Jump to content


Photo

Resident agent SFTP


  • Please log in to reply
14 replies to this topic

#1 ict.fys

ict.fys

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 27 November 2017 - 06:24 AM

Does "Resident agent" have support for SFTP (SSH File Transfer Protocol)?

I entered URL like my.server.net:22/remote_dir/, but nothing gets uploaded. (/debug gives no further info)

FTP works fine.



#2 Alex

Alex

    Support

  • Administrators
  • PipPipPip
  • 188 posts
  • Gender:Male

Posted 27 November 2017 - 07:09 AM

Hello,

 

SFTP is not supported in the current TNI version.

 

Thanks for the idea. Your request was forwarded to our development team.



#3 ict.fys

ict.fys

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 27 November 2017 - 07:24 AM

I would also be nice to have an option to set a random delay for the scan schedule.

If all clients connect simultaneously at the exact same time to upload their inventory file, this could cause a problem with max. remote logins.



#4 Alex

Alex

    Support

  • Administrators
  • PipPipPip
  • 188 posts
  • Gender:Male

Posted 27 November 2017 - 08:09 AM

You are right. We’ll consider adding such an option in the future.



#5 ict.fys

ict.fys

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 21 February 2018 - 07:57 AM

In the meantime, I am trying to use FTPS but cannot get it to work either.

 

tniwinagent.log

2018.02.21 16:40:10.183 [INFO] Starting service...
2018.02.21 16:40:10.183 [INFO] Notification successful
2018.02.21 16:40:10.183 [INFO] Resident mode
2018.02.21 16:40:10.186 [INFO] {9E4A6CAF-1C8C-4B5C-83FD-088DD9D605A4}=weekly|1|201802211130|1|0010010||||189912300000|189912300000|0|0
2018.02.21 16:40:10.187 [INFO] Starting local scan...
2018.02.21 16:40:10.187 [INFO] Make local scan
2018.02.21 16:40:25.749 [INFO] Scan finished
2018.02.21 16:40:25.763 [ERROR] Login error: check the send settings and network settings

 

ftp://ftp.server.net/dir WORKS

ftp://ftp.server.net:21/dir WORKS

ftp://ftp.server.net:990/dir FAILS

ftps://ftp.server.net:990/dir FAILS

 

I can connect using Filezilla on port 990 and setting 'encryption' to 'Require explicit FTP over TLS'.

I tried another server aswell that has TLS default on port 21, but same error.



#6 ict.fys

ict.fys

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 22 February 2018 - 02:48 AM

Also the update URL does not handle https it seems.

 

https://www.server.net/update/tniwinagent.ini

2018.02.22 11:35:02.011 [ERROR] Scheduler: download failed: 500

-> works fine using wget in linux (HTTP request sent, awaiting response... 200 OK)

 

http://www.server.net/update/tniwinagent.ini

2018.02.22 11:32:02.031 [ERROR] Scheduler: download failed: 301 Moved Permanently

--> redirect to https is not handled



#7 Alex

Alex

    Support

  • Administrators
  • PipPipPip
  • 188 posts
  • Gender:Male

Posted 27 February 2018 - 06:51 AM

Hello!

>ftps://ftp.server.net:990/dir
This option should be working just fine for explicit FTP over TLS.

> I tried another server aswell that has TLS default on port 21, but same error.
Using the default port 21 for Explicit mode is the best option and should be working too.

In any case the communication schema must be as follows:
•  Client connects to the server.
•  Client explicitly requests TLS/SSL encryption to be switched on.
•  Client talks to the server using an encrypted channel.

By the way, can you please confirm that you’ve placed both DLLs (libeay32.dll and ssleay32.dll) next to the agent file?



#8 Alex

Alex

    Support

  • Administrators
  • PipPipPip
  • 188 posts
  • Gender:Male

Posted 27 February 2018 - 06:57 AM

>Also the update URL does not handle https it seems.
You are right. We've passed this information to the development team.



#9 ict.fys

ict.fys

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 28 February 2018 - 03:32 AM

Both .dll files are in the same directory. I also tried copying them to the Windows system folder and tried latest versions, both 64 an 32-bit files from http://indy.fulgan.com/SSL/

I'm using windows 10 and start the agent as admin with command "tniwinagent.exe /install /start /testrun" and before exporting new test settings "tniwinagent.exe /uninstall".

