Uploaded image for project: 'netconf'
  1. netconf
  2. NETCONF-887

Netconf callhome failed for devices with old KEX algorithms (SHA1)

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • High
    • Resolution: Done
    • 2.0.11, 3.0.0, 4.0.0, 5.0.0, 2.0.17, 3.0.8, 4.0.5, 5.0.1
    • 3.0.9, 4.0.6, 5.0.2
    • netconf

    Description

      Exception is thrown when devices with old kex algorithms (SHA1) try to callhome to ODL.

      This issue looks similar to fixed NETCONF-765 (SHA1 Nodes working properly if we add them without callhome) and probably related to disabled SHA1 algorithm  in Mina SSHD since 2.6.0, but some devices cannot be upgraded with new SSH modules (i.e. use new KEX algorithms ).

       

      debug.log details : 

      2022-06-18T19:40:33.297Z||entLoopGroup-4-1|INFO |LoggingHandler                  |72 - io.netty.common - 4.1.69.Final|[id: 0x4914be67, L:/0.0.0.0:6666] READ: [id: 0x5d01a013, L:/10.233.72.16:6666 - R:/10.233.64.27:64288]
2022-06-18T19:40:33.299Z||entLoopGroup-4-1|INFO |LoggingHandler                  |72 - io.netty.common - 4.1.69.Final|[id: 0x4914be67, L:/0.0.0.0:6666] READ COMPLETE
2022-06-18T19:40:33.308Z||entLoopGroup-4-1|WARN |ClientSessionImpl               |402 - org.opendaylight.netconf.shaded-sshd - 2.0.11|exceptionCaught(ClientSessionImpl[null@/10.233.64.27:64288])[state=Opened] SshException: Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,ext-info-c / server: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1)
2022-06-18T19:40:33.308Z||entLoopGroup-4-1|INFO |ClientSessionImpl               |402 - org.opendaylight.netconf.shaded-sshd - 2.0.11|Disconnecting(ClientSessionImpl[null@/10.233.64.27:64288]): SSH2_DISCONNECT_KEY_EXCHANGE_FAILED - Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,ext-info-c / server: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1)

       

      Attachments

        Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. NETCONF-942 Callhome session is closed after allowing device to connect

          • Highest - This problem will block progress.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. NETCONF-765 Auth failed - Unable to negotiate key exchange for kex algorithms

          • High - Serious problem that could block progress.
          • Resolved
          # Subject Branch Project Status CR V
          104136,1 Reuse NetconfClientBuilder in NetconfCallHomeServer master netconf Status: MERGED +2 +1
          104153,1 Reuse NetconfClientBuilder in NetconfCallHomeServer 4.0.x netconf Status: MERGED +2 +1
          104154,1 Reuse NetconfClientBuilder in NetconfCallHomeServer 3.0.x netconf Status: MERGED +2 +1

          Activity

            People

              PeterSuna Peter Suna
              elimonov Evgenii Limonov
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: