-
Bug
-
Resolution: Unresolved
-
None
-
None
-
None
-
Operating System: All
Platform: All
-
8297
I can mount Cisco NSO 4.3.2 OK from Beryllium-SR4 using NETCONF/YANG
but with Boron or Carbon I get this error:
2017-04-25 14:10:38,843 | DEBUG | oupCloseable-3-3 | AsyncSshHandler | 180 - org.opendaylight.netconf.netty-util - 1.1.3.Boron-SR3 | SSH session connecting on channel [id: 0x334cae26]. promise: null
2017-04-25 14:10:38,844 | DEBUG | oupCloseable-3-3 | AsyncSshHandler | 180 - org.opendaylight.netconf.netty-util - 1.1.3.Boron-SR3 | Starting SSH to /192.168.52.133:2022 on channel: [id: 0x334cae26]
2017-04-25 14:10:38,845 | INFO | 7]-nio2-thread-2 | ClientSessionImpl | 30 - org.apache.sshd.core - 0.14.0 | Client session created
2017-04-25 14:10:38,845 | INFO | 7]-nio2-thread-2 | ClientSessionImpl | 30 - org.apache.sshd.core - 0.14.0 | Server version string: SSH-2.0-NCS-4.3.2
2017-04-25 14:10:38,850 | WARN | 7]-nio2-thread-4 | ClientSessionImpl | 30 - org.apache.sshd.core - 0.14.0 | Exception caught
java.security.InvalidAlgorithmParameterException: DH key size must be multiple of 64, and can only range from 512 to 2048 (inclusive). The specific key size 4096 is not supported
at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:128)[sunjce_provider.jar:1.8.0_112]
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:674)[:1.8.0_121]
at java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:411)[:1.8.0_121]
at org.apache.sshd.common.kex.DH.getE(DH.java:65)[30:org.apache.sshd.core:0.14.0]
at org.apache.sshd.client.kex.DHGEX.next(DHGEX.java:118)[30:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:425)[30:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)[30:org.apache.sshd.core:0.14.0]
at org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:306)[30:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780)[30:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308)[30:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)[30:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:184)[30:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170)[30:org.apache.sshd.core:0.14.0]
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native Method)[:1.8.0_121]
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[30:org.apache.sshd.core:0.14.0]
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.8.0_121]
at sun.nio.ch.Invoker$2.run(Invoker.java:218)[:1.8.0_121]
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)[:1.8.0_121]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_121]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_121]
at java.lang.Thread.run(Thread.java:745)[:1.8.0_121]
2017-04-25 14:10:38,871 | TRACE | oupCloseable-3-3 | AsyncSshHandler | 180 - org.opendaylight.netconf.netty-util - 1.1.3.Boron-SR3 | SSH session created on channel: [id: 0x334cae26]
using the command line ssh client to connect to NSO (with "-v" enabled) I see:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to localhost [::1] port 2022.
debug1: connect to address ::1 port 2022: Connection refused
debug1: Connecting to localhost [127.0.0.1] port 2022.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/giheron/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/giheron/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/giheron/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/giheron/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/giheron/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/giheron/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/giheron/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/giheron/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: Remote protocol version 2.0, remote software version NCS-4.3.2
debug1: no match: NCS-4.3.2
debug1: Authenticating to localhost:2022 as 'admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:T0CzmYPZrypHYllwPBw+hlQCgZpQtuFRz9jiVu9roMU
debug1: Host '[localhost]:2022' is known and matches the RSA host key.
debug1: Found key in /home/giheron/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/giheron/.ssh/id_rsa
debug1: Trying private key: /home/giheron/.ssh/id_dsa
debug1: Trying private key: /home/giheron/.ssh/id_ecdsa
debug1: Trying private key: /home/giheron/.ssh/id_ed25519
debug1: Next authentication method: password
to check that key I can do:
giheron@ubuntu:~/.ssh$ ssh-keygen -l -f known_hosts
2048 SHA256:T0CzmYPZrypHYllwPBw+hlQCgZpQtuFRz9jiVu9roMU |1|J7r4YkXfp17Gb6mYhJPxNOT6qA0=|+MdnkIibfcJU5MW0yz0IV8v8A3k= (RSA)
so it looks like 2048 bits to me.
that seems to match the key NSO thinks it's sending:
giheron@ubuntu:/etc/ncs/ssh$ ssh-keygen -l -f ssh_host_rsa_key.pub
2048 SHA256:T0CzmYPZrypHYllwPBw+hlQCgZpQtuFRz9jiVu9roMU root@ubuntu (RSA)
any ideas?