.rmi.transport.Transport.serviceCall (unknown Source)

  at sun.rmi.transport.tcp.TCPTransport.handleMessages (unknown Source)

  to sun.rmi.transport.tcp.TCPTransport$ ConnectionHandler.run0 (unknown Source)

  to sun.rmi.transport.tcp.TCPTransport$ ConnectionHandler.run (unknown Source)

  at java.util.concurrent.ThreadPoolExecutor.runWorker (unknown Source)

  to java.util.concurrent.ThreadPoolExecutor$ Worker.run (unknown Source)

  at java.lang.Thread.run (unknown Source)

  2016-06-21 13:57:31, 144 INFO [IdentityManager] authentication failed for user [root] the tenant [vsphere.local] in milliseconds [4]

  When I used the credentials with appropriate domain name:

  root@localos we received newspapers below:

  2016-06-21 14:11:58, 971 INFO [LinuxNativeAuthDbAdapter] [root] user authentication

  2016-06-21 14:11:58, 974 INFO [IdentityManager] authentication successful for the user [root@localos] [vsphere.local] tenant in milliseconds [3]

  2016-06-21 14:11:58, 984 INFO [LinuxNativeAuthDbAdapter] to get local groups for the [root] user. Recursive? [Yes]

  When I temporary switch the source of identity - "localos" and use the root account to log logs below, we received and I connected without problem:

  2016-06-21 14:14:37, 545 INFO [LinuxNativeAuthDbAdapter] [root] user authentication

  2016-06-21 14:14:37, 549 INFO [IdentityManager] authentication successful for the user [root] the tenant [vsphere.local] in milliseconds [4]

  2016-06-21 14:14:37, 564 INFO [LinuxNativeAuthDbAdapter] to get local groups for the [root] user. Recursive? [Yes]

  Now, for me, more clearly

  Once again thank you

  Sebastian

• vSphere ESXi ssh works, but not able to ping from the inside

  Hey man,

  I have problem with my ESXi 4.1 straing I just fresh installed on workstation 6.5 and assigned IP address. I am able to ping and ssh on my local network (another PC).

  But when I am trying to ping my local gateway of ESXi bash command line, I get the expiration time. Everything works including shared iSCSI and all but vMotion don't work. Is this firewall problem? I don't think that there inbuild firewall in ESXi.

  I am able to ping the local interface IP, but no gateway, see below.

  ~ # ping 192.168.1.1
  PING 192.168.1.1 (192.168.1.1): 56 data bytes

  -ping 192.168.1.1 - statistics
  3 packets transmitted, 0 packets received, 100% packet loss
  ~ # vmkping 192.168.1.1
  PING 192.168.1.1 (192.168.1.1): 56 data bytes

  -ping 192.168.1.1 - statistics
  3 packets transmitted, 0 packets received, 100% packet loss

  Greate that you are to the top and go.

• SSH still work after the change hostname?

  Hi all

  I was under the impression (from past experiences) that SSH self-signed certificates are made up of the host name and the domain name of the router.

  I worked on a network of customers and I can see that the RSA SSH certificate uses the old hostname of the device + name field but SSH works always inbound and outbound on the VTY lines!

  I thought you were to related keys and recreate it using the encryption key generate rsa command to continue using SSH after a host name changed so that the new certificate contains the new host name?

  Any explanation would be greately appreciated

  Thank you very much

  David

  Hi David.

  Yes after having modified the router setting hostname, SSH domain name will still work with the old certificate.

  What I can suggest is you to recreate through cryptographic key generate rsa command in configuration mode.

  HTH

  Concerning

  Carlo

• SMB works don't upgrade any more after 6.5.0

  After having upgraded my ReadyNas, I can't access any of the SMB shares more.

  I backed up all the data, reinstalling the OS, performed a factory reset and recreated the actions. I also deleted all focus on the NAS Windows ID on my computer, with no result.

  FTP and SSH work fine, I can also join my data through ReadyCloud.

  Hello and thanks JennC, I found the solution: I deleted all entries in netgear in Windows identity management and created a new one with the right credentials. Everything happened instantly thin.

  My actions were all allowed anonymous access, but it was impossible to reach the NAS or french its DNS name or its IP address through. All these operations are now ok.

