SSH Console

Similar Questions

• Cannot SSH / console to the EPSC

  Suddenly, I am unable to access the EPSC device console via SSH or local console.  When I connect, for the "admin" account credentials are accepted and then the following text is displayed:

   ######################################################################### # This system is hardened and for the use of authorized users only. # # Individuals using this computer system without authority, or in # # excess of their authority, are subject to having all of their # # activities on this system monitored and recorded by system # # personnel. # # # # In the course of monitoring individuals improperly using this # # system, or in the course of system maintenance, the activities # # of authorized users may also be monitored. # # # # Anyone using this system expressly consents to such monitoring # # and is advised that if such monitoring reveals possible # # evidence of criminal activity, system personnel may provide the # # evidence of such monitoring to law enforcement officials. # ######################################################################### java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source) at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source) at java.net.AbstractPlainSocketImpl.connect(Unknown Source) at java.net.SocksSocketImpl.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at java.net.Socket.(Unknown Source) at java.net.Socket.(Unknown Source) at com.cisco.ca.ss.adminshell.client.ShellClient.main(ShellClient.java:63) Error occured: could not connect to the command server

  I have tried power cycling the CSPC.

  Anyone has a suggestion to remedy this?

  Hi again,

  On the continuation of the investigation, there is actually a bug that seems to cause this problem. If you change the default password "admin" in the GUI, it causes a problem with the connection to the mysql database.

  If you have changed the admin password last time, then as long as you do not change the password for the admin on your redeployment, so you shouldn't run again the issue.

  -Lynden

• Creating a Clone VM of model VM using SSH console error DiskLib_Check()

  Hi all

  I'm now using ESXi 3.5 u4 and I activated the SSH connection.

  in a PuTTY console, I run the following command:

  1. vmkfstools-i/vmfs/volumes/datastore1/WinXPProSP3vmxp00_ md3000i/vmfs/volumes/MD3000iVMFS/WinXPProSP3_vmxp01_

  to copy the virtual directory WinXPProSP3vmxp00_ in my SAN-VMFS, but then I got this error:

  * DiskLib Check() has failed for disc source the specified file is not a virtual disk (15). * _

  is there a best way to do without vCenter license?

  or just use ishall

  _CP - r

  / vmfs/volumes/datastore1/VM_Templates /& lt; SOURCE & gt;

  / vmfs/volumes/datastore1 /& lt; DESTINATION & gt; _

  Instead?

  Thank you.

  Kind regards

  AWT

  vmkfstools only work with the drive.

  The best solution is using VC.

  Converter also works very well.

  But if you use the copy of files (like cp) you MUST regenerate vMAC address (when you turn on the computer virtual don't say keep!).

  The virtual machine should be also customized (new name, new IP, new SID), but in any case.

  André

  * If you found this device or any other answer useful please consider awarding points for correct or helpful answers

• My vmdk files not visible from vpshere but visible from ssh console

  Hello

  I would use my dataontap virtual appliance of Netapp communities tar file.

  Their installation guide, they show just to put this on the data store tar file.

  This tar file contains the following files:

  DataONTAP.vmdk

  DataONTAP.vmx

  DataONTAP - flat hard

  DataONTAP - nvram.vmdk

  DataONTAP-nvram - flat hard

  DataONTAP - s001.vmdk by DataONTAP - s126.vmdk (126 disk files)

  DataONTAP - sim.vmdk

  DataONTAP - var.vmdk

  DataONTAP-var - flat hard

  I put this vsphere on the data store file and extract it to ssh connection on esxi with the command "tar".

  All files are now visible to PuTTY connection on esxi

  1 / but when I browse datastore, I see not all vmdk files. (missing 126 files on disk)

  2 / when I turn, this virtual machine, I have this error "DataONTAP - sim.vmdk file not found on /vmfs/volumes.../.

  But this file exist on the path specified error.

  Configuration:

  ESXi 5.1, NFS datastore.

  Stand-alone node (without cluster)

  No vcenter

  Spatial data store are free and available.

  Checksum for this tar file are OK.

  Thank you very much

  Concerning

  The files in the archive are the data files, and not the descriptor. I guess DataONTAP - sim.vmdk is the file descriptor for these files DataONTAP - sXXX.vmdk . To ensure that this is the case, please attach the DataONTAP - sim.vmdk.

