DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------

You can add this algorithm on the client side during the command (can also be added to the SSH config client side):

ssh -oHostKeyAlgorithms=+ssh-rsa <dp>

I would also confirm that DP SSH is on port 22 and nothing else is. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Thu September 07, 2023 04:44 PM
From: Paul Dango
Subject: SSH Login into DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------

We executed the command and got the following response:

ssh -oHostKeyAlgorithms=+ssh-rsa 10.0.0.41

The authenticity of host '10.0.0.41 (10.0.0.41)' can't be established.

RSA key fingerprint is SHA256:w7Qhrx9kGOD8fxIEjlqgzpMxDlGdG5XwxkjoVtiIOHI.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added '10.0.0.41' (RSA) to the list of known hosts.

Connection to 10.0.0.41 closed by remote host.

Connection to 10.0.0.41 closed.

This message was recorded in the DataPower log:

ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

Thanks,

Paul

You can add this algorithm on the client side during the command (can also be added to the SSH config client side):

ssh -oHostKeyAlgorithms=+ssh-rsa <dp>

I would also confirm that DP SSH is on port 22 and nothing else is. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Thu September 07, 2023 04:44 PM
From: Paul Dango
Subject: SSH Login into DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------

When you ran your container, did you run this as root? Root permission is required for SSH to work. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Fri September 08, 2023 11:10 AM
From: Paul Dango
Subject: SSH Login into DataPower

We executed the command and got the following response:

ssh -oHostKeyAlgorithms=+ssh-rsa 10.0.0.41

The authenticity of host '10.0.0.41 (10.0.0.41)' can't be established.

RSA key fingerprint is SHA256:w7Qhrx9kGOD8fxIEjlqgzpMxDlGdG5XwxkjoVtiIOHI.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added '10.0.0.41' (RSA) to the list of known hosts.

Connection to 10.0.0.41 closed by remote host.

Connection to 10.0.0.41 closed.

This message was recorded in the DataPower log:

ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

Thanks,

Paul

------------------------------
Paul Dango

Original Message:
Sent: Fri September 08, 2023 08:02 AM
From: Chris Sloan
Subject: SSH Login into DataPower

You can add this algorithm on the client side during the command (can also be added to the SSH config client side):

ssh -oHostKeyAlgorithms=+ssh-rsa <dp>

I would also confirm that DP SSH is on port 22 and nothing else is. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Thu September 07, 2023 04:44 PM
From: Paul Dango
Subject: SSH Login into DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------

I'm also having this same issue, on a number of different 10.x firmware obtained from the newer icr.io repository.  This is the error I got just now using a 10.0.1.4 firmware:

2023-09-12 15:12:28 20230912T191228.515Z [0x80e005d5][ssh][error] ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

I initially ran the command to create the container from an administrator shell in Windows 10.  I don't have this problem with an older 2018.4.1.15 firmware running on Docker.

I previously reported this issue in the following post (see post #17), but didn't see a reply on that thread:

What's new with IBM DataPower Gateway? Webinar | DataPower

------------------------------
Jim T.

Original Message:
Sent: Fri September 08, 2023 11:19 AM
From: Chris Sloan
Subject: SSH Login into DataPower

When you ran your container, did you run this as root? Root permission is required for SSH to work. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Fri September 08, 2023 11:10 AM
From: Paul Dango
Subject: SSH Login into DataPower

We executed the command and got the following response:

ssh -oHostKeyAlgorithms=+ssh-rsa 10.0.0.41

The authenticity of host '10.0.0.41 (10.0.0.41)' can't be established.

RSA key fingerprint is SHA256:w7Qhrx9kGOD8fxIEjlqgzpMxDlGdG5XwxkjoVtiIOHI.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added '10.0.0.41' (RSA) to the list of known hosts.

Connection to 10.0.0.41 closed by remote host.

Connection to 10.0.0.41 closed.

This message was recorded in the DataPower log:

ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

Thanks,

Paul

------------------------------
Paul Dango

Original Message:
Sent: Fri September 08, 2023 08:02 AM
From: Chris Sloan
Subject: SSH Login into DataPower

You can add this algorithm on the client side during the command (can also be added to the SSH config client side):

ssh -oHostKeyAlgorithms=+ssh-rsa <dp>

I would also confirm that DP SSH is on port 22 and nothing else is. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Thu September 07, 2023 04:44 PM
From: Paul Dango
Subject: SSH Login into DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------

Jim,

Though I don't have 10.0.1.4, I still have a couple on 10.0.1.7.  I just tested an SSH connection to those just fine.  I find it strange the error in DataPower.  What client are you using?