  Kind regards

  Hans45

• 5324 SSH running but not asking not password and not running through my firewall

  I picked up a Dell Powerconnect 5324 off ebay and wiped the configs, updated the firmware and got it mostly set up for what are my needs but I don't know why good SSH than active and working locally on the same subnet as the ip of the vlan has the following two issues:

  1 SSH works but only ask "open as:" then "user name:" and never will prompt you for the password. It just goes straight to an enable command prompt

  2. I can't work through my firewall DNAT. It's not critical, but I removed the access list that I had just to test and still no go.

  Here is my config:

  interface port-channel 1
  Description Fiber4GE
  FlowControl auto
  output
  interface port-channel 2
  Description Copper2GE
  FlowControl auto
  output
  interface port-channel 1
  switchport mode trunk
  output
  interface port-channel 2
  switchport mode trunk
  output
  serial interface ethernet g(19-20)
  switchport mode trunk
  output
  database of VLAN
  VLAN 96,172,192
  output
  interface ethernet g1
  switchport access vlan 96
  output
  Beach port-channel interface (1 - 2).
  switchport trunk allowed vlan add 96
  output
  Beach port-channel interface (1 - 2).
  switchport trunk allowed vlan add 172
  output
  serial interface ethernet g(2-18)
  switchport access vlan 192
  output
  Beach port-channel interface (1 - 2).
  switchport trunk allowed vlan add 192
  output
  interface ethernet g1
  switchport forbidden vlan add 192
  output
  interface vlan 96
  name Comcast
  output
  interface vlan 172
  name iSCSI-SAN
  output
  interface vlan 192
  network name
  output
  serial interface ethernet g(19-20)
  Auto mode channel-group 2
  output
  serial interface ethernet g(21-24)
  Auto mode channel-group 1
  output
  interface vlan 192
  192.168.1.251 IP address 255.255.255.0
  output
  line console
  exec-timeout 20
  output
  ssh line
  exec-timeout 20
  output
  ssh line
  password * redacted * encrypted
  output
  line console
  password * redacted * encrypted
  output
  enable level 15 password * redacted * encrypted
  username admin password * redacted * encrypted
  password username davery * redacted * level encrypted 15
  property intellectual ssh server
  The https server IP
  clock timezone-8
  customer SNTP enable vlan 192
  clock source sntp
  unicast SNTP client enable
  unicast SNTP client survey
  survey of SNTP server 192.168.1.1
  IP - local.dom domain name

  I think I see what is missing, we must add this command so that he can ask for the password.

  Console (config) # aaa authentication login default line

  Console (config) # line ssh

  default authentication logon console(config-Line) #.

  Let me know if it works

• SSH in APIC

  I can PING and HTTPS in my APIC, but can't SSH?

  Does anyone know why this might be the case?

  • SSH works this APIC before?
  • You can SSH to APIC2 or APIC3 successfully?  Leaf (s) & Spine (s)?
  • What has changed?  You've improved APICs?  If so, what version of what version?
  • In the policies of Pod, using access management strategy 'default' or 'custom name' management access strategy?  What is settings for SSH SSH & via the WEB?
  • If you ssh ssh for APIC with the following syntax, capture the output and paste in the text file.  Please attach the text file.  "ssh - vvv [email protected]"/ * /".

  Thank you

  T.

  management - access_01.png

  

• SSH via generic connection?

  I have not been able to get this working.  I choose port 22 and have checked SSH works locally.

  I copy the generic connection link and try the commands such as:

  SSH xlx-1-91092-6667-f84f35aff2df.1-dfw-xlx.cisco-onplus.com:11701

  cisco-l ssh xlx-1-913092-6667-f47f35aff2df.1-dfw-xlx.cisco-onplus.com:11701 ssh

  I get the error back like this:

  SSH: could not resolve hostname xlx-1-91092-6667-f47f53aff2df.1-dfw-xlx.cisco-onplus.com:11701: nodename nor servname provided, or not known

  Telnet on the same device works, but I don't want to telnet enabled for obvious reasons.  All ideas are welcome.

  Thanks in advance,

  Brandon

  Hi Brandon,.

  The standard syntax for ssh to indicate the port is '-p', that is:

  SSH xlx-1-91092-6667-f84f35aff2df.1-dfw-xlx.cisco-onplus.com Pei 11701

  -mike

• RADIUS authentic works not 3560

  Hello world.

