This post is more than 5 years old
385 Posts
0
11215
Transfer files from MDS switch
Trying to setup a job to dump some data (and clear logfiles) and push them to a remote server.
Running into two problems trying to either pull or push the data:
1) Trying to push from the MDS host using FTP the job hangs because it prompts for a password even though one is supplied.
2) Trying to pull data using SCP or SFTP doesn't work (I've tried numerous tools, platforms) against the MDS switch for some reason.
Anyone have any luck or specific process they use to automatically transfer files from their switch?
DippityDell
79 Posts
0
March 3rd, 2011 10:00
I haven't had the opportunity to work on this in a while, but was trying to do exactly the same thing. The issue I had was having the MDS connect to the host with the SSH keys and dump the files. Host to MDS worked fine, but didn't seem acceptable to me. I would be interested to see how this works out for you.
Similar to the last post, here is a primus article that list steps and additional information on how to setup. emc165558.
Check out the primus as it lists some other good sources of information and some important notes on known issues. Let me know if you are unable to pull up the primus and I can post.
switch# conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# ssh key rsa1
generating rsa1 key(1024 bits).....
generated rsa1 key
swithc(config)# ssh key dsa
generating dsa key(1024 bits).....
generated dsa key
switch(config)# ssh key rsa
generating rsa key(1024 bits).....
generated rsa key
switch(config)# ssh server enable
switch# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# username testuser role network-operator
warning: password for user:testuser not set. S/he cannot login currently
switch(config)# username testuser sshkey 1024 35
139198677264732164858153476357747926024656548233745027006381178621992083524037906211714241
450436547019604214530354070873624269283640613058470615170649963414635036859628344005142227
886318134122126153182906740418449098047827961768214148936752631482459130056603268404256522
191410368204629699075809390037814979061 testuser@host
switch(config)# end
switch# show user-account testuser
user: testuser
this user account has no expiry date
roles:network-operator
no password set. Local login not allowed
Remote login through RADIUS/TACACS+ is possible
ssh public key: 1024 35
139198677264732164858153476357747926024656548233
74502700638117862199208352403790621171424145043654701960421453035407087362426928
36406130584706151706499634146350368596283440051422278863181341221261531829067404
18449098047827961768214148936752631482459130056603268404256522191410368204629699
075809390037814979061 test user @host
Using username "testuser".
MDS Switch
Authenticating with public key "testuser@host"
Cisco Storage Area Networking Operating System (SAN-OS) Software
TAC support:http: / /www .cisco .com / tac. Copyright(c) 2002-2004, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
switch#
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
January 11th, 2011 07:00
can you do tftp ? I can share my perl script i use to pull weekly configs.
jeffbaum999
17 Posts
1
March 3rd, 2011 07:00
Excerpt taken from EMC Primus knowlegebase article emc98524
As of 2.0(1b) SAN OS, files can be transferred from and to and from a Cisco MDS 9000 Series via the Fabric Manager GUI or the CLI.The CLI offers a broad range of protocols to use for copying to or from the MDS. The MDS switch always acts as a client, such that an ftp/scp/tftp session will always originate from the MDS and either push files to an external system or pull files from an external system.
There are four (4) protocols that the MDS copy command supports. They are scp (secure copy), ftp (file transfer protocol), sftp (secure file transfer protocol), and tftp (trivial file transfer protocol).
hope this helps..
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
March 3rd, 2011 07:00
Jeff ..other than tftp these approaches are interactive and require user to enter password, so not very friendly to be scripted. Is there a way to setup public key ssh authentication when using scp ?
jeffbaum999
17 Posts
0
March 3rd, 2011 17:00
The above steps were taken from the CISCO MDS9000 Family Cookbook for MDS SAN-OS Release 2.x. Additional documentation can also be found in the SAN-OS config guide under Configuring SSH Services .
Tip: Assign password-free logons to either a read-only role like network-operator or to a role with a minimal set of privileges.
Caution: Having only the public key does not trigger the switch to grant access. The private key must also be on the host. Treat the private key like a password.
If the same user tries logging in from another host without both the private key file (/users/testuser/.ssh/identity) and the public key file (/users/testuser/.ssh/identity), then access to the switch is denied. The fact that the public key has testuser@host included does not tie it to a specific host but does allow an admin to determine from which host it was generated. In some SSH implementations such as putty, this is the Key comment.
You can allow switch access with no password from automated scripts or agents. Providing a null password or hard coding the password into the script or agent could be considered a weak security practice. However, using the private/public key infrastructure of SSH maintains a secure environment. SSH uses a private/public key exchange; the switch knows only the public key while the host knows both the public and private keys. Access is only granted if the user comes from a host that knows both the public and private keys.
Jeff
CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system.
bodnarg
385 Posts
0
April 6th, 2011 07:00
I didn't want to use tftp since it is fairly insecure.
I was hoping to push from the switch, but I'll have to try and get pull working from the switch instead as some of these post suggest. Since I'm trying to get the data to a Windows 2xxx server secure ftp isn't the best, but I'll have to give it a try.
Thanks.