If you are at TechXchange, you want to meet up and try to figure this out?

------------------------------
Joseph Morgan

Original Message:
Sent: Tue September 12, 2023 03:19 PM
From: Jim T.
Subject: SSH Login into DataPower

I'm also having this same issue, on a number of different 10.x firmware obtained from the newer icr.io repository.  This is the error I got just now using a 10.0.1.4 firmware:

2023-09-12 15:12:28 20230912T191228.515Z [0x80e005d5][ssh][error] ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

I initially ran the command to create the container from an administrator shell in Windows 10.  I don't have this problem with an older 2018.4.1.15 firmware running on Docker.

I previously reported this issue in the following post (see post #17), but didn't see a reply on that thread:

What's new with IBM DataPower Gateway? Webinar | DataPower

------------------------------
Jim T.

Original Message:
Sent: Fri September 08, 2023 11:19 AM
From: Chris Sloan
Subject: SSH Login into DataPower

When you ran your container, did you run this as root? Root permission is required for SSH to work. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Fri September 08, 2023 11:10 AM
From: Paul Dango
Subject: SSH Login into DataPower

We executed the command and got the following response:

ssh -oHostKeyAlgorithms=+ssh-rsa 10.0.0.41

The authenticity of host '10.0.0.41 (10.0.0.41)' can't be established.

RSA key fingerprint is SHA256:w7Qhrx9kGOD8fxIEjlqgzpMxDlGdG5XwxkjoVtiIOHI.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added '10.0.0.41' (RSA) to the list of known hosts.

Connection to 10.0.0.41 closed by remote host.

Connection to 10.0.0.41 closed.

This message was recorded in the DataPower log:

ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

Thanks,

Paul

------------------------------
Paul Dango

Original Message:
Sent: Fri September 08, 2023 08:02 AM
From: Chris Sloan
Subject: SSH Login into DataPower

You can add this algorithm on the client side during the command (can also be added to the SSH config client side):

ssh -oHostKeyAlgorithms=+ssh-rsa <dp>

I would also confirm that DP SSH is on port 22 and nothing else is. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Thu September 07, 2023 04:44 PM
From: Paul Dango
Subject: SSH Login into DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------

Hi Joseph, thanks for the reply.  I am using a fairly recent version of SecureCRT (v9.2.3). I was thinking maybe it might be my client, but I get the same issue when I SSH via the Windows command line.

Unfortunately I am not at TechXchange, but thanks kindly for the offer to help!  In the meantime, I will give firmware 10.0.1.7 a try and provide an update after I get it set up.

------------------------------
Jim T.

Original Message:
Sent: Tue September 12, 2023 07:50 PM
From: Joseph Morgan
Subject: SSH Login into DataPower

Jim,

Though I don't have 10.0.1.4, I still have a couple on 10.0.1.7.  I just tested an SSH connection to those just fine.  I find it strange the error in DataPower.  What client are you using?

If you are at TechXchange, you want to meet up and try to figure this out?

------------------------------
Joseph Morgan

Original Message:
Sent: Tue September 12, 2023 03:19 PM
From: Jim T.
Subject: SSH Login into DataPower

I'm also having this same issue, on a number of different 10.x firmware obtained from the newer icr.io repository.  This is the error I got just now using a 10.0.1.4 firmware:

2023-09-12 15:12:28 20230912T191228.515Z [0x80e005d5][ssh][error] ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

I initially ran the command to create the container from an administrator shell in Windows 10.  I don't have this problem with an older 2018.4.1.15 firmware running on Docker.

I previously reported this issue in the following post (see post #17), but didn't see a reply on that thread:

What's new with IBM DataPower Gateway? Webinar | DataPower

------------------------------
Jim T.

Original Message:
Sent: Fri September 08, 2023 11:19 AM
From: Chris Sloan
Subject: SSH Login into DataPower

When you ran your container, did you run this as root? Root permission is required for SSH to work. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Fri September 08, 2023 11:10 AM
From: Paul Dango
Subject: SSH Login into DataPower

We executed the command and got the following response:

ssh -oHostKeyAlgorithms=+ssh-rsa 10.0.0.41

The authenticity of host '10.0.0.41 (10.0.0.41)' can't be established.

RSA key fingerprint is SHA256:w7Qhrx9kGOD8fxIEjlqgzpMxDlGdG5XwxkjoVtiIOHI.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added '10.0.0.41' (RSA) to the list of known hosts.

Connection to 10.0.0.41 closed by remote host.

Connection to 10.0.0.41 closed.

This message was recorded in the DataPower log:

ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

Thanks,

Paul

------------------------------
Paul Dango

Original Message:
Sent: Fri September 08, 2023 08:02 AM
From: Chris Sloan
Subject: SSH Login into DataPower

You can add this algorithm on the client side during the command (can also be added to the SSH config client side):

ssh -oHostKeyAlgorithms=+ssh-rsa <dp>

I would also confirm that DP SSH is on port 22 and nothing else is. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Thu September 07, 2023 04:44 PM
From: Paul Dango
Subject: SSH Login into DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------

Update: I downloaded image 10.0.1.7 using a completely different Windows 10 computer running Docker, and am having the same 'operation not permitted' error connecting via SSH. This time I used PuTTY from that system, and I was at least able to see the DataPower login prompt.  But once I entered admin and hit enter, I get disconnected with a message stating the 'server unexpectedly closed network connection'. I configured port 9023 as my SSH port, although I don't suspect this is the issue.  I also launched Docker Desktop as Administrator, but it made no difference.

I can't be the only one experiencing this on Windows:) Unless I am doing something totally backwards.

Hi Joseph, thanks for the reply.  I am using a fairly recent version of SecureCRT (v9.2.3). I was thinking maybe it might be my client, but I get the same issue when I SSH via the Windows command line.

Unfortunately I am not at TechXchange, but thanks kindly for the offer to help!  In the meantime, I will give firmware 10.0.1.7 a try and provide an update after I get it set up.

------------------------------
Jim T.

Original Message:
Sent: Tue September 12, 2023 07:50 PM
From: Joseph Morgan
Subject: SSH Login into DataPower

Jim,

Though I don't have 10.0.1.4, I still have a couple on 10.0.1.7.  I just tested an SSH connection to those just fine.  I find it strange the error in DataPower.  What client are you using?

If you are at TechXchange, you want to meet up and try to figure this out?

------------------------------
Joseph Morgan

Original Message:
Sent: Tue September 12, 2023 03:19 PM
From: Jim T.
Subject: SSH Login into DataPower

I'm also having this same issue, on a number of different 10.x firmware obtained from the newer icr.io repository.  This is the error I got just now using a 10.0.1.4 firmware:

2023-09-12 15:12:28 20230912T191228.515Z [0x80e005d5][ssh][error] ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

I initially ran the command to create the container from an administrator shell in Windows 10.  I don't have this problem with an older 2018.4.1.15 firmware running on Docker.

I previously reported this issue in the following post (see post #17), but didn't see a reply on that thread:

What's new with IBM DataPower Gateway? Webinar | DataPower

------------------------------
Jim T.

Original Message:
Sent: Fri September 08, 2023 11:19 AM
From: Chris Sloan
Subject: SSH Login into DataPower

When you ran your container, did you run this as root? Root permission is required for SSH to work. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Fri September 08, 2023 11:10 AM
From: Paul Dango
Subject: SSH Login into DataPower

We executed the command and got the following response:

ssh -oHostKeyAlgorithms=+ssh-rsa 10.0.0.41

The authenticity of host '10.0.0.41 (10.0.0.41)' can't be established.

RSA key fingerprint is SHA256:w7Qhrx9kGOD8fxIEjlqgzpMxDlGdG5XwxkjoVtiIOHI.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added '10.0.0.41' (RSA) to the list of known hosts.

Connection to 10.0.0.41 closed by remote host.

Connection to 10.0.0.41 closed.