  The switch's config for RADIUS authentic.

  When I try here is the log

  % SSH-SSH2_USERAUTH 5: 'xy' authentication SSH2 Session 192.168.x.x (ATS = 1) using crypto cipher "aes256-cbc" hmac "hmac-sha1' Failed

  What should I check now

  Concerning

  Mahesh

  You must post a few outings until I'd suggest something. If SSH works very well with the local database which means the keys RSA are fine.

  If you can't attach the executed full show. Attach the bottom of the outputs listed in your next reply.

  See the race | in aaa

  See the race | Please line vty 0 4

  Debug RADIUS

  Debug aaa authentic

  Debug aaa approval

  The radius, if any server error.

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• ASDM does not work in the external interface

  Hello

  I'm new to ASA. I have ASA 5510 and strives to enable ASDM access through the external interface. but is not working for me... not. I set up a public ip address on the external interface and activated the ssh and asdm. SSH works but asdm does not work. This is a test environment, so I have not yet set up an ACL.

  VPN-TEST # show version

  Cisco Adaptive Security Appliance Version 8.2 software (1)

  Version 6.2 Device Manager (1)

  Updated Wednesday, 5 May 09 22:45 by manufacturers

  System image file is "disk0: / asa821 - k8.bin.

  The configuration file to the startup was "startup-config '.

  VPN TEST up to 4 hours and 33 minutes

  Material: ASA5510, 1024 MB RAM, Pentium 4 Celeron 1600 MHz processor

  Internal ATA Compact Flash, 256 MB

  BIOS Flash Firmware Hub @ 0xffe00000, 1024 KB

  Hardware encryption device: edge Cisco ASA - 55 x 0 Accelerator (revision 0 x 0)

  Start firmware: CN1000-MC-BOOT - 2.00

  SSL/IKE firmware: CNLite-MC-Smls-PLUS - 2.03

  Microcode IPSec:-CNlite-MC-IPSECm-HAND - 2.04

  0: Ext: Ethernet0/0: the address is d0d0.fd1d.8758, irq 9

  1: Ext: Ethernet0/1: the address is d0d0.fd1d.8759, irq 9

  2: Ext: Ethernet0/2: the address is d0d0.fd1d.875a, irq 9

  3: Ext: Ethernet0/3: the address is d0d0.fd1d.875b, irq 9

  4: Ext: Management0/0: the address is d0d0.fd1d.8757, irq 11

  5: Int: not used: irq 11

  6: Int: not used: irq 5

  The devices allowed for this platform:

  The maximum physical Interfaces: unlimited

  VLAN maximum: 50

  Internal hosts: unlimited

  Failover: disabled

  VPN - A: enabled

  VPN-3DES-AES: enabled

  Security contexts: 0

  GTP/GPRS: disabled

  SSL VPN peers: 2

  The VPN peers total: 250

  Sharing license: disabled

  AnyConnect for Mobile: disabled

  AnyConnect for Linksys phone: disabled

  AnyConnect Essentials: disabled

  Assessment of Advanced endpoint: disabled

  Proxy sessions for the UC phone: 2

  Total number of Sessions of Proxy UC: 2

  Botnet traffic filter: disabled

  This platform includes a basic license.

  VPN-TEST # http see race

  Enable http server

  http 0.0.0.0 0.0.0.0 outdoors

  VPN-TEST # display running asdm

  ASDM image disk0: / asdm - 621.bin

  enable ASDM history

  Could someone please help me know what Miss me?

  Kind regards

  Praveen

  That's it, please add any combination of encryption by using the command "ssl encryption" algorithms, please add them in one line next to each other, and you can use '? ' to check available combinations.

  Kind regards

  Mohammad

• Unable to SSH for outside the router No. 2851

  Hello

  I want to SSH to the external interface of our router No. 2851.

  SSH works fine on the internal interfaces.

  I have install the ACL is access (1 applied to the vty line and one to the external interface).

  The configuration looks like the following:

  line vty 0 4

  access-class 102 in

  30 logout-WARNING

  length 0

  entry ssh transport

  access list 102 permit tcp any gt 1024 any eq 22

  Outside_ACL extended IP access list

  permitted tcp and gt 1024 no matter what eq 22 log

  Is there anything else that I should consider when setting up SSH on the external interface?

