cancel
Showing results for 
Search instead for 
Did you mean: 

Trying to connect to netBackup using SSH

mkatouzi
Level 3

Hi,

I am trying to write a Java program to connect to the netbackup master servers, get status reports of the back ups done on the servers and create graphs/tables. I am using JSch library to maintain the ssh connections. When I try to connect, I get the following error:

Exception in thread "main" com.jcraft.jsch.JSchException: Algorithm negotiation fail

at com.jcraft.jsch.Session.receive_kexinit(Session.java:540)

at com.jcraft.jsch.Session.connect(Session.java:288)

at com.jcraft.jsch.Session.connect(Session.java:145)

at SSHConnection.connect(SSHConnection.java:21)

at SSHConnection.main(SSHConnection.java:25)

1. What kind of negotiation method do netbackup servers use? ex. Diffie Hellman, etc.

2. I am wondering if there are certain modifications I need to do in order to be able to connect, or if it is even possible to connect to them this way.

Looking online, people suggested me to modify the sshd_config file on the server, but I have no idea where it is on the server.

I can easily connect using secure shell but I want to automate this reporting procedure. So, I need to get the data to my java program automatically. Any suggestions?

 

1 ACCEPTED SOLUTION

Accepted Solutions

jnardello
Moderator
Moderator
   VIP    Certified

1. All bash shells are automatically routed into the CLISH. You could break that but you'd break how the admin account works, and it'd automatically get overwritten on the next upgrade.

2. Is your code going to handle password prompts when running NetBackup commands to get those statuses you want ? If so, by all means make it prompt for a password. =)

You'd also have to disable some of the appliance security checking, I seem to recall it only allowing highly authorized users into the CLI - it's been a while since I dug into that though.

 

View solution in original post

12 REPLIES 12

Andrew_Madsen
Level 6
Partner

NetBackup does not use SSH. SSH is a function of the operating system. What is your master server operating system?

mkatouzi
Level 3

It is a linux system, and when I use Secure Shell in windows, I am able to connect to the server. It provides me a command line menu. I want to do the same thing using java. The problem is, I get negotiation failures. I am wondering if there is any key exchange method or negotiation method I need to setup for that?

RiaanBadenhorst
Level 6
Partner    VIP    Accredited Certified

Sounds like its an appliance. Appliances are hardened so you can only get the menu (CLISH). You'll also only be able to login in with user admin, unless you've created a separate CLI user. NetBackup already has reporting software called OpsCenter, you can install that and then create customized reporting using the built in reports or custom SQL queries you can write.

Marianne
Level 6
Partner    VIP    Accredited Certified
Java errors still looks like OS issue. If you really want to use your own commands/scripts, rather install Windows Admin Console on Windows machine and add it as Server on the master. Ensure hostname lookup and port connectivity as with any other server. You will now be able to run NBU commands on the Windows server.

Nicolai
Moderator
Moderator
Partner    VIP   

Algorithm negotiation fail

This is the SSH encryption negotiations failing. take a look at sshd.conf on target client. It may disallow old unsecure encryption algorithms.

Andrew_Madsen
Level 6
Partner

What ID do you use to connect?

mkatouzi
Level 3

Admin

mkatouzi
Level 3

The cipher methods the server uses matches the one JSch uses. However, I checked the sshd_conf and didn't find any clue about the key exchange methods.

Andrew_Madsen
Level 6
Partner

So,

Therefore you are trying to connect to an appliance like a 5200, 5220, or 5230. 

If you are trying to use admin and P@ssw0rd in an ssh command line session and you hope to run some commands you will fail. Admin goes into a secure area and you can only run the CLISH commands. You need to connect as a Linux user of some kind like root but that circumvents the normal login and that type of connection is not supported on an appliance. 

You are out of luck writing your own. I would suggest you follow Riaan's advice and install Ops Center.

jnardello
Moderator
Moderator
   VIP    Certified

1) Create a local user on the appliance.

2) Give the user something other than the default bash shell (i.e. ksh)

3) echo "mynewuser  ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

 

Your user will now have the ability to ssh into the appliance.

 

mkatouzi
Level 3

Thank you for your help. I had some questions about your solution:

1. what is the reason about not using the bash shell?

2. Isn't it insecure not to use password? Do I have to do that?

 

Thank you again for responding

jnardello
Moderator
Moderator
   VIP    Certified

1. All bash shells are automatically routed into the CLISH. You could break that but you'd break how the admin account works, and it'd automatically get overwritten on the next upgrade.

2. Is your code going to handle password prompts when running NetBackup commands to get those statuses you want ? If so, by all means make it prompt for a password. =)

You'd also have to disable some of the appliance security checking, I seem to recall it only allowing highly authorized users into the CLI - it's been a while since I dug into that though.