  If this is the case, here are the steps that should make the usable virtual machine:

  1. load the muliextent module
     vmkload_mod multiextent
  2. Rename the virtual disk file to a temporary file name
     vmkfstools EI DataONTAP - sim.vmdk DataONTAP-sim - old.vmdk
  3. clone the virtual disk in a format supported the original file name
     vmkfstools-i DataONTAP-sim - old.vmdk DataONTAP - sim.vmdk - d thin - an ide
  4. unload the module multiextent
     multiextent vmkload_mod-u

  At this point, you should be able to turn on the virtual machine. If everything works as expected, you can delete all the temporary files of DataONTAP-sim-old * hard .

  André

• ISE GUI Admin Pass do not SSH

  Hello

  recently, due to the expiration policy for password on my ISE, I changed my pass admin ISE through the graphical user interface. but then I can connect to my ISE GUI with the new admin password.  But when I try to ssh to my LSE and to try some new admin pass, it does not accept the new pass, when I try with old pass admin it works on ssh

  something wrong?

  Hi Imran,

  Change the password of ISE GUI will not change in the SSH ISE console password. These two are two different flow rates and if you want to change the CLI password you must use the ISE rescue CD and select the option change the password and it will prompt you to change the password in the ssh console.

• Local database username and password SSH works not

  I have a weird problem. I recently install an ASA 5510 and SSH work. To make it easier on my VPN users I decided that I wanted to implement a policy Windows 2008 network for the RADIUS authentication server. Since I added the part of RAY to the aaa authentication, when I use SSH to connect to the ASA, should not be the local user name and the password I installed. However, I can get by using a domain user name and password. This is the SSH and AAA configuration. Am I missing something here? The user name and password in the ASA is not on the domain and it is as if the ASA does not even LOCAL when attempting to authenticate. I want to use the local user name and password if possible. I'm kind new to ASA...

  On another note, I have never been able to SSH in on internal interface. I always get an error message "the remote system refused the connection. I can only use the external interface.

  Site - ASA # sh run | in ssh

  authentication AAA ssh console LOCAL SERVER_RADIUS

  SSH 0.0.0.0 0.0.0.0 outdoors

  SSH 0.0.0.0 0.0.0.0 inside

  SSH timeout 60

  SSH version 2

  Site - ASA # sh run | in aaa

  RADIUS protocol AAA-server SERVER_RADIUS

  AAA-server SERVER_RADIUS (inside) host 10.0.0.6

  authentication AAA ssh console LOCAL SERVER_RADIUS

  Console HTTP authentication of the AAA SERVER_RADIUS LOCAL

  Site - ASA #.

  If there is no other config that would help I would be more than happy to show them

  Thank you!

  Hello

  Try as

  authentication AAA ssh console LOCAL SERVER_RADIUS

  because if the RADIUS is available the device does not check local users.

• Authentication of SSH without password on a PIX

  I'm looking to implement authentication SSH without password for a Solaris client can run a script to open a session on a PIX and retrieve the configuration.

  Someone has reached the SSH authentication without password on a PIX or find out if the device supports it or not?

  Thank you, Dom

  It is vaguely correct.

  Here are the details:

  Security506E - 6.x (config) # aaa HS

  AAA proxy-limit 16

  authentication AAA ssh console LOCAL SecurityACS1111

  Console HTTP authentication of the AAA SecurityACS1111 LOCAL

  Console Telnet AAA authentication LOCAL SecurityACS1111

  Console to enable AAA authentication LOCAL SecurityACS1111

  LOCAL AAA authorization command

  now, if you have configured aaa on the pix and specified an aaa for the role of authentication server when ssh is done "'authentication aaa ssh console LOCAL SecurityACS1111'...". then the username and passwords of the Ali database should be provided when ssh is done.

  If you have specified LOCAL as an authentication method, then the database username and password configured in the configuration of the firewall will be used for the purposes of authentication.

  If you have not specified "ssh" under "sh aaa" command output, then the default settings are used.

  dafault settings:

  username: pix

  telnet password: password you have defined with the command:

  password

  activate the password:

  password, you have defined using:

  activate the password

  Please indicate if this help!

  Sushil

  Cisco tac.

• Option for "SSH Server" for the firewall under "safety profile"?

  Hello

  We have upgraded all ESXi hosts to vSphere 5.1.

  Question 1

  =========

  We observe that for a specific ESXi host, the option button is avaialbe (others are gray).  We are able to change the political beginning and can 'start' / 'stop' and 'restart' this service.

  We cannot see any difference between this server and other hosts of ESXi.

