Uploaded image for project: 'netconf'
  1. netconf
  2. NETCONF-887

Netconf callhome failed for devices with old KEX algorithms (SHA1)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: High High
    • 3.0.9, 4.0.6, 5.0.2
    • 2.0.11, 3.0.0, 4.0.0, 5.0.0, 2.0.17, 3.0.8, 4.0.5, 5.0.1
    • netconf

      Exception is thrown when devices with old kex algorithms (SHA1) try to callhome to ODL.

      This issue looks similar to fixed NETCONF-765 (SHA1 Nodes working properly if we add them without callhome) and probably related to disabled SHA1 algorithm  in Mina SSHD since 2.6.0, but some devices cannot be upgraded with new SSH modules (i.e. use new KEX algorithms ).

       

      debug.log details : 

      2022-06-18T19:40:33.297Z||entLoopGroup-4-1|INFO |LoggingHandler                  |72 - io.netty.common - 4.1.69.Final|[id: 0x4914be67, L:/0.0.0.0:6666] READ: [id: 0x5d01a013, L:/10.233.72.16:6666 - R:/10.233.64.27:64288]
2022-06-18T19:40:33.299Z||entLoopGroup-4-1|INFO |LoggingHandler                  |72 - io.netty.common - 4.1.69.Final|[id: 0x4914be67, L:/0.0.0.0:6666] READ COMPLETE
2022-06-18T19:40:33.308Z||entLoopGroup-4-1|WARN |ClientSessionImpl               |402 - org.opendaylight.netconf.shaded-sshd - 2.0.11|exceptionCaught(ClientSessionImpl[null@/10.233.64.27:64288])[state=Opened] SshException: Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,ext-info-c / server: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1)
2022-06-18T19:40:33.308Z||entLoopGroup-4-1|INFO |ClientSessionImpl               |402 - org.opendaylight.netconf.shaded-sshd - 2.0.11|Disconnecting(ClientSessionImpl[null@/10.233.64.27:64288]): SSH2_DISCONNECT_KEY_EXCHANGE_FAILED - Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,ext-info-c / server: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1)

       

            PeterSuna Peter Suna
            elimonov Evgenii Limonov
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: