pv_monitor.sh fails indicating powervault_monitor.py lines which have failed
search cancel

pv_monitor.sh fails indicating powervault_monitor.py lines which have failed

book

Article ID: 224646

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

The U144 and U844 storage arrays have a firmware update which restricts the MAC and KexAlgorithms which are allowed.  This prevents pv_monitor.sh -S from retrieving the suite of configuration and log files to properly debug drive and other component failures.

You may see something like "no matching MAC found" or "KexAlgorithms diffie-hellman-group16-sha512".  The final line the failure is "0: re.compile(b'Password: ')".

 

Resolution

The /etc/ssh/ssh_config file will need to be updated with the required ciphers.  There is no need to restart any services.

  • Update the cipher strings.  The first line to update begins with MACs

Before

MACs hmac-sha1,hmac-sha2-256,hmac-sha2-512

After

MACs hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm,hmac-sha2-512-etm
  • The second line to update begins with Kex

Before

KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521

After

KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,[email protected],curve25519-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512

Then try the pv_monitor.sh -S again.

Additional Information

Full log output:

 

pv_monitor.sh -S

Connecting to https://192.168.0.1

Session Established with https://192.168.0.1

Gathering Support Bundle

Connecting to powervault unit through sftp ...

Updating known hosts ...

Traceback (most recent call last):

  File "/usr/local/sbin/powervault_monitor.py", line 434, in <module>

    main()

  File "/usr/local/sbin/powervault_monitor.py", line 415, in main

    sgm.gather_powervault_support_bundle()

  File "/usr/local/sbin/powervault_monitor.py", line 102, in gather_powervault_support_bundle

    child.expect('Password: ')

  File "/usr/lib/python3.6/site-packages/pexpect/spawnbase.py", line 344, in expect

    timeout, searchwindowsize, async_)

  File "/usr/lib/python3.6/site-packages/pexpect/spawnbase.py", line 372, in expect_list

    return exp.expect_loop(timeout)

  File "/usr/lib/python3.6/site-packages/pexpect/expect.py", line 179, in expect_loop

    return self.eof(e)

  File "/usr/lib/python3.6/site-packages/pexpect/expect.py", line 122, in eof

    raise exc

pexpect.exceptions.EOF: End Of File (EOF). Exception style platform.

<pexpect.pty_spawn.spawn object at 0x7fffeaf7d828>

command: /bin/sftp

args: ['/bin/sftp', '-q', '-o', 'KexAlgorithms diffie-hellman-group16-sha512', '-P', '1022', '[email protected]']

buffer (last 100 chars): b''

before (last 100 chars): b'closed\r\r\nyes\r\n'

after: <class 'pexpect.exceptions.EOF'>

match: None

match_index: None

exitstatus: 255

flag_eof: True

pid: 305292

child_fd: 5

closed: False

timeout: 30

delimiter: <class 'pexpect.exceptions.EOF'>

logfile: None

logfile_read: None

logfile_send: None

maxread: 2000

ignorecase: False

searchwindowsize: None

delaybeforesend: 0.05

delayafterclose: 0.1

delayafterterminate: 0.1

searcher: searcher_re:

    0: re.compile(b'Password: ')