  Question 2

  =========

  We would also like to ask the opinion that, if we want to connect to the SSH console, the procedure is to start the SSH Service (Services) and check "SSH Server" (Firewall)?

  Thank you

  I would just leave if you verified that it is the same build as the other 5.1 hosts.

• Difficulty to El Capitan stuck when connecting

  Last month I upgraded 10.11.1 and could no longer connect my system.  I would like to enter my password correctly and then the cursor would change roulette spins and just stay there forever.  The only way out was a power off reboot.  Later, I found that when he was in this State, I was able to SSH in from another machine, and the system log revealed that/usr/libexec/lsd (the demon Services launch) was crashing repeatedly.  I searched these forums and others and found a lot of ideas, and none helped.

  No problem, however, I've got hourly backups time machine, right?  Well, no.  Apparently El Capitan did not have hourly backups so my most recent backup performed for some time in October, which was a month at the time.  Not good.

  Fortunately, I had a former boot disk that I put in an external enclosure and was able to start to experiment.  The drive that I normally starts since was well - checks and repair disk permissions and everything that everything came back good, and I could read and write files in there very well.

  After much experimentation and frustration, I was on the point of abandon and add another drive for a clean install and start moving more - a process that I * really * hate to do.  But one last Web search and hopefully kicked my last set.

  To do this, you'll need to be in a recovery, or ssh console in the machine or otherwise somehow to get to a command prompt boot from an external drive.  Once you're there, follow these steps:

  find/private/var/folders / | grep com.apple.LaunchServices | grep csstore

  Note that if you boot from an external drive, you must run this command on the boot disk you are trying to fix.  Just add the/Volumes/Whatever_Your_Boot_Drive_is the path, as follows:

  find/Volumes/YourBootDriveHere/private/var/folders / | grep com.apple.LaunchServices | grep csstore

  Who will find the database cache that uses Launch Services.  They have long, random searching for names that end with csstor.  Note each illustrates file, then delete them, by a command like this (obviously using some paths command above found instead of this example):

  RM /private/var/folders/cd/someLongRandomNameHere/someFolderNumberHere/com.apple.L aunchService - whatever.csstore

  If you are more careful, you can rename rather than delete them, so you can put back them if necessary.  Which would look like this:

  MV /full/path/like/shown/above/to/whatever.cssstore /full/path/like/shown/above/to/whatever.csstore.backup

  After you delete or rename these files, restart your Mac.  You should now be able to connect.  Or at least it's finally, what worked for me.  The connection has taken longer that normal - a few minutes - to regenerate these files, but the office finally appeared, and now I'm back to running on my normal boot drive.

  Hope this helps someone.

  Wow man you are a genius

  I had my f...d iMac for 4 days after an update of 10.11.1 10.11.2, and he started to give me a real headache.

  I did what you described, and it worked great!

  Thank you very much!

• Unable to update firmware DRAC6 past 1.10.13 on R610

  Hello

  I have a number of R610s I need to upgrade the DRAC firmware, so you can talk to our new management system. Most of them updated correctly when I left versions gradually 1.10.13 (their version) to 1.97.

  About 7 of them, however, will not move past 1.10.13. I have the version of the 1.11 firmware available via TFTP; When I try to install this (via idracadm, starting from the local operating system or a separate box or through the administrative SSH console) I get first "Firmware update is not current" then 'Firmware update operation failed' when subsequent attempts until I have make a racreset. I tried clearing space by removing the logs of the system, I have done a factory reset, drained flea power and the problem persists.

  I also tried to update from the Dell Repository Manager bootable media as shown here http://lonesysadmin.net/2011/03/07/the-easiest-way-to-update-a-dell-servers-firmware/. No joy.

  Finally I tried the update to a new installation of CentOS; the upgrade appears to start but is never-ending; fwupdate s presents 'The Firmware update Operation failed'.

  Is there any other approach, or y at - it logs I can check what goes wrong?

  Thank you!

  ClintonF_Dell,

  The first things that I would look into what version of BIOS and the lifecycle of the R610 controller run. If you do not update those in tandem with iDrac you may encounter problems of this kind. If they're behind then I test this on one of them and get the BIOS and the LC caught up and see if after a racadm racreset and NVram clear as the iDrac allows you to update.

  Also, have you tried to update the iDrac tab to update the iDrac with the firming.d6 file? To do this, for example, you download the iDRAC6_1.97_A00_FW_IMG.exe file and run it on a Windows system to extract the files, then find the file firming.d6 and save. Use it in the iDrac GUI tab updated. Now, I know that it is the current file name, so to keep walking until you need the 1.11 and so on.