This message was recorded in the DataPower log:

ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

Thanks,

Paul

------------------------------
Paul Dango

Original Message:
Sent: Fri September 08, 2023 08:02 AM
From: Chris Sloan
Subject: SSH Login into DataPower

You can add this algorithm on the client side during the command (can also be added to the SSH config client side):

ssh -oHostKeyAlgorithms=+ssh-rsa <dp>

I would also confirm that DP SSH is on port 22 and nothing else is. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Thu September 07, 2023 04:44 PM
From: Paul Dango
Subject: SSH Login into DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------

Hey Jim,

When you run the container, are you running it with the root user? I am not sure what that looks like from Docker Desktop, but on CLI it would be similar to `docker run -u root ... <dp image>`

Update: I downloaded image 10.0.1.7 using a completely different Windows 10 computer running Docker, and am having the same 'operation not permitted' error connecting via SSH. This time I used PuTTY from that system, and I was at least able to see the DataPower login prompt.  But once I entered admin and hit enter, I get disconnected with a message stating the 'server unexpectedly closed network connection'. I configured port 9023 as my SSH port, although I don't suspect this is the issue.  I also launched Docker Desktop as Administrator, but it made no difference.

I can't be the only one experiencing this on Windows:) Unless I am doing something totally backwards.

Hi Joseph, thanks for the reply.  I am using a fairly recent version of SecureCRT (v9.2.3). I was thinking maybe it might be my client, but I get the same issue when I SSH via the Windows command line.

Unfortunately I am not at TechXchange, but thanks kindly for the offer to help!  In the meantime, I will give firmware 10.0.1.7 a try and provide an update after I get it set up.

------------------------------
Jim T.

Original Message:
Sent: Tue September 12, 2023 07:50 PM
From: Joseph Morgan
Subject: SSH Login into DataPower

Jim,

Though I don't have 10.0.1.4, I still have a couple on 10.0.1.7.  I just tested an SSH connection to those just fine.  I find it strange the error in DataPower.  What client are you using?

If you are at TechXchange, you want to meet up and try to figure this out?

------------------------------
Joseph Morgan

Original Message:
Sent: Tue September 12, 2023 03:19 PM
From: Jim T.
Subject: SSH Login into DataPower

I'm also having this same issue, on a number of different 10.x firmware obtained from the newer icr.io repository.  This is the error I got just now using a 10.0.1.4 firmware:

2023-09-12 15:12:28 20230912T191228.515Z [0x80e005d5][ssh][error] ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

I initially ran the command to create the container from an administrator shell in Windows 10.  I don't have this problem with an older 2018.4.1.15 firmware running on Docker.

I previously reported this issue in the following post (see post #17), but didn't see a reply on that thread:

What's new with IBM DataPower Gateway? Webinar | DataPower

------------------------------
Jim T.

Original Message:
Sent: Fri September 08, 2023 11:19 AM
From: Chris Sloan
Subject: SSH Login into DataPower

When you ran your container, did you run this as root? Root permission is required for SSH to work. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Fri September 08, 2023 11:10 AM
From: Paul Dango
Subject: SSH Login into DataPower

We executed the command and got the following response:

ssh -oHostKeyAlgorithms=+ssh-rsa 10.0.0.41

The authenticity of host '10.0.0.41 (10.0.0.41)' can't be established.

RSA key fingerprint is SHA256:w7Qhrx9kGOD8fxIEjlqgzpMxDlGdG5XwxkjoVtiIOHI.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added '10.0.0.41' (RSA) to the list of known hosts.

Connection to 10.0.0.41 closed by remote host.

Connection to 10.0.0.41 closed.

This message was recorded in the DataPower log:

ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

Thanks,

Paul

------------------------------
Paul Dango

Original Message:
Sent: Fri September 08, 2023 08:02 AM
From: Chris Sloan
Subject: SSH Login into DataPower

You can add this algorithm on the client side during the command (can also be added to the SSH config client side):

ssh -oHostKeyAlgorithms=+ssh-rsa <dp>

I would also confirm that DP SSH is on port 22 and nothing else is. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Thu September 07, 2023 04:44 PM
From: Paul Dango
Subject: SSH Login into DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------

Hi Chris,

I tried launching a new container, this time including the parameter --user=root, and that resolved the problem!  I never actually specified the user parameter when launching my older 2018.4.1.15 image, so I'm assuming something changed in these newer images where that parameter is now needed..

