Omada Er7212pc with Marvell (DB-88F3720-DDR3)

PS C:\Users\Matteo> scp -P 1046 -o KexAlgorithms=diffie-hellman-group1-sha1 -O root@192.168.172.1:/tmp/important-data.txt ./
Unable to negotiate with 192.168.172.1 port 1046: no matching host key type found. Their offer: ssh-rsa
1 Like

Yes I confirm. I have v1

1 Like

I forgot about host key too.

You'll need to use the option to allow the host key algorithm too.

unprivileged@debian-dell-3379:~$ ssh -o HostKeyAlgorithms=
ecdsa-sha2-nistp256                          ecdsa-sha2-nistp521                          sk-ssh-ed25519-cert-v01@openssh.com          ssh-ed25519
ecdsa-sha2-nistp256-cert-v01@openssh.com     ecdsa-sha2-nistp521-cert-v01@openssh.com     sk-ssh-ed25519@openssh.com                   ssh-ed25519-cert-v01@openssh.com
ecdsa-sha2-nistp384                          sk-ecdsa-sha2-nistp256-cert-v01@openssh.com  ssh-dss                                      ssh-rsa
ecdsa-sha2-nistp384-cert-v01@openssh.com     sk-ecdsa-sha2-nistp256@openssh.com           ssh-dss-cert-v01@openssh.com                 ssh-rsa-cert-v01@openssh.com
unprivileged@debian-dell-3379:~$ ssh -o HostKeyAlgorithms=

Sorry but I don't understand in the terminal I'm typing " ssh -o HostKeyAlgorithms= " and then I click tab but this comes out.

┌──(matteo㉿192)-[~]
└─$ ssh -o Ciphers=
.bash_history              .config/                   Downloads/                 .java/                     .profile                   .vnc/
.bash_logout               .dbus/                     .face                      .local/                    Public/                    .Xauthority
.bashrc                    de/                        .face.icon                 .mozilla/                  .sudo_as_admin_successful  .zshrc
.bashrc.original           Desktop/                   .gnupg/                    Music/                     Templates/
.cache/                    Documents/                 .ICEauthority              Pictures/                  Videos/
┌──(matteo㉿192)-[~]
└─$ ssh -o HostKeyAlgorithms=
.bash_history              .config/                   Downloads/                 .java/                     .profile                   .vnc/
.bash_logout               .dbus/                     .face                      .local/                    Public/                    .Xauthority
.bashrc                    de/                        .face.icon                 .mozilla/                  .sudo_as_admin_successful  .zshrc
.bashrc.original           Desktop/                   .gnupg/                    Music/                     Templates/
.cache/                    Documents/                 .ICEauthority              Pictures/                  Videos/

Ah no worries.

Anyway you should be able to copy the ones that the source device is telling you anyway. Was just trying to help you select / speak more generally.

OK so you need at least two options. (And you may need to change your cipher next?)

scp -O -o HostKeyAlgorithms=ssh-rsa -o KexAlgorithms=diffie-hellman-group1-sha1 -P 1046 root@192.168.172.1:/tmp/important-data.txt ./
┌──(root㉿192)-[/home/matteo]
└─# scp -O -o HostKeyAlgorithms=ssh-rsa -o KexAlgorithms=diffie-hellman-group1-sha1 -P 1046 root@192.168.172.1:/tmp/mmcblk0boot0.bak ./
root@192.168.172.1's password:

┌──(root㉿192)-[/home/matteo]
└─# md5sum mmcblk0boot0.bak
md5sum: mmcblk0boot0.bak: No such file or directory

Did it actually transfer the file? Is the file on the other end? Yeah usually I get output that indicates a transfer took place?

the file was not transferred.
Did I do something wrong here?

scp -O -o HostKeyAlgorithms=ssh-rsa -o KexAlgorithms=diffie-hellman-group1-sha1 -P 1046 root@192.168.172.1:/tmp/important-data.txt ./
The authenticity of host '[192.168.172.1]:1046 ([192.168.172.1]:1046)' can't be established.
RSA key fingerprint is SHA256:E9+7smXXx725NlZQ2Rv+rFZNYV7pYpmoRBIOzwKBIIc.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[192.168.172.1]:1046' (RSA) to the list of known hosts.
root@192.168.172.1's password:

I don't have anything other than whether you're entering the password correctly :S But you need to make sure you have the source file name correct. I was using /tmp/important-data.txt as that was the example in the wiki. You'll need to change the file name?

 scp -O -o HostKeyAlgorithms=ssh-rsa -o KexAlgorithms=diffie-hellman-group1-sha1 -P 1046 root@192.168.172.1:/tmp/mmcblk0boot0.bak ./

the password is correct if you try to enter a wrong one by error.