  These are the current versions, if you are far behind in these institutions, I recommend walk them up as well.

  BIOS 6.4 - http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=C6MRW&fileId=3287843619&osCode=RH60&productCode=poweredge-r610&languageCode=EN&categoryId=BI

  Lifecycle controller 1.6.5- http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=F7XJ1&fileId=3364056173&osCode=RH60&productCode=poweredge-r610&languageCode=EN&categoryId=SV

  Let me know what you see.

• "show the alignment of the antenna-dot11" shows the bug in JA1 12.4 (25 d) for AP1262N

  Hello

  We have a couple of AP1262N-E-K9 AP with firmware version 12.4 (25 d) JA1 operating in conceerne mode.

  I tried to measure the quality of the signal between access points by a Repeater mode adjuster while all others are in root mode. Then I run the following command:

  dot11 Dot11Radio 0 - the alignment of the antenna

  Connected via the cable from the console, the following output is displayed:

  #dot11 AP Dot11Radio 0 - the alignment of the antenna

  Type escape sequence "control ^ ' to abort.

  Response of 64d8.1486.f000 Signal-24 dBm

  [...]

  Response of 64d8.1486.f000 Signal-25 dBm

  * 1 Mar 05:13:59.953: % DOT11-4-UPLINK_ESTABLISHED: the Interface Dot11Radio0, associated with 64d8.1486.f000 AP AP03 [no Wpa2 PSK]

  However, being connected via SSH:

  Dot11 AP # dot11Radio 0 - the alignment of the antenna timeout 2

  Type escape sequence "control ^ ' to abort.

  Type escape sequence "control ^ ' to abort. Timeout in 1 second.

  Obviously, there is no action displayed during the scan.

  So it must subsequently use the command 'show the antenna alignment' to get the values measured signal strength:

  AP00 #sh alignment of the antenna-dot11

  64d8.1486.f000 answer 25% of Signal 0 dBm

  [...]

  64d8.1486.f000 from 22% 0 dBm Signal response

  There are two problems:

  1. the output to 'see the dot11-alignment of the antenna' is incorrect, the value of % represents the signal strength in dBm without - (least). For example "-25 dBm" appears as "25% signal 0 dBm.

  Now, I know that this is only a display error, but it is still not clean. Is this a known issue?

  2. why the values of measured signal strength appear not on the SSH console during the test of the alignment of the antenna?

  Is it compulsory to use the console to see these values? Or is it also a known bug that could be fixed in the latest versions of firmware?

  Thank you for your support.

  Often, this command is used for real bridges and when you're on the roof trying to align its usually from the console. If the output should vary between a console and a ssh session, no.... You are in the CLI anyway.

  Your better off opening a TAC case on it because it looks like a bug of cosmetics.

  Sent by Cisco Support technique iPhone App

• Someone at - it issues after the update of VRT 2016-02-29-001?

  Seems VRT last update broke the power of fire this morning in my lab at home. ASA X 5506. cannot install policies and syslog shows:

  2 March 2016 04:16:05 snort [9939] of firepower: FATAL ERROR: dynamic detection library "/ var/sf/detection_engines/*GUID*/so_rules/protocol-scada.so" version 1.0 update with the version of the engine dynamic library 2.5 is not compatible with the current engine dynamic library ' / var/sf/detection_engines/*GUID*/libsf_engine.so ' version 2.4.

  Seems/var/cisco/deploy/pkg/var/cisco/packages/modules-1910-x86_64/so_rules installed by the update a incompatible libraries...

  Managed to solve the problem by connecting to the ssh/console and by:

  sudo bash
  CD/var/sf/detection_engines / * GUID *.
  MV so_rules so_rules.old
  ln-s/var/cisco/deploy/pkg/var/cisco/packages/modules-1908-x86_64/so_rules so_rules

  Replace * GUID * above with the identifier unique on your system.

  And then push policies. Required URL filtering a restart of the module in order to start working again.

  Not sure, it is a recommended fix, but a good thing it is only a laboratory.

  It happened to someone else here?

  Hello

  Yes, there was a problem with the SRU version and it was taken out of the OCC.

  If you are on recommendation 6.0 is to upgrade the SRU that was released today and apply policy again.

  Kind regards

  Aastha Bhardwaj

  Rate if this is useful!

