Same result. Any more ideas anyone? Thanks.
[EMAIL PROTECTED] admin]$ scp -v [EMAIL
PROTECTED]:/var/monitor/fwuser/scripts/cpnetstart.dca-er1-cp01.1155Aug022005 .
Executing: program
/usr/bin/ssh host 192.168.15.2, user root, command scp -v -f
/var/monitor/fwuser/scripts/cpnetstart.dca-er1-cp01.1155Aug022005
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 192.168.15.2 [192.168.15.2] port 22.
debug1: Connection established.
debug1: identity file /home/admin/.ssh/identity type -1
debug1: identity file /home/admin/.ssh/id_rsa type 1
debug1: identity file /home/admin/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 129/256
debug1: bits set: 1595/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.15.2' is known and matches the RSA host key.
debug1: Found key in /home/admin/.ssh/known_hosts:1
debug1: bits set: 1604/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/admin/.ssh/identity
debug1: try pubkey: /home/admin/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x808b9d0 hint 1
debug1: read PEM private key done: type RSA
debug1: ssh-userauth2 successful: method publickey
debug1: fd 4 setting O_NONBLOCK
debug1: fd 5 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: Sending command: scp -v -f
/var/monitor/fwuser/scripts/cpnetstart.dca-er1-cp01.1155Aug022005
debug1: channel request 0: exec
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: channel 0: rcvd close
debug1: channel 0: close_read
debug1: channel 0: input open -> closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 1
[EMAIL PROTECTED] admin]$
Mark Senior <[EMAIL PROTECTED]> wrote:Have you tried using a simple filename
without any globbing characters?
I wonder if their might be a problem caused by the "*" character in the
filename you're trying to copy - the process might be looking for a file
literally called "cpnetstart*"
If you really want to copy a large number of files, maybe use the -r
option to scp, and recursively copy the contents of a directory, rather
than individual files.
Cheers
Mark
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[EMAIL PROTECTED] On Behalf
> Of cisco4ng
> Sent: August 2, 2005 10:09
> To: [email protected]
> Subject: [FW-1] scp (aka Secure Copy) in SPLAT with RSA key
> authentication
>
> All,
>
> I have an automate script that backup the configuration of my
> SPLAT enforcement module nightly at 11:30pm. This automate
> script run "upgrade_export" and also copy the
> /etc/sysconfig/cpnetstart file into a local directory that I
> create on the enforcement module, called
> /var/monitor/fwuser/backups. That part is working fine.
>
> At 12am each night, I have another script on my Linux machine
> that will copy these files from the enforcement module and
> store them on my linux machine.
>
> I put the id_rsa.pub key of my linux machine into the
> /root/.ssh/authorized_keys of the SPLAT box. After that, I
> can ssh into the SPLAT box via RSA key just fine. However,
> everytime when I tried to do "scp" and grab the file from the
> SPLAT back to my Linux box, the connection seems to be OK but
> I am not getting any files.
>
> Does ssh in SLAT support "scp"? It seems like like it is not
> working for me.
>
> Please help.
>
>
> Working for ssh:
>
> [EMAIL PROTECTED] admin]$ ssh -v -l root 192.168.15.2
> OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Rhosts Authentication disabled, originating port will
> not be trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to 192.168.15.2 [192.168.15.2] port 22.
> debug1: Connection established.
> debug1: identity file /home/admin/.ssh/identity type -1
> debug1: identity file /home/admin/.ssh/id_rsa type 1
> debug1: identity file /home/admin/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.5p1
> debug1: match: OpenSSH_3.5p1 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.5p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 119/256
> debug1: bits set: 1618/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host '192.168.15.2' is known and matches the RSA host key.
> debug1: Found key in /home/admin/.ssh/known_hosts:1
> debug1: bits set: 1613/3191
> debug1: ssh_rsa_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: next auth method to try is publickey
> debug1: try privkey: /home/admin/.ssh/identity
> debug1: try pubkey: /home/admin/.ssh/id_rsa
> debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey
> 0x808b9d0 hint 1
> debug1: read PEM private key done: type RSA
> debug1: ssh-userauth2 successful: method publickey
> debug1: channel 0: new [client-session]
> debug1: send channel open 0
> debug1: Entering interactive session.
> debug1: ssh_session2_setup: id 0
> debug1: channel request 0: pty-req
> debug1: Requesting X11 forwarding with authentication spoofing.
> debug1: channel request 0: x11-req
> debug1: channel request 0: shell
> debug1: fd 3 setting TCP_NODELAY
> debug1: channel 0: open confirm rwindow 0 rmax 32768 Last
> login: Tue Aug 2 12:00:10 2005 from 192.168.15.100
> [EMAIL PROTECTED]
>
> Not working for scp:
>
> [EMAIL PROTECTED] admin]$ scp -v
> [EMAIL PROTECTED]:/var/monitor/fwuser/scripts/cpnetstart* .
> Executing: program /usr/bin/ssh host 192.168.15.2, user root,
> command scp -v -f /var/monitor/fwuser/scripts/cpnetstart*
> OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Rhosts Authentication disabled, originating port will
> not be trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to 192.168.15.2 [192.168.15.2] port 22.
> debug1: Connection established.
> debug1: identity file /home/admin/.ssh/identity type -1
> debug1: identity file /home/admin/.ssh/id_rsa type 1
> debug1: identity file /home/admin/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.5p1
> debug1: match: OpenSSH_3.5p1 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.5p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 134/256
> debug1: bits set: 1637/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host '192.168.15.2' is known and matches the RSA host key.
> debug1: Found key in /home/admin/.ssh/known_hosts:1
> debug1: bits set: 1517/3191
> debug1: ssh_rsa_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: next auth method to try is publickey
> debug1: try privkey: /home/admin/.ssh/identity
> debug1: try pubkey: /home/admin/.ssh/id_rsa
> debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey
> 0x808b9d0 hint 1
> debug1: read PEM private key done: type RSA
> debug1: ssh-userauth2 successful: method publickey
> debug1: fd 4 setting O_NONBLOCK
> debug1: fd 5 setting O_NONBLOCK
> debug1: channel 0: new [client-session]
> debug1: send channel open 0
> debug1: Entering interactive session.
> debug1: ssh_session2_setup: id 0
> debug1: Sending command: scp -v -f
> /var/monitor/fwuser/scripts/cpnetstart*
> debug1: channel request 0: exec
> debug1: channel 0: open confirm rwindow 0 rmax 32768
> debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
> debug1: channel 0: rcvd eof
> debug1: channel 0: output open -> drain
> debug1: channel 0: obuf empty
> debug1: channel 0: close_write
> debug1: channel 0: output drain -> closed
> debug1: channel 0: rcvd close
> debug1: channel 0: close_read
> debug1: channel 0: input open -> closed
> debug1: channel 0: almost dead
> debug1: channel 0: gc: notify user
> debug1: channel 0: gc: user detached
> debug1: channel 0: send close
> debug1: channel 0: is dead
> debug1: channel 0: garbage collecting
> debug1: channel_free: channel 0: client-session, nchannels 1
> debug1: fd 0 clearing O_NONBLOCK
> debug1: fd 1 clearing O_NONBLOCK
> debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.0 seconds
> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
> debug1: Exit status 1
> [EMAIL PROTECTED] admin]$
>
>
>
>
> ---------------------------------
> Start your day with Yahoo! - make it your home page
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection
> around http://mail.yahoo.com
>
> =================================================
> To set vacation, Out-Of-Office, or away messages, send an
> email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your subscription
> options, email [EMAIL PROTECTED]
> =================================================
>
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you have received this email in error please notify the system manager. This
message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail.
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you have received this email in error please notify the system manager. This
message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
---------------------------------
Start your day with Yahoo! - make it your home page
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
