Computer and IT knowledge - things to know
##################################################################
# HPE IMC - using SFTP / SCP to upload firmware
##################################################################
if you need to debug SFTP / SCP process there are log files under
/opt/iMC/server/conf/log/*.log ....
This logs are a bit confusing .. so sometimes it makes sense to have the understand
how the copy process will work manual. Therefore some testing was made. Here comes the result:
-----------------------
prerequisites
-----------------------
To turn on the secury copy feature it is necessary to set "ip ssh filetransfer" on the switch:
using the command show ip ssh, you see the settings:
(config)# show ip ssh
SSH Enabled : Yes Secure Copy Enabled : Yes
TCP Port Number : 22 Timeout (sec) : 120
Host Key Type : RSA Host Key Size : 2048
>> Secury Copy Enabled has to be yes!
------------------------
sftp firmware deploy tests / using manual sftp / psftp / scp commands
------------------------
FIRMWARE located on IMC
firmware that is stored in the ICM software database is located in directory: <IMC directory>/server/data/image,
for example:
windows: c:\program files\iMC\server\data\image
/opt/iMC/server/data/image/YA_16_11_0003.swi
/opt/iMC/server/data/image/YA_15_18_0007.swi
FIRMWARE destionation on HPE / Aruba / procurve switch
the firmware files are under directory:
- /os/primary
- /os/secondary
- copy via sftp by using the psftp command from IMC
lets copy firmware YA_15_18_0007.swi via SFTP to a HPE Aruba 2530 8 Port Switch (J9774A):
#starting in directory: /opt/iMC/server/bin/
/opt/iMC/server/bin/psftp -P 22 admin@10.0.0.99
#once you are logged in change the local data path using command:
psftp> lpwd
Current local directory is /opt/iMC/server/bin
psftp> put ../data/image/YA_16_11_0003.swi /os/secondary
local:../data/image/YA_16_11_0003.swi => remote:/os/secondary
>> file copied successfully
- copy via scp (scp from a linux machine)
scp /opt/iMC/server/data/image/YA_15_18_0007.swi admin@10.0.0.99:/os/secondary
scp /opt/iMC/server/data/image/YA_15_18_0007.swi radiususer1@10.0.0.99:/os/secondary
>> both user local + radius authenticated "radiususer1" worked!!
- copy via IMC pscp command:
/opt/iMC/server/bin/pscp -P 22 /opt/iMC/server/data/image/YA_15_18_0007.swi admin@10.0.0.99:/os/secondary
/opt/iMC/server/bin/pscp -P 22 /opt/iMC/server/data/image/YA_15_18_0007.swi radiususer1@10.0.0.99:/os/secondary
>> both user local + radius authenticated "radiususer1" worked!!
#there are two flags, where you can choose the protocol
-sftp force use of SFTP protocol
-scp force use of SCP protocol
#on switch side, you see in the log:
01/05/90 00:26:47 00637 ssh: scp session from 10.0.0.10
or
I 01/05/90 00:25:17 00636 ssh: sftp session from 10.0.0.10
I 01/05/90 00:26:21 00163 update: Firmware image contains valid signature.
I 01/05/90 00:26:30 00150 update: Secondary Image updated.
##copy from windows
C:\Program Files\iMC\server\bin>pscp.exe -P 22 ..\data\image\YA_16_11_0003.swi radius.user1@10.0.0.99:/os/secondary
radius.user1@10.0.0.99's password:
YA_16_11_0003.swi | 14846 kB | 159.6 kB/s | ETA: 00:00:00 | 100%
# option -scp (speed about 800kbit)
# option -sftp (speed about 150kbit)
- IMC copy command settings:
cat /opt/iMC/server/conf/ssh_sftp_client.cfg
#linux putty
ssh-cmd = plink -P $port [-i $key-file] $user-name@$device-ip
sftp-cmd = psftp -P $port [-i $key-file] $user-name@$device-ip
- After have done some "manual" testing, lets use IMC -> Service > Deployment Task to deploy some switch firmware
to switches
------
- further readings
-------
Execute command in sftp connection through script:
https://unix.stackexchange.com/questions/315050/execute-command-in-sftp-connection-through-script
useful stuff regarding ssh/sftp and hpe switches:
https://www.kagerer.net/category/hp-switch/page/2/
computer2know :: thank you for your visit :: have a nice day :: © 2024