Here's the full command line I used, that now allows me to SSH without any problems:

docker run --user=root -it -v $PWD/config:/drouter/config -v $PWD/local:/drouter/local -e DATAPOWER_ACCEPT_LICENSE=true -e DATAPOWER_INTERACTIVE=true -e DATAPOWER_WORKER_THREADS=4 -p 9091:9091 -p 9023:9023 -p 5555:5555 -p 5551:5551 -p 8020-8030:8020-8030 --hostname dp1001 --name DataPower_1001 icr.io/cpopen/datapower/datapower-limited:10.0.1.7

Hey Jim,

When you run the container, are you running it with the root user? I am not sure what that looks like from Docker Desktop, but on CLI it would be similar to `docker run -u root ... <dp image>`

Update: I downloaded image 10.0.1.7 using a completely different Windows 10 computer running Docker, and am having the same 'operation not permitted' error connecting via SSH. This time I used PuTTY from that system, and I was at least able to see the DataPower login prompt.  But once I entered admin and hit enter, I get disconnected with a message stating the 'server unexpectedly closed network connection'. I configured port 9023 as my SSH port, although I don't suspect this is the issue.  I also launched Docker Desktop as Administrator, but it made no difference.

I can't be the only one experiencing this on Windows:) Unless I am doing something totally backwards.

Hi Joseph, thanks for the reply.  I am using a fairly recent version of SecureCRT (v9.2.3). I was thinking maybe it might be my client, but I get the same issue when I SSH via the Windows command line.

Unfortunately I am not at TechXchange, but thanks kindly for the offer to help!  In the meantime, I will give firmware 10.0.1.7 a try and provide an update after I get it set up.

------------------------------
Jim T.

Original Message:
Sent: Tue September 12, 2023 07:50 PM
From: Joseph Morgan
Subject: SSH Login into DataPower

Jim,

Though I don't have 10.0.1.4, I still have a couple on 10.0.1.7.  I just tested an SSH connection to those just fine.  I find it strange the error in DataPower.  What client are you using?

If you are at TechXchange, you want to meet up and try to figure this out?

------------------------------
Joseph Morgan

Original Message:
Sent: Tue September 12, 2023 03:19 PM
From: Jim T.
Subject: SSH Login into DataPower

I'm also having this same issue, on a number of different 10.x firmware obtained from the newer icr.io repository.  This is the error I got just now using a 10.0.1.4 firmware:

2023-09-12 15:12:28 20230912T191228.515Z [0x80e005d5][ssh][error] ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

I initially ran the command to create the container from an administrator shell in Windows 10.  I don't have this problem with an older 2018.4.1.15 firmware running on Docker.

I previously reported this issue in the following post (see post #17), but didn't see a reply on that thread:

What's new with IBM DataPower Gateway? Webinar | DataPower

------------------------------
Jim T.

Original Message:
Sent: Fri September 08, 2023 11:19 AM
From: Chris Sloan
Subject: SSH Login into DataPower

When you ran your container, did you run this as root? Root permission is required for SSH to work. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Fri September 08, 2023 11:10 AM
From: Paul Dango
Subject: SSH Login into DataPower

We executed the command and got the following response:

ssh -oHostKeyAlgorithms=+ssh-rsa 10.0.0.41

The authenticity of host '10.0.0.41 (10.0.0.41)' can't be established.

RSA key fingerprint is SHA256:w7Qhrx9kGOD8fxIEjlqgzpMxDlGdG5XwxkjoVtiIOHI.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added '10.0.0.41' (RSA) to the list of known hosts.

Connection to 10.0.0.41 closed by remote host.

Connection to 10.0.0.41 closed.

This message was recorded in the DataPower log:

ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

Thanks,

Paul

------------------------------
Paul Dango

Original Message:
Sent: Fri September 08, 2023 08:02 AM
From: Chris Sloan
Subject: SSH Login into DataPower

You can add this algorithm on the client side during the command (can also be added to the SSH config client side):

ssh -oHostKeyAlgorithms=+ssh-rsa <dp>

I would also confirm that DP SSH is on port 22 and nothing else is. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Thu September 07, 2023 04:44 PM
From: Paul Dango
Subject: SSH Login into DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------

Glad to hear that helped! 

The default user is `drouter` and generally that is good. SSH/SFTP specifically requires root access, so this will only work if the container is run with user `root`. I would not suggest switching the user unless you explicitly needed these. Best practice is generally not to run containers as root in a real production environment, and if needed, that should be planned/discussed with the appropriate teams. 

I believe this did change after v2018 as part of the work needed to certify our containers with RedHat. 

There is a note (and some other useful 'not available on docker/containers' info) here: https://www.ibm.com/docs/en/datapower-gateway/10.5.0?topic=docker-unavailable-functions-commands

Hi Chris,

I tried launching a new container, this time including the parameter --user=root, and that resolved the problem!  I never actually specified the user parameter when launching my older 2018.4.1.15 image, so I'm assuming something changed in these newer images where that parameter is now needed..

