Got it
Huawei Enterprise Support Community
Community Forums WLAN
Can't SCP, only SFTP work

Can't SCP, only SFTP work

Created: Nov 29, 2021 21:42:41Latest reply: Dec 24, 2021 01:13:00 369 12 1 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

INFO

AC6005 V200R019C00SPC500


PROBLEMS:
1. can sftp but can't scp

Is that normal?

tq


ERROR
scp from raspberry
# scp tes.py admin@192.168.88.245:/

Unable to negotiate with 192.168.88.245 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1


local-user admin service-type ssh http
RESULT
winscp sftp ok

winscp scp failed at "starting the session"


local-user admin service-type ssh ftp http
RESULT
winscp ftp failed
winscp sftp ok

winscp scp failed at "starting the session"


Normally in Linux I can scp or sftp using port 22



Like (1) Dislike (0) Favorite(0) Share Report
Previous: [WLAN From Beginner to Expert] Mapping Between WACs and APs
Next: ​Which of the following statements about conditions for triggering a roaming handover are true? (multiple choice)
Featured Answers

Best answer

Recommended answer

(1) (0)
chenhui
Admin Created Nov 30, 2021 02:14:13

Hi,
As you can see, the error had indicated that the key exchange method mismatch leads the connection to fail. Please execute command ssh server key-exchange to distribute other supported key exchange algorithms, or you can specify the key exchange algorithm when you run scp command on the Raspberry, just as the example below: 

scp -oKexAlgorithms=+diffie-hellman-group1-sha1 tes.py admin@192.168.x.245:/

View more
  • x
  • convention:

nbctcp
nbctcp Created Nov 30, 2021 13:25:52 (0) (0)
[WLCAC6005]ssh server key-exchange dh_group14_sha1
when I scp from raspberry, it stuck in password
# scp -oKexAlgorithms=+diffie-hellman-group14-sha1 tes.py admin@192.168.88.245:/
admin@192.168.88.245's password:  
All Answers
(0) (0)
2#
AndresMoreno
AndresMoreno Admin Created Nov 29, 2021 21:43:34

Hello! Thank you for contacting us.
We are working on an answer for you.
View more
  • x
  • convention:
(1) (0)
3#
chenhui
chenhui Admin Created Nov 30, 2021 02:14:13

Hi,
As you can see, the error had indicated that the key exchange method mismatch leads the connection to fail. Please execute command ssh server key-exchange to distribute other supported key exchange algorithms, or you can specify the key exchange algorithm when you run scp command on the Raspberry, just as the example below: 

scp -oKexAlgorithms=+diffie-hellman-group1-sha1 tes.py admin@192.168.x.245:/

View more
  • x
  • convention:

nbctcp
nbctcp Created Nov 30, 2021 13:25:52 (0) (0)
[WLCAC6005]ssh server key-exchange dh_group14_sha1
when I scp from raspberry, it stuck in password
# scp -oKexAlgorithms=+diffie-hellman-group14-sha1 tes.py admin@192.168.88.245:/
admin@192.168.88.245's password:  
(1) (0)
4#
nbctcp
nbctcp Created Dec 1, 2021 00:42:43

https://support.huawei.com/enterprise/en/doc/EDOC1100064353/8bc6b7/ssh-server-key-exchange
your doc said "dh_group_exchange_sha1 algorithm is recommended"
but what https://tools.ietf.org/id/draft-ietf-curdle-ssh-kex-sha2-09.html and your console said
]ssh server key-exchange dh_group_exchange_sha1
Info:Insecure exchange algorithm is enabled,It is recommended to disable the insecure exchange algorithm.

Your doc neet to be corrected

After searching Wireless Access Controller (AC and Fit AP)_V200R019C00_09_en_AEI0723H.hdx
there is no scp command in any AC or AP doc
I can conclude that AC or AP can't be as SCP server unlike switches that I can type "scp server enable"

https://support.huawei.com/enterprise/en/doc/EDOC1000141931/9c027bbb/example-for-configuring-an-scp-client

View more
  • x
  • convention:

chenhui
chenhui Created Dec 2, 2021 03:43:21 (0) (0)
Yes, WLAN device doesn't support the SCP function.  
(0) (0)
5#
chenhui
chenhui Admin Created Dec 2, 2021 02:27:13

Posted by nbctcp at 2021-12-01 00:42 https://support.huawei.com/enterprise/en/doc/EDOC1100064353/8bc6b7/ssh-server-key-exchangeyour doc s ...
Well, you referred to the old version (V200R010C00), please refer to the latest one.
View more
  • x
  • convention:

nbctcp
nbctcp Created Dec 2, 2021 02:40:57 (0) (0)
https://support.huawei.com/enterprise/en/wlan/ap5030dn-pid-19922882
latest doc 21/11 still mention wrong order
The following key exchange algorithms are listed in descending order of security level: dh_group_exchange_sha1 > dh_group14_sha1. It is recommended that the dh_group_exchange_sha1 be used
recommended one should be dh_group14_sha1. you will see above error if you choose others  
chenhui
chenhui Reply nbctcp  Created Dec 2, 2021 03:47:16 (0) (0)
For these three algorithms, dh_group_exchange_sha1 is the highest security one, and the admins are recommended to choose this one among these three algorithms.  
nbctcp
nbctcp Reply chenhui  Created Dec 2, 2021 04:28:01 (0) (0)
If you haven't try yourself this what will happen if you choose
]ssh server key-exchange dh_group_exchange_sha1
Info:Insecure exchange algorithm is enabled,It is recommended to disable the insecure exchange algorithm.  
chenhui
chenhui Reply nbctcp  Created Dec 21, 2021 05:39:15 (0) (0)
Since your current version is V200R019C00SPC500, and from the documentation, the dh_group_exchange_sha1, dh_group14_sha1, and dh_group1_sha1 are supported, but from the V200R019C10, the more security algorithm dh_group16_sha512, dh_group15_sha512, and dh_group_exchange_sha256 are supported. Maybe you should upgrade your device to the V200R019C10 or later.  
nbctcp
nbctcp Reply chenhui  Created Dec 24, 2021 00:05:29 (0) (0)
V200R019C10 is for switch not AC6005
https://support.huawei.com/enterprise/en/wlan/ac6005-pid-8629933/software  
(0) (0)
6#
chenhui
chenhui Admin Created Dec 24, 2021 01:13:00

Hi @nbctcp
No, you can find the V200R019C10 firmware for AC6005 at the software download page.

Please refer to the picture below:

v200r019c10


View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.