• GANYMEDE + and local access connection

  Basic summary is that I want to have GANYMEDE + and local connection to access router on the vty lines.  So, I did the two groups below.  Goody obviously is what will use GANYMEDE and Console uses the local connections.  I divide them between 0-4 and 5-15.  It seems that whoever is more get first priority for authentication.  If I move the Console to 0-4, knit then the local users and GANYMEDE do not.   If I have Goody at 0-4, then GANYMEDE works, but local doesn't work.  I know I'm missing something simple.  Have two RADIUS servers, I doubt that the two will never back down, but in case I want user names Local to work.   If I apply an access list to 4-0 and use SSH, as well as a list of different access to 5 15 and use telnet, it seems to work that way but doesn't help me if the internet goes down and I am trying to access the router via SSH on-site.

  Thanks in advance.

  David

  AAA authentication login Goody group Ganymede + local
  local authentication AAA Console connection

  Line con 0
  the Console connection authentication
  line to 0
  line vty 0 4
  session-timeout 7
  exec-timeout 5 0
  authentication of connection Goody
  entry ssh transport
  line vty 5 15
  session-timeout 7
  exec-timeout 5 0
  the Console connection authentication
  entry ssh transport

  Hi David -.

  Correct me if I'm not understanding this correctly, but you want to use RADIUS servers for authentication ssh/console type and if they fail, you want the network device to use its local database.

  If that is correct you should not need dividing lines and assign authentication lists. The first tribute that you have:

  AAA authentication login Goody group Ganymede + local

  Lists the Ganymede + and the local database as a possible authentication methods. They will be processed in the order they are configured so that the device will be:

  1. use your servers GANYMEDE +.

  2. If the GANYMEDE servers + inaccessible then the local database is used

  You can test this by assigning 'Goody' to all your vty lines and then do your servers GANYMEDE + unavailable. To do as possible you can:

  -Restart the server

  -Stop the server interface

  -Disconnect the device its uplink network

  -Create a list of access on the uplink interface and connection block to the IP addresses of the servers GANYMEDE +.

  I hope that helps!

  Thank you for evaluating useful messages!

• ASA - 1 > en password: *, stuck at this point

  Hello

  I'm stuck at this point, pls advise, 9.x, OS

  ASA - 1 > sh curpriv
  Username: admin1
  Current privilege level: 1
  Current Mode/s: P_UNPR
  ASA - 1 > en
  Password: *---> > the enable password is cisco, but does not work
  Password:

  Here is the config

  Console to enable AAA authentication LOCAL ACS
  Console Telnet AAA authentication LOCAL ACS
  authentication AAA ssh console LOCAL ACS
  ACS LOCAL console for AAA of http authentication
  AAA accounting command privilege 15 ACS
  AAA accounting enable ACS console
  AAA accounting ssh console ACS
  Console telnet AAA accounting ACS
  AAA authorization exec-authentication server

  enable password cisco

  Thank you all

  Hi Ibrahim.

  It seems that your enable password is configured to be extracted from ACS server.
  Console to enable AAA authentication LOCAL ACS

  Please check on ACS or reset your password. If you have access to the consoles and remove the command and test.

  Kind regards
  Dinesh Moudgil

  PS Please rate helpful messages.

• The AAA for PIX515E 6.3 rules (5)

  Hello. If I wanted to configure the PIX for the authentication of an ACS server (for the purpose of management of PIX), what else would need apart from what follows:

  AAA-server Admin-FW Protocol Ganymede +.

  AAA-Server Admin-FW max-failed-attempts 3

  AAA-Server Admin-FW deadtime 10

  !

  AAA-Server Admin-FW (inside) host 192.168.2.9 access timeout 10

  !

  console series FW-Admin-AAA authentication

  Console telnet authentication AAA Admin-FW

  authentication AAA ssh console Admin-FW

  As far as I KNOW, I did not specify which IP addresses can someone telnet from to connect on the PIX. I tried the following, but I do not know I did not provide the correct instructions:

  the AAA authentication include telnet inside 192.168.0.0 255.255.0.0 Admin-FW

  ... and I have a username / password to invite him on the PIX but it keeps asking for a user name and password. I know my account GANYMEDE is good because I can connect on the routers with the same details as what I use to authenticate on the PIX.

  I also ran a debugging on the PIX when I was trying to authenticate. The output is attached.

  Thank you

  Timothy

  Hi Tim,.

  There is no need to order,

  the AAA authentication include telnet inside 192.168.0.0 255.255.0.0 Admin-FW

  Try it now and see if you get hits on ACS. Incase it is not working, pls get again him debugs.

  Thank you

  Jagdeep