Uploaded image for project: 'netconf'
  1. netconf
  2. NETCONF-887

Netconf callhome failed for devices with old KEX algorithms (SHA1)

    XMLWordPrintable

Details

    • Bug
    • Status: Confirmed
    • High
    • Resolution: Unresolved
    • 2.0.11
    • None
    • Netconf
    • None

    Description

      Exception is thrown when devices with old kex algorithms (SHA1) try to callhome to ODL.

      This issue looks similar to fixed NETCONF-765 (SHA1 Nodes working properly if we add them without callhome) and probably related to disabled SHA1 algorithm  in Mina SSHD since 2.6.0, but some devices cannot be upgraded with new SSH modules (i.e. use new KEX algorithms ).

       

      debug.log details : 

      2022-06-18T19:40:33.297Z||entLoopGroup-4-1|INFO |LoggingHandler                  |72 - io.netty.common - 4.1.69.Final|[id: 0x4914be67, L:/0.0.0.0:6666] READ: [id: 0x5d01a013, L:/10.233.72.16:6666 - R:/10.233.64.27:64288]
      2022-06-18T19:40:33.299Z||entLoopGroup-4-1|INFO |LoggingHandler                  |72 - io.netty.common - 4.1.69.Final|[id: 0x4914be67, L:/0.0.0.0:6666] READ COMPLETE
      2022-06-18T19:40:33.308Z||entLoopGroup-4-1|WARN |ClientSessionImpl               |402 - org.opendaylight.netconf.shaded-sshd - 2.0.11|exceptionCaught(ClientSessionImpl[null@/10.233.64.27:64288])[state=Opened] SshException: Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,ext-info-c / server: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1)
      2022-06-18T19:40:33.308Z||entLoopGroup-4-1|INFO |ClientSessionImpl               |402 - org.opendaylight.netconf.shaded-sshd - 2.0.11|Disconnecting(ClientSessionImpl[null@/10.233.64.27:64288]): SSH2_DISCONNECT_KEY_EXCHANGE_FAILED - Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,ext-info-c / server: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1) 

       

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            Unassigned Unassigned
            elimonov Evgenii Limonov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: