This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I apologize for not selecting the correct "location" -- it won't let me select anything close to my model. Perhaps a moderator can put this post in the correct place.
I am working with a gsm7442L2 24 port managed switch.
Serial number: 1CV26C3T002DA
Firmware: 5.0.2.1
The good news: I am able to assign an ip via dhcp and it is accessible to me on the network. And I can access it through telnet. And the web interface works (although not fully because of the java plugin issue) that is discussed elsewhere.
The bad news: I have spent the better part of this weekend trying to configure secure ssh without success. I want secure ssh so that I can turn off telnet because it's insecure.
I was able to configure tftp and succesfully on a different system transfer keys from the web interface on the switch.
But no matter what I do, I end up with these errors:
<6> JUN 25 21:19:42 192.168.8.3-1 UNKN[39154784]: ssh_sys_fastpath.c(399) 54 %% SSHD: exiting global context 0x0xd62520 <6> JUN 25 21:19:42 192.168.8.3-1 UNKN[39154784]: sshd_main.c(556) 53 %% SSHD: host key is corrupt (did not decode). <6> JUN 25 21:19:42 192.168.8.3-1 UNKN[40239804]: sshd_control.c(451) 52 %% SSHD: sshdListenTask started
Unless I am missing something, the documentation says little about the format of the keys should be. I'll admit to not being terribly knowledgeable about cryptography, but a few basic instructions for folks like me would be helpful.
I was able to infer from the types listed on the "download" key page that you can get to when ssh is disabled that I need version two keys.
And I used the web interface to "download" them via tftp to the switch with what I think are the correctly selected "download" options: SSH-2 DSA PEM and SSH-2 RSA PEM according to each key type. Here too I am getting the "host key is corrupt" message.
That post also makes clear that the keys to be downloaded are private keys. I would have thought that the keys should be the public keys. And so I am uncertain as to how I am to configure a client that is going to ssh into the switch. But I cannot even get far enough to attempt that because the ssh daemon just won't start because of the problem with the key format.
My questions:
Precisely how should I create the ssh keys (as in, parameters for ssh-keygen with explicit examples)?
Precisely how should I copy these keys to the switch?
Assuming that these instructions will enable me to get the ssh daemon started, how do I consume the keys to log on to the switch via ssh;
Finally, is their firmware any newer than 5.0.2.1? I looked up my serial number in the firmware page and nothing came up. I think the switch is just too old.
I have found this experience to be very demoralizing. Before I begin negotiating with the ebay seller to exchange for a different switch, I would like to give this another try. I would like to make this switch work, but I have reached the point of the realization of the sunken cost fallacy (as far as time is concerned) with this switch.
Re: gsm7224 : at the end of my rope configuring ssh
Hi,
Sorry about this. I meant to write back in.
I have concluded that there are two possible problems here:
Although the switch is supposed to support SSH 2, I suspect either that:
It does not really support it
It requires that, even if you have elected not use SSH 1, the presence of an SSH 1 key is required
Alternatively, the nvram may be corrupted, and unfortunately there is no copy operation by which I could get back the key I downloaded and compare it with the one I have locally.
I looked into testing SSH 1 keys, but modern openssh just does not support it. I was unable to install an older version that would create SSH 1 keys.
I reached the point where the amount of time it was taking me to get this one to work exceeded its cost (it was pretty cheap on ebay -- I should have known there would be a catch), so I am returning it.
I ordered an M4100 to replace it. That one appears to date to circa 2015, so I hope that it will be relatively easier to get it working.
But this is all sketchy stuff and definitely not for the faint of heart. I have a cisco sg250-08 that I bought just a few years ago so it's pretty new. I had all manner of trouble getting ssh to work on it. The difference is that the ssh daemon starting was not dependent on the format of any keys (that is just a very poor design choice).. There were meaningful error messages. And the switch is new enough that I was able to find the solution using my google fu.
Thanks all for your replies. I do consider this a "solution": just don't given in to the sunken cost fallacy 🙂
I apologize for not selecting the correct "location" -- it won't let me select anything close to my model. Perhaps a moderator can put this post in the correct place.
No surprise given that this place is a rat's nest.
You might get more help, and find earlier questions and answers specific to your device, in the appropriate section for your hardware. That's probably here:
Re: gsm7224 : at the end of my rope configuring ssh
Thanks for those suggestions and for looking into further resources. I do have the documentation. And I will check the other forums.
I also did find a few additional and random bits of information on the web about how to create the keys. Those did not work either. I was also able to find the firmware and updated it to 6.2.0.14. It seems that this is the latest version.
The problem with the switch recognizing the format of the keys seems to have been solved by the setting the clock on the switch to the correct time zone. Once I got that squared away, sshd still doesn't start, but for a different reason -- it does not complain about the ssh keys being bad.
Now the UI is telling me that ssh is not enabled. But when I enable ssh I am getting these messages:
6> JUN 26 07:33:54 192.168.8.3-1 UNKN[39649952]: sshd_control.c(385) 63 %% SSHD: sshdEventAdminModeSet failed, event=0 <6> JUN 26 07:33:54 192.168.8.3-1 UNKN[39649952]: sshd_control.c(444) 62 %% SSHD: sshdListenTask failed to Startup <6> JUN 26 07:33:54 192.168.8.3-1 UNKN[39649952]: sshd_control.c(209) 61 %% SSHD: sshdListenTask already running
It looks as if there might be a process lock file of some kind that's hanging around and needs to be deleted.
The switch also seems to be struggling with dhcp refresh:
After I copied in the new firmware and rebooted, it took a long time for dhcp to refresh and for my router's dns to register the ip; (which it had known previous). This must be why.
I am beginning to wonder if this switch has a hardware problem.
No surprise given that this place is a rat's nest.
Indeed 8-)
According the product documentation and downloads page https://www.netgear.com/support/product/gsm7224v1 Netgear does talk of the GSM7224v, a ProSAFE 24 Port Gigabit Managed Switch (dated from 2007).
This Managed Switches community section talking of Managed Switches Series including: M4100, M4200, M4250, M4300, M4500, M5300, M6100, M7100 was opened long before the area was generated.
Let's hope there is some related know-how and experience was left back here.
Re: gsm7224 : at the end of my rope configuring ssh
Hi,
Sorry about this. I meant to write back in.
I have concluded that there are two possible problems here:
Although the switch is supposed to support SSH 2, I suspect either that:
It does not really support it
It requires that, even if you have elected not use SSH 1, the presence of an SSH 1 key is required
Alternatively, the nvram may be corrupted, and unfortunately there is no copy operation by which I could get back the key I downloaded and compare it with the one I have locally.
I looked into testing SSH 1 keys, but modern openssh just does not support it. I was unable to install an older version that would create SSH 1 keys.
I reached the point where the amount of time it was taking me to get this one to work exceeded its cost (it was pretty cheap on ebay -- I should have known there would be a catch), so I am returning it.
I ordered an M4100 to replace it. That one appears to date to circa 2015, so I hope that it will be relatively easier to get it working.
But this is all sketchy stuff and definitely not for the faint of heart. I have a cisco sg250-08 that I bought just a few years ago so it's pretty new. I had all manner of trouble getting ssh to work on it. The difference is that the ssh daemon starting was not dependent on the format of any keys (that is just a very poor design choice).. There were meaningful error messages. And the switch is new enough that I was able to find the solution using my google fu.
Thanks all for your replies. I do consider this a "solution": just don't given in to the sunken cost fallacy 🙂