┌──(root㉿192)-[~]
└─# scp -O -o HostKeyAlgorithms=ssh-rsa -o KexAlgorithms=diffie-hellman-group1-sha1 -P 1046 root@192.168.172.1:/tmp/mmcblk0boot0.bak ./
root@192.168.172.1's password:
Permission denied, please try again.
root@192.168.172.1's password:

┌──(root㉿192)-[~]
└─#

I can't find the saved file anywhere. Am I looking for it badly?

edit:

PS C:\Users\Matteo> scp -O -o HostKeyAlgorithms=ssh-rsa -o KexAlgorithms=diffie-hellman-group1-sha1 -P 1046 root@192.168.172.1:/tmp/mtd0ro.bak C:\Users\Matteo\Desktop\prova ./
root@192.168.172.1's password:
0 File copiati
PS C:\Users\Matteo>

I'm going to have to go get a windows machine.....

But I don'tthink you want the space after your path there and then a ./

I'd try C:\Users\Matteo\Desktop\prova\

All else fails try to download winscp and use that as it's a GUI?

I can also try with a PC where I have Linux Kali

if you've got a linux computer with an sftp/scp server IMO you should try using SCP on the er7212pc side?

I think the issue will be cipher/host key/kex algorithm minimums on that computer side but I think that's worth a try.

Otherwise we can investigate using the http server, ftp, tftp etc?
You have curl which probably gives us a bunch of options.

Yes, I also tried on Linux, it doesn't work unfortunately.

Ok we can try, you tell me

edit:

root@ER7212PC:~# scp /tmp/mmcblk0boot0.bak matteo@192.168.172.22:C:\Users\Matteo\Desktop\prova\

/usr/bin/dbclient: Connection to matteo@192.168.172.22:22 exited: No matching algo kex
lost connection
root@ER7212PC:~#

if I want to send the file from the router to the opc via scp how should I write?

What I meant was we initiate the transfer on the er7212pc rather than the kali linux side?

you have scp on the er7212 as well?

Referring back to this:
https://openwrt.org/docs/guide-developer/adding_new_device#getting_collected_data_from_a_device

There are options listed on setting up an ftp/ tftp/http server etc and then you can try curl or other builtins.

It seems so, how can I proceed?

1 Like

OK so same procedure as before except your linux laptop is going to be the destination.

Only other thing I can think of is turn off scp legacy mode (i.e. with the -O) on your laptop when trying to initiate the transfer from your linux machine.

Here's an example on my router. obviously without the extra ssh configuration we may need. (but because router is fixed, it may require configuring the ssh server for legacy ciphers etc on your laptop?)

root@OpenWrt-RT3200:/tmp# dd if=/dev/mtd0ro of=/tmp/mtd0.bak
1024+0 records in
1024+0 records out
root@OpenWrt-RT3200:/tmp# scp ./mtd0.bak unprivileged@172.17.0.216:/home/unprivileged/
unprivileged@172.17.0.216's password: 
mtd0.bak                                                   100%  512KB 512.0KB/s   00:00    
root@OpenWrt-RT3200:/tmp# 

root@ER7212PC:~# scp ./mtd0.bak Matteo@192.168.172.37:C:\Users\Matteo\Desktop\prova

/usr/bin/dbclient: Connection to Matteo@192.168.172.37:22 exited: No matching algo kex
lost connection
root@ER7212PC:~#```

suggestions?

If you're uncomfortable with below, we should try FTP or tftp and set up an ftp or tftp server using the other instructions.
But here's what's required to get scp to work:

You need to configure the kex algorithm on your ssh server to one that the scp client can do?

I would suggest set up a differentt server and/or ensure you revert the config when you're done as you're lowering the security of your ssh server by doing this....

https://man.openbsd.org/sshd_config

As an FYI We've moved to PM's and trying to use CURL and FTP now. But if someone closer to UTC+1 wants to assist it would be appreciated hahahaha.

3 Likes