  TIA,

  Michael

  Michael

  I notice that there is a card encryption on the interface (I have would have supposed of your previous comment that you access the router via VPN) and I wonder if it is possible that SSH entering your remote address is considered to be entering the card encryption VPN traffic. Could you try the external address of some other address source SSH and see if that changes things?

  Or can you provide details on what is in the card encryption - and perhaps think about putting something in the map encryption that would exclude SSH to the external interface.

  HTH

  Rick

• SSH without password ESXi for Linux

  Someone knows how to do it successfully SSH of ESXi for Linux?  The following link describes the steps to get SSH working PuTTY or an external orifice to ESXi.  I tried to reverse the steps a bit to make it work on the other hand, but it doesn't seem to work.

  http://communities.VMware.com/docs/doc-8890

  Thank you.

  In this, it's kinda funny.  Dropbear has the ability to create a pair of valid keys, but theres no real binary ssh in ESXi.  However, you can get there.

  (1) ' create' a ssh a symbolic link to dropbear: ln-s/sbin/dropbearmulti/bin/ssh

  (2) create a key pair: dropbearkey - dss f privatekeyfile - taha 1024. You'll find yourself with a file in the current directory, called "privatekeyfile" and the system will display a public key SSH format on the screen:

  ~ # dropbearkey - dss private f TS 1024
  Will display 1024-bit dss secret key "Private".
  Generate keys, this can take some time...
  Part of public key is:
  SSH - dss AAAAB3NzaC1kc3MAAACBAJbXscSKNxkxs3NYfMgMLs8tsh3iio9vFN3fzq8/5HrsgcGK3gHc + SQlLmhtP... hostname. Domain
  Copy all lines of this from "ssh - dss" through the end of 'hostname.domain"in your Clipboard.
  (3) add this public key copied to your host Linux at the right place - usually ~/.ssh/authorized_keys:
  linuxhost % cat .ssh/authorized_keys

  SSH - dss AAAAB3NzaC1kc3MAAACBANPYWCXvqAVK95Xa0qM1rUPM7h2CWB85d2Qk3paYsRU6x...
  (4) now use the private key to ensure that it works in ESXi:
  ~ # ssh-i privatekeyfile [email protected]

  Last login: kills Apr 12 15:01:15 the domain.lan 2011

  [user@host] (Linux 2.6.18 - 194.26.1.el5)

  %

  Life is good!

• ESX4.1 SSH user access to Active Directory.

  I have one of my servers for improved test of 4.0 update 2 for ESX 4.1. I'm trying to understand how to configure SSH access to my Active Directory account. I joined the host to active directory and granted my acount AD permissions on the host computer. If I try and ssh to the host with my AD account I get access denied. I can connect via the Client vSphere with my AD account successfully. SSH works with a local account on the server ESX4.1. I tried both with just my username to the SSH connection as well as domain\username. User domain\username using is actually suspended the host and I need to do a hard reset to get it back.

  Someone does it that it works?

  4.0 Update 2, I used esxcfg-auth - enablead and then created a user without password on the host computer. This command no longer exists on 4.1 however.

  I would like to do an update here for those interested.  I found it frustrating that the access AD kerberos from vSphere 4.0 to 4.1, ssh disabled unless you have used the "Authentication AD" via the VI Client configuration.  I ran into the same issue with JEPP 0 errors and the server actually restart itself trying to ssh using my AD account.  The problem is that if you are part of > 30 security groups (in my case it was only 23), the server lock herself up and sometimes even restart.  I validated with another AD account that was only member groups of 3 seconds and he was able to connect without locking ESX or causing a reboot.

  In addition, in my laboratory, where I run VCenter 4.1 and both nodes are now 4.1, I use authentication 'AD' and it works very well with only a part of a limited number of groups SEC users in AD.

  VMWare said that this issue was refitted to engineering.

  FYI, this affects the ESX and ESXi.

• 6 pro: Managment Services is offline (RNOS 6.4.2)

  All,

  I've seen this problem on other posts, but not of direct response. My NAS has stopped responding, both WebGUI and SSH work more. It could have happened after that she filled.

  Unfortunately no guarantee but any help is welcome.

  Dave

  There was a problem with the file system on the volume of the root, so I copied the content off, formatted the volume root, copied data retrospectives and fixed a number of things with the volume of the root and then he started back to the normal mode.