Posted on August 10, 2014 5:55 pm
 |  Asked by Kai Kai
 |  7756 views
Tags:
RESOLVED
0
0
Print Friendly, PDF & Email

Since EOS runs a non-standard shell FastCli (as I see on ps fx) rather than Bash or Csh, standard Linux tools such as SFTP, SCP and Rsync cannot connect to Arista mgmt port. This is a bit unfortunate though I can connect to my Linux server from Arista with such tools. Do you guys know of any workaround for this?

$ rsync -avz admin@arista:/tmp/myfile.txt .
admin@arista's password:
protocol version mismatch -- is your shell clean?
(see the rsync man page for an explanation)
rsync error: protocol incompatibility (code 2) at compat.c(174) [Receiver=3.0.9]
$ ssh admin@arista /bin/true
admin@arista's password:
> /bin/true
% Invalid input at line 1

0
Posted by Andrei Dvornic
Answered on August 10, 2014 6:39 pm

Hi Kai,

This works as long as you connect directly in a privileged shell. By default you don’t, and you need to run the “enable” command first. One way to land directly in a privileged shell for a locally defined user is to make sure the user is configured with the “privilege 15” option.

e.g. the running config should contain this:
  username foo privilege 15 secret …
instead of:
  username foo secret …
1
Posted by Mike Cotrone
Answered on February 9, 2015 1:34 pm

Alexei,

I have this issue specifically with sftp and my user account does have priv 15 configured.

SSH Result:

Mikes-MacBook-Pro:.ssh mcotrone$ sftp mcotrone@192.168.1.1

Password:
Received message too long 171843631

EOS:

username mcotrone privilege 15 secret 5 <snipped>

Am I missing anything else?

Thank you,
Mike

 

 

In order to use SCP/SFTP, users need to be at enable level already (you have that with ”privilege 15”) and have explicit exec authorization for the user type in question (i.e. local or group). Since I am assuming you are using local auth, all you should need to do is add:

aaa authorization exec default local
(Andrei Dvornic at February 9, 2015 1:49 pm)

Andrei perfect and thank you!

(Mike Cotrone at February 9, 2015 1:54 pm)
0
Posted by Phil Phil
Answered on June 19, 2016 10:00 pm

How would we authorize an account to have sftp privileges using TACACS/Radius?

These are my settings and I still receive the error message above:

  • aaa authentication login default group tacacs+ local
  • aaa authentication enable default group tacacs+ local
  • aaa authorization exec default group tacacs+ local
  • aaa authorization commands 15 default group tacacs+ local
  • aaa accounting commands all default start-stop group tacacs+

Post your Answer

You must be logged in to post an answer.