SSH error "can't agree on KEX algorithms"

Started by Egert143, October 05, 2020, 09:00:41 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Egert143

October 05, 2020, 09:00:41 AM
Hello

Has anyone experienced following issue: I have set NetXms to poll Mikrotik router via ssh and each time when attempt is made, router generates error "can't agree on KEX algorithms". When i log in manualy via ssh, then no error. Seems like it started with NetXms version 3.5.90. It used to work on older version and polling script hasent changed.

Egert

Filipp Sudanov

#1
October 05, 2020, 11:47:08 AM
So when router generates this error the connection does not happen and data is not collected?

Victor Kirhenshtein

#2
October 05, 2020, 12:36:30 PM
Hi,

in 3.4 we have added reading SSH config by SSH subagent - could it be that you have something configured there? Also, what KEX algorithms this Mikrotik supports? You can run ssh with -v option and check it. This is sample output from my router:

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256

Best regards,
Victor

Victor Kirhenshtein

#4
October 05, 2020, 12:54:52 PM
Looks like router supports only ssh-dss and ssh-rsa as host key algorithms and they are not offered by client. You may try to add

HostKeyAlgorithms +ssh-rsa

to your .ssh/config file, or create separate config file for SSH subagent with that line and specify it in nxagentd.conf by adding

ConfigFile = path_to_config

in section [SSH].

Best regards,
Victor

Egert143

#5
October 05, 2020, 01:45:44 PM
Seems like its not working when i change agent conf to include

Code Select
[SSH]
HostKeyAlgorithms +ssh-rsa

and restart agent. "cl" line didnt change in debug.

Victor Kirhenshtein

#6
October 05, 2020, 01:56:17 PM
In agent config you should specify path to SSH config - you cannot just put SSH configuration options to NetXMS agent config. So in nxagentd.conf you should have something like

Code Select

[SSH]
ConfigFile = /etc/nxagentd-ssh-config


and in file /etc/nxagentd-ssh-config

Code Select

HostKeyAlgorithms +ssh-rsa


Best regards,
Victor

Egert143

#7
October 05, 2020, 02:17:13 PM
Still no go.

Did the following:

nxagentd.conf
Code Select

[SSH]
ConfigFile = D:\NetXMS\etc\nxagentd-ssh-config.conf

nxagentd-ssh-config.conf
Code Select
HostKeyAlgorithms +ssh-rsa

restarted agent. In router ssh debug CL line doesent include ssh-rsa

Egert143

#8
October 09, 2020, 08:25:44 AM
Any other ideas ? :) Would be quite bad if Netxms support for Mikrotik ssh is broken.

Egert143

#9
October 15, 2020, 12:19:28 PM
Got it working:

File: nxagentd-ssh-config.conf
Code Select
HostKeyAlgorithms ssh-dss
KexAlgorithms diffie-hellman-group1-sha1
Print
Go Up Pages1
User actions