Here's the full command line I used, that now allows me to SSH without any problems:

docker run --user=root -it -v $PWD/config:/drouter/config -v $PWD/local:/drouter/local -e DATAPOWER_ACCEPT_LICENSE=true -e DATAPOWER_INTERACTIVE=true -e DATAPOWER_WORKER_THREADS=4 -p 9091:9091 -p 9023:9023 -p 5555:5555 -p 5551:5551 -p 8020-8030:8020-8030 --hostname dp1001 --name DataPower_1001 icr.io/cpopen/datapower/datapower-limited:10.0.1.7

Hey Jim,

When you run the container, are you running it with the root user? I am not sure what that looks like from Docker Desktop, but on CLI it would be similar to `docker run -u root ... <dp image>`

Update: I downloaded image 10.0.1.7 using a completely different Windows 10 computer running Docker, and am having the same 'operation not permitted' error connecting via SSH. This time I used PuTTY from that system, and I was at least able to see the DataPower login prompt.  But once I entered admin and hit enter, I get disconnected with a message stating the 'server unexpectedly closed network connection'. I configured port 9023 as my SSH port, although I don't suspect this is the issue.  I also launched Docker Desktop as Administrator, but it made no difference.

I can't be the only one experiencing this on Windows:) Unless I am doing something totally backwards.

Hi Joseph, thanks for the reply.  I am using a fairly recent version of SecureCRT (v9.2.3). I was thinking maybe it might be my client, but I get the same issue when I SSH via the Windows command line.

Unfortunately I am not at TechXchange, but thanks kindly for the offer to help!  In the meantime, I will give firmware 10.0.1.7 a try and provide an update after I get it set up.

------------------------------
Jim T.

Original Message:
Sent: Tue September 12, 2023 07:50 PM
From: Joseph Morgan
Subject: SSH Login into DataPower

Jim,

Though I don't have 10.0.1.4, I still have a couple on 10.0.1.7.  I just tested an SSH connection to those just fine.  I find it strange the error in DataPower.  What client are you using?

If you are at TechXchange, you want to meet up and try to figure this out?

------------------------------
Joseph Morgan

Original Message:
Sent: Tue September 12, 2023 03:19 PM
From: Jim T.
Subject: SSH Login into DataPower

I'm also having this same issue, on a number of different 10.x firmware obtained from the newer icr.io repository.  This is the error I got just now using a 10.0.1.4 firmware:

2023-09-12 15:12:28 20230912T191228.515Z [0x80e005d5][ssh][error] ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

I initially ran the command to create the container from an administrator shell in Windows 10.  I don't have this problem with an older 2018.4.1.15 firmware running on Docker.

I previously reported this issue in the following post (see post #17), but didn't see a reply on that thread:

What's new with IBM DataPower Gateway? Webinar | DataPower

------------------------------
Jim T.

Original Message:
Sent: Fri September 08, 2023 11:19 AM
From: Chris Sloan
Subject: SSH Login into DataPower

When you ran your container, did you run this as root? Root permission is required for SSH to work. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Fri September 08, 2023 11:10 AM
From: Paul Dango
Subject: SSH Login into DataPower

We executed the command and got the following response:

ssh -oHostKeyAlgorithms=+ssh-rsa 10.0.0.41

The authenticity of host '10.0.0.41 (10.0.0.41)' can't be established.

RSA key fingerprint is SHA256:w7Qhrx9kGOD8fxIEjlqgzpMxDlGdG5XwxkjoVtiIOHI.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added '10.0.0.41' (RSA) to the list of known hosts.

Connection to 10.0.0.41 closed by remote host.

Connection to 10.0.0.41 closed.

This message was recorded in the DataPower log:

ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

Thanks,

Paul

------------------------------
Paul Dango

Original Message:
Sent: Fri September 08, 2023 08:02 AM
From: Chris Sloan
Subject: SSH Login into DataPower

You can add this algorithm on the client side during the command (can also be added to the SSH config client side):

ssh -oHostKeyAlgorithms=+ssh-rsa <dp>

I would also confirm that DP SSH is on port 22 and nothing else is. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Thu September 07, 2023 04:44 PM
From: Paul Dango
Subject: SSH Login into DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------

Update: I downloaded image 10.0.1.7 using a completely different Windows 10 computer running Docker, and am having the same 'operation not permitted' error connecting via SSH. This time I used PuTTY from that system, and I was at least able to see the DataPower login prompt.  But once I entered admin and hit enter, I get disconnected with a message stating the 'server unexpectedly closed network connection'. I configured port 9023 as my SSH port, although I don't suspect this is the issue.  I also launched Docker Desktop as Administrator, but it made no difference.

