Thursday, January 8, 2015

More cisco 9.3.2 woes ( scp and ftp )

I ran into something strange while figuring out the best approach for finding the  ospf authentication key in a running-cfg or saved-cfg-file &  on a cisco ASA that's running in multi-context modes.

1st a copying via the  "scp" of the running cfg DOES NOT display  the authentication key. In fact copy the  config via  running to scp, shows completed, but it fails to actually write  file to the target hosts. The same holds true of the saved context config.cfg  file or a backup config file.

I also seen numerous "Resource temporarily unavailable " errors w/asa9.3.2

The above would indicate the copy was successful, but no file was found at the target when using  the above copy  and "scp".  Now here's what was even stranger, when using "ftp"  as the target it also "echos" the password to the screen.

So it seems like something is wrong with ssh/scp on the  cisco ASA & the same with "ftp". I don't recall this behavior before with any previous earlier ASA.

The  copying of the  running or cfg file still don't show the "encrypted key" . I also found out with the backup command, the backup file also does not display the opsf authentication key as listed earlier

We also test the behavior on a asa running 9.3.1 and got different results. It failed  with permission denied for both  "scp" or "ftp". For ssh it  had to deal with ssh key hash.

( behavior on 9.3.1 )

Probably time for a ticket with  cisco TAC.

Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
       /  \

No comments:

Post a Comment