I've now setup my own vsftpd test server with TLS enabled and I get the same error "[ERROR] Error sending data: check the send settings and network settings"

This is the server log:

Feb 28 12:09:21 dhcp-10-33-62-66 vsftpd[27071]: CONNECT: Client "10.33.62.74"
Feb 28 12:09:21 dhcp-10-33-62-66 vsftpd[27071]: FTP response: Client "10.33.62.74", "220 test FTP server"
Feb 28 12:09:21 dhcp-10-33-62-66 vsftpd[27071]: FTP command: Client "10.33.62.74", "AUTH TLS"
Feb 28 12:09:21 dhcp-10-33-62-66 vsftpd[27071]: FTP response: Client "10.33.62.74", "234 Proceed with negotiation."
Feb 28 12:09:21 dhcp-10-33-62-66 vsftpd[27071]: "" from "10.33.62.74": error:00000000:lib(0):func(0):reason(0)

This is the server log connecting with Filezilla client with exact same settings:

Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27654]: CONNECT: Client "10.33.62.74"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27654]: FTP response: Client "10.33.62.74", "220 test FTP server"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27654]: FTP command: Client "10.33.62.74", "AUTH TLS"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27654]: FTP response: Client "10.33.62.74", "234 Proceed with negotiation."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27654]: FTP command: Client "10.33.62.74", "USER test"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27654]: [test] FTP response: Client "10.33.62.74", "331 Please specify the password."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27654]: [test] FTP command: Client "10.33.62.74", "PASS <password>"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27653]: [test] OK LOGIN: Client "10.33.62.74"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "230 Login successful."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP command: Client "10.33.62.74", "OPTS UTF8 ON"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "200 Always in UTF8 mode."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP command: Client "10.33.62.74", "PBSZ 0"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "200 PBSZ set to 0."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP command: Client "10.33.62.74", "PROT P"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "200 PROT now Private."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP command: Client "10.33.62.74", "PWD"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "257 "/srv/ftp""
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP command: Client "10.33.62.74", "TYPE I"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "200 Switching to Binary mode."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP command: Client "10.33.62.74", "PASV"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "227 Entering Passive Mode (10,33,62,66,117,84)."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP command: Client "10.33.62.74", "LIST"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "150 Here comes the directory listing."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "226 Directory send OK."

 

 

This is my config file:

 

[ResidentAgent]
version=18.02.16.0
config-timestamp=20180228121217.956000+060

[Schedules]

[SendDataSettings]
method=smFTP
save-sent-data=0
URL=ftps://10.33.62.66
Login=test
Password=04000000C4F02FB5E2795EE06280481972597009
Timeout=30000
UseFW=0
UseProxy=0
 



#10 Alex

Alex

    Support

  • Administrators
  • PipPipPip
  • 188 posts
  • Gender:Male

Posted 01 March 2018 - 07:04 AM

That's strange. Everything should be working just fine with these settings. We'll try to reproduce this problem in our environment.



#11 Alex

Alex

    Support

  • Administrators
  • PipPipPip
  • 188 posts
  • Gender:Male

Posted 02 April 2018 - 12:41 AM

Hello!

 

This problem has been fixed in the latest TNI version (3.5.0.2605). Please update your TNI and let us know the result.



#12 ict.fys

ict.fys

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 03 April 2018 - 01:51 AM

No it does not work.

I updated to 3.5.0.2605, but the resident agent files (tniwinagent.exe, libeay32.dll, ssleay32.dll) are not different from the previous version.



#13 Alex

Alex

    Support

  • Administrators
  • PipPipPip
  • 188 posts
  • Gender:Male

Posted 03 April 2018 - 10:53 PM

Oh, I am sorry. This fix has been implemented in the new version that we released a few moments ago. Please reload the installer once again. The agent file will be updated in this version.



#14 ict.fys

ict.fys

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 04 April 2018 - 02:51 AM

Thanks, FTPS works and update-url supports https.



#15 Alex

Alex

    Support

  • Administrators
  • PipPipPip
  • 188 posts
  • Gender:Male

Posted 04 April 2018 - 03:11 AM

Great! Thanks for your feedback!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users