Koozali.org: home of the SME Server

Comunicazione SME9 verso SME 10

Offline simone686

  • **
  • 48
  • +0/-0
Comunicazione SME9 verso SME 10
« on: October 22, 2021, 04:19:08 PM »
Salve a tutti...

Ho diverse macchine SME9 e piano piano le devo portare sulla versione 10, cambiando nel contempo hardware.

Avrei necessità di fare un Rsync da 9 a 10 per passare dati e mail..

Ma mi trovo con il messaggio di incompatibilità di cifratura per lo scambio delle chiavi.

"Unable to negotiate with 192.168.1.239 port 57977: no matching MAC found. Their offer: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]"

Esiste un workaround per rendere i due sistemi compatibili ?

Ho provato senza successo con questo consiglio

In the algorithm names, -etm means "encrypt-then-mac", i.e. the message authentication code is calculated after encryption. It is recommended to use these algorithms because they are considered safer.
Also md5 MAC are unsafe. 32 bits
SHA1 are unsafe too. 160 bits.
Secure is nowaday at least 256, but will be soon 512

You should open a bug against your software to ask them to make this software secure again,


you might do that as a TEMPORARY  workaround. The reason is that by doing that you will allow this cipher to anyone able to connect, making their connection insecure and open to access to the exchanged information, including the content of your backup.

Code: [Select]
mkdir -p  /etc/e-smith/templates-custom/etc/ssh/sshd_config/
printf "#temp workaround for  using Backup software with insecure options\nMACs=+hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com\n\n\n" > /etc/e-smith/templates-custom/etc/ssh/sshd_config/34MACsLocalAdd
expand-template /etc/ssh/sshd_config
systemctl restart sshd

for information winSCP allow the following MACs (https://winscp.net/eng/docs/ssh_algorithms):
Message authentication codes (MACs): hmac-md5, hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-md5-etm@openssh.com, hmac-sha1-etm@openssh.com, hmac-sha1-96-etm@openssh.com, hmac-sha2-256-etm@openssh.com

Offline Jean-Philippe Pialasse

  • *
  • 2,277
  • +8/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Comunicazione SME9 verso SME 10
« Reply #1 on: October 22, 2021, 04:32:45 PM »
are you trying sme9 to sme10
Code: [Select]
sme9# rsync / root@sme10:/
or sme10 from sme9
Code: [Select]
sme10# rsync root@sme9:/ / depending on the side you do you need to alter ssh client or server. 


see tip number 1 here https://forums.contribs.org/index.php/topic,54433.0.html

Offline Fumetto

  • *
  • 852
  • +0/-0
Re: Comunicazione SME9 verso SME 10
« Reply #2 on: October 22, 2021, 06:18:32 PM »
Ma, visto che devi pure fare il cambio hardware, fare backup da console sul 9 e ripristino durante l'installazione sul 10 ti pare una brutta cosa? Che eviteresti un po' di rogne IMO...
Smeserver.it -  Soluzioni e supporto su Sme server in Italia

Offline simone686

  • **
  • 48
  • +0/-0
Re: Comunicazione SME9 verso SME 10
« Reply #3 on: October 24, 2021, 11:28:39 PM »
Ciao..Intendi la funzione backuppc ? mai usata...pensavo non fosse la cosa migliore...

Offline Jean-Philippe Pialasse

  • *
  • 2,277
  • +8/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Comunicazione SME9 verso SME 10
« Reply #4 on: October 24, 2021, 11:40:35 PM »
i think he means the console backup to usb which is standard.

I have used successfully:
- console backup to usb and restore
- backuppc and restore by creating a tgz (see wiki page)
- using script migrate helper contrib (excludint folders with Terrabites) then using rsync to sync the big bits from sme9 to sme10

for your case with new hardware if you have the hability to keep both runing i would suggest the third solution so you can limit the downtime and also are able to get back bits tou might have forgotten abd are not supported by default backup. 

Also it coupd be time to have a dedicated partitiont on a separated raid for data in /home/e-smith/files