I can't be the only one experiencing this on Windows:) Unless I am doing something totally backwards.

Hi Joseph, thanks for the reply.  I am using a fairly recent version of SecureCRT (v9.2.3). I was thinking maybe it might be my client, but I get the same issue when I SSH via the Windows command line.

Unfortunately I am not at TechXchange, but thanks kindly for the offer to help!  In the meantime, I will give firmware 10.0.1.7 a try and provide an update after I get it set up.

------------------------------
Jim T.

Original Message:
Sent: Tue September 12, 2023 07:50 PM
From: Joseph Morgan
Subject: SSH Login into DataPower

Jim,

Though I don't have 10.0.1.4, I still have a couple on 10.0.1.7.  I just tested an SSH connection to those just fine.  I find it strange the error in DataPower.  What client are you using?

If you are at TechXchange, you want to meet up and try to figure this out?

------------------------------
Joseph Morgan

Original Message:
Sent: Tue September 12, 2023 03:19 PM
From: Jim T.
Subject: SSH Login into DataPower

I'm also having this same issue, on a number of different 10.x firmware obtained from the newer icr.io repository.  This is the error I got just now using a 10.0.1.4 firmware:

2023-09-12 15:12:28 20230912T191228.515Z [0x80e005d5][ssh][error] ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

I initially ran the command to create the container from an administrator shell in Windows 10.  I don't have this problem with an older 2018.4.1.15 firmware running on Docker.

I previously reported this issue in the following post (see post #17), but didn't see a reply on that thread:

What's new with IBM DataPower Gateway? Webinar | DataPower

------------------------------
Jim T.

Original Message:
Sent: Fri September 08, 2023 11:19 AM
From: Chris Sloan
Subject: SSH Login into DataPower

When you ran your container, did you run this as root? Root permission is required for SSH to work. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Fri September 08, 2023 11:10 AM
From: Paul Dango
Subject: SSH Login into DataPower

We executed the command and got the following response:

ssh -oHostKeyAlgorithms=+ssh-rsa 10.0.0.41

The authenticity of host '10.0.0.41 (10.0.0.41)' can't be established.

RSA key fingerprint is SHA256:w7Qhrx9kGOD8fxIEjlqgzpMxDlGdG5XwxkjoVtiIOHI.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added '10.0.0.41' (RSA) to the list of known hosts.

Connection to 10.0.0.41 closed by remote host.

Connection to 10.0.0.41 closed.

This message was recorded in the DataPower log:

ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

Thanks,

Paul

------------------------------
Paul Dango

Original Message:
Sent: Fri September 08, 2023 08:02 AM
From: Chris Sloan
Subject: SSH Login into DataPower

You can add this algorithm on the client side during the command (can also be added to the SSH config client side):

ssh -oHostKeyAlgorithms=+ssh-rsa <dp>

I would also confirm that DP SSH is on port 22 and nothing else is. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Thu September 07, 2023 04:44 PM
From: Paul Dango
Subject: SSH Login into DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------

Jim,

I'm running Ubuntu, not Windows.   Though I know it might be a total pain in the "you know what", if you get the energy, maybe setup a VM with Ubuntu and try from there??

------------------------------
Joseph Morgan

Original Message:
Sent: Wed September 13, 2023 05:19 PM
From: Jim T.
Subject: SSH Login into DataPower

Update: I downloaded image 10.0.1.7 using a completely different Windows 10 computer running Docker, and am having the same 'operation not permitted' error connecting via SSH. This time I used PuTTY from that system, and I was at least able to see the DataPower login prompt.  But once I entered admin and hit enter, I get disconnected with a message stating the 'server unexpectedly closed network connection'. I configured port 9023 as my SSH port, although I don't suspect this is the issue.  I also launched Docker Desktop as Administrator, but it made no difference.

I can't be the only one experiencing this on Windows:) Unless I am doing something totally backwards.

------------------------------
Jim T.

Original Message:
Sent: Wed September 13, 2023 01:29 PM
From: Jim T.
Subject: SSH Login into DataPower

Hi Joseph, thanks for the reply.  I am using a fairly recent version of SecureCRT (v9.2.3). I was thinking maybe it might be my client, but I get the same issue when I SSH via the Windows command line.

Unfortunately I am not at TechXchange, but thanks kindly for the offer to help!  In the meantime, I will give firmware 10.0.1.7 a try and provide an update after I get it set up.

------------------------------
Jim T.

Original Message:
Sent: Tue September 12, 2023 07:50 PM
From: Joseph Morgan
Subject: SSH Login into DataPower

Jim,

Though I don't have 10.0.1.4, I still have a couple on 10.0.1.7.  I just tested an SSH connection to those just fine.  I find it strange the error in DataPower.  What client are you using?

If you are at TechXchange, you want to meet up and try to figure this out?

------------------------------
Joseph Morgan

Original Message:
Sent: Tue September 12, 2023 03:19 PM
From: Jim T.
Subject: SSH Login into DataPower

I'm also having this same issue, on a number of different 10.x firmware obtained from the newer icr.io repository.  This is the error I got just now using a 10.0.1.4 firmware:

2023-09-12 15:12:28 20230912T191228.515Z [0x80e005d5][ssh][error] ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

I initially ran the command to create the container from an administrator shell in Windows 10.  I don't have this problem with an older 2018.4.1.15 firmware running on Docker.

I previously reported this issue in the following post (see post #17), but didn't see a reply on that thread:

What's new with IBM DataPower Gateway? Webinar | DataPower

------------------------------
Jim T.

Original Message:
Sent: Fri September 08, 2023 11:19 AM
From: Chris Sloan
Subject: SSH Login into DataPower

When you ran your container, did you run this as root? Root permission is required for SSH to work. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Fri September 08, 2023 11:10 AM
From: Paul Dango
Subject: SSH Login into DataPower

We executed the command and got the following response:

ssh -oHostKeyAlgorithms=+ssh-rsa 10.0.0.41

The authenticity of host '10.0.0.41 (10.0.0.41)' can't be established.

RSA key fingerprint is SHA256:w7Qhrx9kGOD8fxIEjlqgzpMxDlGdG5XwxkjoVtiIOHI.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added '10.0.0.41' (RSA) to the list of known hosts.

Connection to 10.0.0.41 closed by remote host.

Connection to 10.0.0.41 closed.

This message was recorded in the DataPower log:

ssh(SSH Service): SSH Server internal message: 'chown(/dev/pts/1, 0, 5) failed: Operation not permitted'

Thanks,

Paul

------------------------------
Paul Dango

Original Message:
Sent: Fri September 08, 2023 08:02 AM
From: Chris Sloan
Subject: SSH Login into DataPower

You can add this algorithm on the client side during the command (can also be added to the SSH config client side):

ssh -oHostKeyAlgorithms=+ssh-rsa <dp>

I would also confirm that DP SSH is on port 22 and nothing else is. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Thu September 07, 2023 04:44 PM
From: Paul Dango
Subject: SSH Login into DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------

You can add this algorithm on the client side during the command (can also be added to the SSH config client side):

ssh -oHostKeyAlgorithms=+ssh-rsa <dp>

I would also confirm that DP SSH is on port 22 and nothing else is. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Thu September 07, 2023 04:44 PM
From: Paul Dango
Subject: SSH Login into DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------

Hi Chris,

Using ssh -oHostKeyAlgorithms=+ssh-rsa <dp>, we are able to log in to the DataPower CLI. But can you please tell us which algorithm and ciphers are required to log in from the CLI?

You can add this algorithm on the client side during the command (can also be added to the SSH config client side):

ssh -oHostKeyAlgorithms=+ssh-rsa <dp>

I would also confirm that DP SSH is on port 22 and nothing else is. 

------------------------------
Chris Sloan
DataPower Development

Original Message:
Sent: Thu September 07, 2023 04:44 PM
From: Paul Dango
Subject: SSH Login into DataPower

We have DataPower on Docker installation:

When logging on the SSH service of Datapower, weare  getting the following message:

Unable to negotiate with 10.0.0.41 port 22: no matching host key type found. Their offer: ssh-rsa.

The SSH services is enabled, the Web-MGMT services is up and running on DataPower.

Any clues?

Thanks,

Paul

------------------------------
Paul Dango
------------------------------