https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 https://jira.opendaylight.org/browse/NETCONF-421 netconf <p>Hi all,</p> <p>I'm using the Opendaylight Boron Distribution and I have got some problems to connect it to a NETCONF server embedded in a ConfD simulator using SSH. This issue seems to appear from Boron SR2 release and seems not have been resolved yet.</p> <p>An Invalid Algorithm Parameter Exception is raised when trying to connect Opendaylight to a NETCONF device and OpenDaylight fails to open an SSH session with the device :</p> <p>2017-05-03 16:40:53,927 | INFO | 3]-nio2-thread-2 | ClientSessionImpl | 30 - org.apache.sshd.core - 0.14.0 | Server version string: SSH-2.0-ConfD-6.0 2017-05-03 16:40:53,928 | WARN | 3]-nio2-thread-7 | ClientSessionImpl | 30 - org.apache.sshd.core - 0.14.0 | Exception caught java.security.InvalidAlgorithmParameterException: DH key size must be multiple of 64, and can only range from 512 to 2048 (inclusive). The specific key size 4096 is not supported</p> <p>2017-05-03 16:40:53,929 | WARN | 3]-nio2-thread-7 | AsyncSshHandler | 217 - org.opendaylight.netconf.netty-util - 1.2.0.SNAPSHOT | Unable to setup SSH connection on channel: <span class="error">&#91;id: 0x19ec738f&#93;</span> org.apache.sshd.common.SshException: Session is closed</p> <p>One workaround is to locate mina sshd jar in Opendaylight distribution’s system folder. From Boron release, it is :<br/> •Go to : <span class="error">&#91;ODLprojectfolder&#93;</span>/karaf/target/assembly/system/org/apache/sshd/sshd-core/0.14.0/sshd-core-0.14.0.jar<br/> •Open the jar file, locate META-INF/MANIFEST.MF file and edit the file<br/> •Find org.bouncycastle.openssl;version=”[1.51,2)”;resolution:=optional (at the end of the MANIFEST.MF file) and then delete ;resolution:=optional</p> <p>Note that this must be done after the project's compilation, but before Karaf is started for the first time.</p> <p>Does anyone know if and when this issue will be fixed ?</p> <p>Thanks, Christophe</p> <p>Operating System: All<br/> Platform: All</p> NETCONF-421

SSH issue: unable to open SSH session due to invalid crypto configuration

Bug Resolved Done Unassigned ChristopheBetoule Fri, 12 May 2017 10:02:00 +0000 Fri, 15 Mar 2019 22:22:41 +0000 Fri, 7 Jul 2017 16:31:55 +0000 netconf 0 3 <p>This shouldbe fixed by adding bouncy castle to startup bundles<br/> <a href="https://git.opendaylight.org/gerrit/#/c/58133/" class="external-link" target="_blank" rel="nofollow noopener">https://git.opendaylight.org/gerrit/#/c/58133/</a></p> <p>The fix is merged on master (nitrogen). It cannot be cherry-picked directly for stable/carbon or stable/boron because it is based on karaf4.</p> <p>However, in essence, it works for me on stable/carbon: after the karaf build, if I edit karaf/target/assembly/etc/startup.properties and append the line:</p> <p>mvn\:org.bouncycastle/bcprov-jdk15on/1.56 = 14</p> <p>then sshd-core will use bcprov right after the karaf startup, and the netconf/ssh connection works (in my case: with netconf-testtool and a Juniper MX5 routers running JunOS 14.2R1.9).</p> <p>Now, the question is: is it possible to automate that during the build of the karaf distribution? I tried this in my karaf/pom.xml, but this did not work (and did not cause a build error either):</p> <p>&lt;build&gt;<br/> &lt;plugins&gt;<br/> &lt;!-- ... --&gt;<br/> &lt;plugin&gt;<br/> &lt;groupId&gt;org.apache.karaf.tooling&lt;/groupId&gt;<br/> &lt;artifactId&gt;karaf-maven-plugin&lt;/artifactId&gt;<br/> &lt;configuration&gt;<br/> &lt;startupFeatures&gt;<br/> &lt;feature&gt;bcprov-jdk15on&lt;/feature&gt;<br/> &lt;/startupFeatures&gt;<br/> &lt;/configuration&gt;<br/> &lt;/plugin&gt;<br/> &lt;/plugins&gt;<br/> &lt;/build&gt;</p> <p>Besides, should not we also add bcpkix to startup.properties? During my investigations, I observed that sshd-core used osgi packages in bcpkix. Seems unnecessary for the present issue, but could lead to other problems later...</p> Development External issue ID 8431 External issue URL Rank 0|i01yfr: