Kiwi Cattools Device Backup doesn't work anymore since new Fortigate OS 7.0.14 (2024-02-08)

After updating various Fortigate models from version 7.0.13 to 7.0.14 the Kiwi Cattools Backup (Device Backup TFTP) brakes. Kiwi Cattools errorlog: Connection failed (30011) Invalid data received from remote server. Protocol error.
Until V7.0.13 it workd like a charm

We are using the latest version of Kiwi Cattools (3.12.3.3257).

It looks like a cert/cipher Problem. Is there a way to delete a pre-stored server public key of Forti in SolarWind Kiwi Cattools? Putty Login works without any problems.

Here the Fortigate Debuglogs of the Kiwi Cattools Connection : 
SSH: This ip "KIWICATSERVERIP" is not blocked
SSH: fd 7 is not O_NONBLOCK
SSH: Forked child 17121.
SSH: Client protocol version 2.0; client software version WeOnlyDo 3.1.5.244
SSH: no match: WeOnlyDo 3.1.5.244
SSH: Enabling compatibility mode for protocol 2.0
SSH: Local version string SSH-2.0-IPgP_x0p6qa_aG
SSH: fd 7 setting O_NONBLOCK
SSH: Proposal: 0, Ciphers: 'diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521'
SSH: Proposal: 2, Ciphers: 'chacha20-poly1305@openssh.com,aes256-ctr,aes256-gcm@openssh.com'
SSH: Proposal: 3, Ciphers: 'chacha20-poly1305@openssh.com,aes256-ctr,aes256-gcm@openssh.com'
SSH: Proposal: 4, Ciphers: 'hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com'
SSH: Proposal: 5, Ciphers: 'hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com'
SSH: list_hostkey_types: rsa-sha2-512,ssh-ed25519
SSH: SSH2_MSG_KEXINIT sent
SSH: SSH2_MSG_KEXINIT received
SSH: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
SSH: kex_parse_kexinit: rsa-sha2-512,ssh-ed25519
SSH: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-ctr,aes256-gcm@openssh.com
SSH: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-ctr,aes256-gcm@openssh.com
SSH: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com
SSH: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com
SSH: kex_parse_kexinit: none,zlib@openssh.com
SSH: kex_parse_kexinit: none,zlib@openssh.com
SSH: kex_parse_kexinit:
SSH: kex_parse_kexinit:
SSH: kex_parse_kexinit: first_kex_follows 0
SSH: kex_parse_kexinit: reserved 0
SSH: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512,diffi
SSH: kex_parse_kexinit: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
SSH: kex_parse_kexinit: aes128-ctr,aes128-gcm@openssh.com,aes128-cbc,chacha20-poly1305@openssh.com,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu
SSH: kex_parse_kexinit: aes128-ctr,aes128-gcm@openssh.com,aes128-cbc,chacha20-poly1305@openssh.com,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu
SSH: kex_parse_kexinit: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,none
SSH: kex_parse_kexinit: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,none
SSH: kex_parse_kexinit: none,none
SSH: kex_parse_kexinit: none,none
SSH: kex_parse_kexinit:
SSH: kex_parse_kexinit:
SSH: kex_parse_kexinit: first_kex_follows 0
SSH: kex_parse_kexinit: reserved 0
SSH: kex: host key algorithm: rsa-sha2-512
SSH: kex: client->server chacha20-poly1305@openssh.com <implicit> none
SSH: kex: server->client chacha20-poly1305@openssh.com <implicit> none
SSH: expecting SSH2_MSG_KEX_ECDH_INIT
SSH: set_newkeys: mode 1
SSH: SSH2_MSG_NEWKEYS sent
SSH: expecting SSH2_MSG_NEWKEYS
SSH: Connection closed by "KIWICATSERVERIP"

Maybe someone has the same problem and already found out how to fix it.

Thanks in advance for any help!

Parents
  • I had the same problem and my initial solution was to use a Debian SSH jumpbox.  I opened a ticket with Solarwinds and here is the solution they sent me:  I have not tried it yet.

    +++

    We have released the Buddy Drop for Cattools to fix the issue with the backup of FortiGate devices.

    You may download the Buddy Drop here:  https://downloads.solarwinds.com/solarwinds/Release/PreRelease24/BD/Kiwi-CatTools_3.12.3_BD_KCT-417.zip

    It has been tested with Cattools version 3.12.3, the latest, but in theory, it should also work with the previous version.

    Below are the details of the BD and the installation/uninstallation steps:

    ==========================================
    SolarWinds Kiwi CatTools 3.12.3 Buddy Drop 
    ==========================================


    This SolarWinds buddy drop addresses the following issue:
       * [Kiwi CatTools] Failed to Backup FortiGate Running FortiOS 7.0.14 


    Requirements
    ============
    This buddy drop applies to Kiwi CatTools on the Windows operating system.


    Installation instructions
    =========================
    This buddy drop contains the following files required for installation:

        wodSSH.dll

    In the following procedures, the location to install wodSSH.dll is in the following directory:

        C:\Windows\SysWOW64


    Install the buddy drop
    ======================

    1. In the KiwiCatTools Manager, stop the Kiwi CatTools service. Shut down all running Kiwi CatTools processes.

    2. Back up the following file:

        C:\Windows\SysWOW64\wodSSH.dll

    3. Extract the buddy drop archive to a temporary location and copy the wodSSH.dll file. 

    4. Replace the wodSSH.dll file with latest wodSSH.dll file in the following directory: 
        
        C:\Windows\SysWOW64\
     
    5. Open the Windows command prompt and run as an administrator. Change the directory to C:\Windows\SysWOW64. Register the library file by executing the following command:

           regsvr32 wodSSH.dll 

     The buddy drop is now installed.

    6. Open the Kiwi CatTools application and start the Kiwi CatTools service.

    7. Run the Activity Device.Running.backup config with the Fortinet device.

      

    Result
    ======

    Kiwi CatTools should connect to the Fortinet device and back up the configuration successfully.


    Uninstall the buddy drop
    ========================

    1. In the KiwiCatTools Manager, stop the Kiwi CatTools service. Shut down all running Kiwi CatTools processes.

    2. Using the wodSSH.dll file you backed up during installation, replace the current wodSSH.dll file.

    3. Open the Windows command prompt and run as an administrator. Change the directory to C:\Windows\SysWOW64. Register the library file by executing the following command:

       regsvr32 wodSSH.dll 

     The buddy drop is now uninstalled.


    -------------------------------------------------------------------------------------------------
    For more information, contact SolarWinds Technical Support at
    support.solarwinds.com/kiwi-cattools


    Please let us know how it goes.


    Regards,

    Ernie Fran
    SolarWinds - Applications Engineer
    My Working Hours: 9:00 AM - 6:00 PM CDT, Monday to Friday
     
    Search Support Knowledge Base| Online SolarWinds Training | THWACK Community | What’s New at SolarWinds | Premium Support Offerings |Contact Support | Escalate a Support Case |Provide Feedback
    Get your SolarWinds Customer Success App Today! Available in the App Store!

  • Hi gnatt

    Thanks for sharing the solution. I have tested it and it works perfectly.
    Best regards and thanks again.

Reply Children
No Data